Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MBAR found trojans etc and there could be more stuff


  • This topic is locked This topic is locked
18 replies to this topic

#1 gaberilde

gaberilde

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 15 February 2017 - 03:28 AM

heres the log my pc could have more viruses then this but malware bytes and adwcleaner come up clean, so dont try them please i already tried them

 

whoops forgot the frst log here it is

Attached Files


Edited by gaberilde, 15 February 2017 - 03:54 AM.

The Friget spinner is spreading like the WanaCry ransomware!


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 37,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:14 PM

Posted 15 February 2017 - 09:52 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

FW: Norton Internet Security (Enabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.


Is the Firewall running or is this a false positive?
===

Do you know what this is?
Task: {372CB5CF-83F8-4F2D-9067-CAF62768B2CB} - System32\Tasks\fastpcload => F:\Scripts\TempEndOthersSpecialrunner.vbs [2017-01-15] ()
===

This might bes causing some Windows updates issues?
Let me know.
Check "winmgmt" service or repair WMI.
===


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
GroupPolicy: Restriction <======= ATTENTION
HKU\S-1-5-21-2573605897-3760810489-296237192-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF user.js: detected! => F:\Files\FireFoxProfile\user.js [2016-01-09]
FF Extension: (Block site) - F:\Files\FireFoxProfile\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2016-09-24]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [No File]
CHR Extension: (SwagButton) - C:\Users\gaberilde\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm [2016-12-14]
CHR Extension: (Awesome New Tab Page) - C:\Users\gaberilde\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg [2016-10-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\gaberilde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\gaberilde\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\gaberilde\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\gaberilde\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\gaberilde\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\gaberilde\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-24]
CHR Extension: (Norton Security Toolbar) - C:\Users\gaberilde\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-06-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\gaberilde\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\gaberilde\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\gaberilde\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-12]
CHR HKLM\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - <no Path/update_url>
S4 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2718840 2016-10-13] (AnchorFree Inc.)
S2 DigitalWave.Update.Service; "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe" [X]
S4 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S2 MEmusvc; C:\Program Files\Microvirt\MEmu\MemuService.exe [X]
S4 SynTPEnhService; "C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe" [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 dglvrbus; \SystemRoot\System32\drivers\dglvrbus.sys [X]
S3 dglvrkdod; \SystemRoot\system32\DRIVERS\dglvrkdod.sys [X]
S3 dglvrmflt; \SystemRoot\System32\drivers\dglvrmflt.sys [X]
S3 SmbDrv; \SystemRoot\System32\drivers\Smb_driver_AMDASF.sys [X]
S3 SmbDrvI; \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys [X]
CustomCLSID: HKU\S-1-5-21-2573605897-3760810489-296237192-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-1DE01A13D5A7}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
Shortcut: C:\Users\gaberilde\Desktop\Games\Zoo Tycoon 2.lnk -> F:\Program Files (x86)\Microsoft Games\Zoo Tycoon 2\Starter.bat (No File)
AlternateDataStreams: C:\ProgramData\Temp:F0762150 [107]
HKLM\...\.reg: Regedit.Document =>  <===== ATTENTION
HKU\S-1-5-21-2573605897-3760810489-296237192-1001\Software\Classes\.exe: exefile =>  <===== ATTENTION
FirewallRules: [TCP Query User{9EBF3EE4-0DB4-4207-9458-9B296FBECC71}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{3ED44C0D-2FB0-45A4-81A5-99DE6C277365}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove these old versions of Java via the Control Panel > Programs > Programs and Features.
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java SE Development Kit 8 Update 101 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180101}) (Version: 8.0.1010.13 - Oracle Corporation)

Please let me know what problem persists with this computer.

#3 gaberilde

gaberilde
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 15 February 2017 - 02:40 PM

hi the firewall is norton and disabled the built in to avoid conflicts

 

and the vbs is a file i made to make the pc go faster on boot

 

the windows update issue is probably because i disabled services to make the pc run faster

 

and the java is a pain to update because my internet only goes 1mb max download so i dont update it very often but its update as often as i can get it plus i need it and when i can i will update it

 

and i am not stupid enough to download malware if it dosent come from the official site ;)

 

java is already disabled in browser because i have the new google chrome which blocked it


The Friget spinner is spreading like the WanaCry ransomware!


#4 gaberilde

gaberilde
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 17 February 2017 - 10:12 AM

hi what do i do next


The Friget spinner is spreading like the WanaCry ransomware!


#5 nasdaq

nasdaq

  • Malware Response Team
  • 37,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:14 PM

Posted 17 February 2017 - 02:01 PM

Sorry for this delay.

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======


Also, please provide an update on how the computer is behaving after running the above script.

#6 gaberilde

gaberilde
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 18 February 2017 - 08:31 AM

dont know if zoek thingy is done

 

 

rouge killer

 

 

RogueKiller V12.9.7.0 (x64) [Feb  6 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : gaberilde [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 02/18/2017 09:13:48 (Duration : 02:41:01)
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 24 ¤¤¤
[PUP.Gen1] (X64) HKEY_USERS\RK_gaberilde_ON_O_66A6\Software\OCS -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\RK_gaberilde_ON_O_66A6\Software\OCS -> Deleted
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Discord : C:\ProgramData\SquirrelMachineInstalls\Discord.exe --checkInstall [7] -> Not selected
[PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DigitalWave.Update.Service ("C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe") -> Deleted
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2573605897-3760810489-296237192-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL :
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2573605897-3760810489-296237192-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL :
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3406ffa2-ce02-420a-95e8-2be9c6c53251} | NameServer : 78.143.192.20,78.143.192.10 ([United Kingdom][United Kingdom])  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6dce5435-5cae-40ce-b75e-21b71625fac7} | NameServer : 78.143.192.20,78.143.192.10 ([United Kingdom][United Kingdom])  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{eced4c9d-e0f1-437c-b7c6-f4dcaadafe33} | NameServer : 78.143.192.20,78.143.192.10 ([United Kingdom][United Kingdom])  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ed35462b-396b-41a8-92a4-3ae81607f824} | NameServer : 78.143.192.20,78.143.192.10 ([United Kingdom][United Kingdom])  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3406FFA2-CE02-420A-95E8-2BE9C6C53251} | NameServer : 78.143.192.20,78.143.192.10, ([United Kingdom][United Kingdom])  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{36C707CA-CEF5-4DFF-95D3-DA4A7B10280A} | NameServer : 78.143.192.20,78.143.192.10,192.168.1.254 ([United Kingdom][United Kingdom][-])  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{39C0D821-17ED-46E2-8ACB-C97C619F95E2} | NameServer : 78.143.192.20,78.143.192.10,192.168.1.254 ([United Kingdom][United Kingdom][-])  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{6DCE5435-5CAE-40CE-B75E-21B71625FAC7} | NameServer : 78.143.192.20,78.143.192.10, ([United Kingdom][United Kingdom])  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{ECED4C9D-E0F1-437C-B7C6-F4DCAADAFE33} | NameServer : 78.143.192.20,78.143.192.10, ([United Kingdom][X])  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{ED35462B-396B-41A8-92A4-3AE81607F824} | NameServer : 78.143.192.20,78.143.192.10, ([United Kingdom][United Kingdom])  -> Replaced ()
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_O_4700\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {545D177E-3B28-4DDB-9039-B2DD8078299A} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=O:\Users\gaberilde\AppData\Roaming\BitTorrent\BitTorrent.exe|Name=BitTorrent (TCP-In) (gaberilde)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_O_4700\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5CB3F728-0977-45B5-AB2B-801002CB15C1} : v2.22|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=O:\Users\gaberilde\AppData\Roaming\BitTorrent\BitTorrent.exe|Name=BitTorrent (TCP-Out) (gaberilde)|Desc=Allow µTorrent network traffic| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_O_4700\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A4A77311-80B5-47E2-933A-DC8CCA923AD9} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=O:\Users\gaberilde\AppData\Roaming\BitTorrent\BitTorrent.exe|Name=BitTorrent (UDP-In) (gaberilde)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_O_4700\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D7ECB3D3-AC0E-4875-9D32-D33D4D170171} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=O:\Users\gaberilde\AppData\Roaming\BitTorrent\BitTorrent.exe|Name=BitTorrent (gaberilde)| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_O_4700\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F3020C14-7FF9-454D-A7D2-CCBE0A911B81} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=O:\Users\gaberilde\AppData\Roaming\BitTorrent\BitTorrent.exe|Name=BitTorrent (gaberilde)| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_O_4700\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C4B61069-6E3B-4E94-A2D1-5ABD311AAC3B} : v2.22|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=O:\Users\gaberilde\AppData\Roaming\BitTorrent\BitTorrent.exe|Name=BitTorrent (UDP-Out) (gaberilde)|Desc=Allow µTorrent network traffic| [x] -> Deleted
[Tr.Gen0] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {DE2D07DD-3CA3-4631-B1A2-410AD7F15A16} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe|Name=winvnc.exe| [7] -> Deleted
[Tr.Gen0] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {AB9AF688-3495-43F1-841F-94CDCB7643BC} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe|Name=winvnc.exe| [7] -> Deleted
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 19 ¤¤¤
[PUP.Gen0][File] C:\Users\gaberilde\Desktop\DVDVideoSoft Free Studio.lnk [LNK@] C:\PROGRA~2\COMMON~1\DVDVID~1\FREEST~1.EXE -> Deleted
[PUP.Gen0][File] C:\Users\gaberilde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\DVDVideoSoft Free Studio.lnk [LNK@] C:\PROGRA~2\COMMON~1\DVDVID~1\FREEST~1.EXE -> Deleted
[PUP.Gen0][File] C:\Users\gaberilde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Log Report.lnk [LNK@] C:\PROGRA~2\COMMON~1\DVDVID~1\bin\DVSSYS~1.EXE -> Deleted
[PUP.Gen0][File] C:\Users\gaberilde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Premium Membership.lnk [LNK@] C:\PROGRA~2\COMMON~1\DVDVID~1\PREMIU~1.EXE -> Deleted
[PUP.Gen0][File] C:\Users\gaberilde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Uninstall.lnk [LNK@] C:\PROGRA~2\COMMON~1\DVDVID~1\lib\UNINST~1.EXE -> Deleted
[PUP.Gen1][Folder] C:\Users\gaberilde\AppData\Roaming\Musixmatch -> Deleted
[PUP.Gen1][File] C:\Users\gaberilde\AppData\Roaming\Musixmatch\Cache\data_0 -> Deleted
[PUP.Gen1][File] C:\Users\gaberilde\AppData\Roaming\Musixmatch\Cache\data_1 -> Deleted
[PUP.Gen1][File] C:\Users\gaberilde\AppData\Roaming\Musixmatch\Cache\data_2 -> Deleted
[PUP.Gen1][File] C:\Users\gaberilde\AppData\Roaming\Musixmatch\Cache\data_3 -> Deleted
[PUP.Gen1][File] C:\Users\gaberilde\AppData\Roaming\Musixmatch\Cache\index -> Deleted
[PUP.Gen1][Folder] C:\Users\gaberilde\AppData\Roaming\Musixmatch\Cache -> Deleted
[PUP.Gen1][File] C:\Users\gaberilde\AppData\Roaming\Musixmatch\Cookies -> Deleted
[PUP.Gen1][File] C:\Users\gaberilde\AppData\Roaming\Musixmatch\Cookies-journal -> Deleted
[PUP.Gen1][File] C:\Users\gaberilde\AppData\Roaming\Musixmatch\databases\Databases.db -> Deleted
[PUP.Gen1][File] C:\Users\gaberilde\AppData\Roaming\Musixmatch\databases\Databases.db-journal -> Deleted
[PUP.Gen1][Folder] C:\Users\gaberilde\AppData\Roaming\Musixmatch\databases -> Deleted
[PUP.Gen1][File] C:\Users\gaberilde\AppData\Roaming\Musixmatch\GPUCache\data_0 -> Deleted
[PUP.Gen1][File] C:\Users\gaberilde\AppData\Roaming\Musixmatch\GPUCache\data_1 -> Deleted
[PUP.Gen1][File] C:\Users\gaberilde\AppData\Roaming\Musixmatch\GPUCache\data_2 -> Deleted
[PUP.Gen1][File] C:\Users\gaberilde\AppData\Roaming\Musixmatch\GPUCache\data_3 -> Deleted
[PUP.Gen1][File] C:\Users\gaberilde\AppData\Roaming\Musixmatch\GPUCache\index -> Deleted
[PUP.Gen1][Folder] C:\Users\gaberilde\AppData\Roaming\Musixmatch\GPUCache -> Deleted
[PUP.Gen1][File] C:\Users\gaberilde\AppData\Roaming\Musixmatch\IndexedDB\file__0.indexeddb.leveldb\000003.log -> Deleted
[PUP.Gen1][File] C:\Users\gaberilde\AppData\Roaming\Musixmatch\IndexedDB\file__0.indexeddb.leveldb\CURRENT -> Deleted
[PUP.Gen1][File] C:\Users\gaberilde\AppData\Roaming\Musixmatch\IndexedDB\file__0.indexeddb.leveldb\LOCK -> Deleted
[PUP.Gen1][File] C:\Users\gaberilde\AppData\Roaming\Musixmatch\IndexedDB\file__0.indexeddb.leveldb\LOG -> Deleted
[PUP.Gen1][File] C:\Users\gaberilde\AppData\Roaming\Musixmatch\IndexedDB\file__0.indexeddb.leveldb\LOG.old -> Deleted
[PUP.Gen1][File] C:\Users\gaberilde\AppData\Roaming\Musixmatch\IndexedDB\file__0.indexeddb.leveldb\MANIFEST-000001 -> Deleted
[PUP.Gen1][Folder] C:\Users\gaberilde\AppData\Roaming\Musixmatch\IndexedDB\file__0.indexeddb.leveldb -> Deleted
[PUP.Gen1][Folder] C:\Users\gaberilde\AppData\Roaming\Musixmatch\IndexedDB -> Deleted
[PUP.Gen1][File] C:\Users\gaberilde\AppData\Roaming\Musixmatch\Local Storage\file__0.localstorage -> Deleted
[PUP.Gen1][File] C:\Users\gaberilde\AppData\Roaming\Musixmatch\Local Storage\file__0.localstorage-journal -> Deleted
[PUP.Gen1][Folder] C:\Users\gaberilde\AppData\Roaming\Musixmatch\Local Storage -> Deleted
[PUP.Gen1][File] C:\Users\gaberilde\AppData\Roaming\Musixmatch\QuotaManager -> Deleted
[PUP.Gen1][File] C:\Users\gaberilde\AppData\Roaming\Musixmatch\QuotaManager-journal -> Deleted
[PUP.Gen1][File] C:\Users\gaberilde\AppData\Roaming\Musixmatch\Settings -> Deleted
[Tr.Gen0][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraVNC\Edit Settings.lnk [LNK@] C:\PROGRA~1\UVNCBV~1\UltraVNC\UVNC_S~1.EXE -> Not selected
[Tr.Gen0][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraVNC\UltraVNC Launcher.lnk [LNK@] C:\PROGRA~1\UVNCBV~1\UltraVNC\UVNC_L~1.EXE -> Not selected
[Tr.Gen0][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraVNC\UltraVNC Repeater.lnk [LNK@] C:\PROGRA~1\UVNCBV~1\UltraVNC\repeater.exe -> Not selected
[Tr.Gen0][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraVNC\UltraVNC Server.lnk [LNK@] C:\PROGRA~1\UVNCBV~1\UltraVNC\winvnc.exe -> Not selected
[Tr.Gen0][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraVNC\UltraVNC Viewer.lnk [LNK@] C:\PROGRA~1\UVNCBV~1\UltraVNC\VNCVIE~1.EXE -> Not selected
[Tr.Gen0][Folder] C:\Program Files\uvnc bvba -> Not selected
[PUP.Gen0][Folder] C:\Program Files (x86)\Common Files\DVDVideoSoft -> Not selected
[PUP.Gen0][File] C:\Users\gaberilde\Desktop\DVDVideoSoft Free Studio.lnk [LNK@] C:\PROGRA~2\COMMON~1\DVDVID~1\FREEST~1.EXE -> Not selected
[Tr.Gen0][File] C:\Users\gaberilde\Pictures\Mario_Tower_Defence.exe -> Not selected
[PUP.Gen0][File] C:\Users\gaberilde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\DVDVideoSoft Free Studio.lnk [LNK@] C:\PROGRA~2\COMMON~1\DVDVID~1\FREEST~1.EXE -> Not selected
[PUP.Gen0][File] C:\Users\gaberilde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Log Report.lnk [LNK@] C:\PROGRA~2\COMMON~1\DVDVID~1\bin\DVSSYS~1.EXE -> Removed at reboot [2]
[PUP.Gen0][File] C:\Users\gaberilde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Premium Membership.lnk [LNK@] C:\PROGRA~2\COMMON~1\DVDVID~1\PREMIU~1.EXE -> Removed at reboot [2]
[PUP.Gen0][File] C:\Users\gaberilde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Uninstall.lnk [LNK@] C:\PROGRA~2\COMMON~1\DVDVID~1\lib\UNINST~1.EXE -> Not selected
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 4 ¤¤¤
[PUP.Gen0][Chrome:Addon] Default : SwagButton [gngocbkfmikdgphklgmmehbjjlfgdemm] -> Not selected
[PUP.Gen0][Chrome:Addon] Default : Awesome New Tab Page [mgmiemnjjchgkmgbeljfocdjjnpjnmcg] -> Not selected
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : homepage [http://www.roblox.com/] -> Not selected
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [http://everybodyedits.com/|http://www.roblox.com/games/?Keyword=otis%20elevator|http://www.facebook.com/home.php?|http://www.chatzy.com/55920671108061|https://www.youtube.com/channel/UCQ6fPy9wr7qnMxAbFOGBaLw|http://sploder.com/] -> Not selected
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10JPVX-22JC3T0 +++++
--- User ---
[MBR] b81b5d20f02cb29051f366338c32172c
[BSP] c220cbc7ebdd651287a5fc4135f263e6 : Unknown|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 300 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 616448 | Size: 128 MB
2 - Basic data partition | Offset (sectors): 878592 | Size: 541584 MB
3 - Basic data partition | Offset (sectors): 1110042624 | Size: 30735 MB
4 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1172989952 | Size: 900 MB
5 - Basic data partition | Offset (sectors): 1174833152 | Size: 359992 MB
6 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1912096768 | Size: 20228 MB
User = LL1 ... OK
User = LL2 ... OK
 

 

Attached Files


The Friget spinner is spreading like the WanaCry ransomware!


#7 nasdaq

nasdaq

  • Malware Response Team
  • 37,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:14 PM

Posted 18 February 2017 - 10:56 AM

How is the computer running now?

#8 gaberilde

gaberilde
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 18 February 2017 - 11:04 AM

bad i think that thing is still running through


The Friget spinner is spreading like the WanaCry ransomware!


#9 nasdaq

nasdaq

  • Malware Response Team
  • 37,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:14 PM

Posted 19 February 2017 - 09:14 AM

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List last 10 Event Viewer log
  • List content of Hosts
  • List IP Configuration
  • List Winsock Entries
  • Click Go and copy/paste the log (MTB.txt) into your next post.
  • Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Please give me more details on what is wrong with this computer.

#10 gaberilde

gaberilde
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 19 February 2017 - 03:35 PM

the computer runs very slow and videos dont show properly in file manager

mini tool box

 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by gaberilde (administrator) on 19-02-2017 at 20:15:47
Running from "C:\Users\gaberilde\Downloads"
Microsoft Windows 10 Home  (X64)
Model: CX62 2QD Manufacturer: Micro-Star International Co., Ltd.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
0.0.0.0 statsfe2.update.microsoft.com.akadns.net 
0.0.0.0 fe2.update.microsoft.com.akadns.net 
0.0.0.0 s0.2mdn.net 
0.0.0.0 survey.watson.microsoft.com 
0.0.0.0 view.atdmt.com 
0.0.0.0 watson.microsoft.com 
0.0.0.0 watson.ppe.telemetry.microsoft.com 
0.0.0.0 vortex.data.microsoft.com 
0.0.0.0 vortex-win.data.microsoft.com 
0.0.0.0 telecommand.telemetry.microsoft.com 
0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net 
0.0.0.0 oca.telemetry.microsoft.com 
0.0.0.0 sqm.telemetry.microsoft.com 
0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net 
0.0.0.0 watson.telemetry.microsoft.com 
0.0.0.0 watson.telemetry.microsoft.com.nsatc.net 0.0.0.0 choice.microsoft.com 
0.0.0.0 choice.microsoft.com.nsatc.net 
0.0.0.0 wes.df.telemetry.microsoft.com 
0.0.0.0 services.wes.df.telemetry.microsoft.com 
0.0.0.0 sqm.df.telemetry.microsoft.com 
0.0.0.0 telemetry.microsoft.com 
0.0.0.0 telemetry.appex.bing.net 
0.0.0.0 telemetry.urs.microsoft.com 
0.0.0.0 settings-sandbox.data.microsoft.com 
0.0.0.0 watson.live.com 
0.0.0.0 statsfe2.ws.microsoft.com 
0.0.0.0 corpext.msitadfs.glbdns2.microsoft.com 
0.0.0.0 compatexchange.cloudapp.net 
0.0.0.0 a-0001.a-msedge.net 
0.0.0.0 sls.update.microsoft.com.akadns.net 
 
There are 77 entries.
 
========================= IP Configuration: ================================
 
Intel® Dual Band Wireless-AC 3160 = Wi-Fi (Connected)
VirtualBox Host-Only Ethernet Adapter = VirtualBox Host-Only Network #2 (Connected)
Anchorfree HSS VPN Adapter = Ethernet 2 (Hardware not present)
VMware Virtual Ethernet Adapter for VMnet8 = VMware Network Adapter VMnet8 (Hardware not present)
TAP-Windows Adapter V9 = Ethernet 4 (Hardware not present)
Speedify Virtual Adapter = Ethernet 3 (Hardware not present)
Killer e2200 Gigabit Ethernet Controller = Ethernet (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled taskoffload=disabled
set interface interface="VMware Network Adapter VMnet8" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="VirtualBox Host-Only Network" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="VirtualBox Host-Only Network 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 13" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet 4" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="VirtualBox Host-Only Network #2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set subinterface interface= subinterface=ethernet_32778 mtu=1422
add address name="VirtualBox Host-Only Network 2" address=192.168.56.1 mask=255.255.255.0
add address name="VirtualBox Host-Only Network" address=192.168.56.1 mask=255.255.255.0
add address name="Ethernet 2" address=192.168.137.1 mask=255.255.255.0
add address name="Ethernet 3" address=10.202.0.2 mask=255.255.255.0
add address name="VirtualBox Host-Only Network #2" address=192.168.56.1 mask=255.255.255.0
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : MSI
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : home
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : This Killer Ethernet Controller connects you to the network.
   Physical Address. . . . . . . . . : D8-CB-8A-F0-27-18
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter VirtualBox Host-Only Network #2:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter #2
   Physical Address. . . . . . . . . : 0A-00-27-00-00-16
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::8960:627b:aadc:1f82%22(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.56.1(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 
   DHCPv6 IAID . . . . . . . . . . . : 369754151
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-1B-BD-C9-D8-CB-8A-F0-27-18
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Wireless LAN adapter Local Area Connection* 13:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2
   Physical Address. . . . . . . . . : 78-0C-B8-DB-55-CF
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Intel® Dual Band Wireless-AC 3160
   Physical Address. . . . . . . . . : 78-0C-B8-DB-55-CE
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::44b5:fa1:bc9f:e7b9%8(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.102(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 19 February 2017 07:57:09 PM
   Lease Expires . . . . . . . . . . : 12 March 2017 08:03:22 PM
   Default Gateway . . . . . . . . . : 192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 41422008
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-1B-BD-C9-D8-CB-8A-F0-27-18
   DNS Servers . . . . . . . . . . . : 78.143.192.20
                                       78.143.192.10
                                       192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Enabled
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  78.143.192.20
 
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
 
Pinging google.com [216.58.208.142] with 32 bytes of data:
Reply from 216.58.208.142: bytes=32 time=30ms TTL=54
Reply from 216.58.208.142: bytes=32 time=28ms TTL=54
 
Ping statistics for 216.58.208.142:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 28ms, Maximum = 30ms, Average = 29ms
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  78.143.192.20
 
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=173ms TTL=48
Reply from 206.190.36.45: bytes=32 time=174ms TTL=48
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 173ms, Maximum = 174ms, Average = 173ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  9...d8 cb 8a f0 27 18 ......This Killer Ethernet Controller connects you to the network.
 22...0a 00 27 00 00 16 ......VirtualBox Host-Only Ethernet Adapter #2
 24...78 0c b8 db 55 cf ......Microsoft Wi-Fi Direct Virtual Adapter #2
  8...78 0c b8 db 55 ce ......Intel® Dual Band Wireless-AC 3160
  1...........................Software Loopback Interface 1
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254    192.168.1.102     55
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.1.0    255.255.255.0         On-link     192.168.1.102    311
    192.168.1.102  255.255.255.255         On-link     192.168.1.102    311
    192.168.1.255  255.255.255.255         On-link     192.168.1.102    311
     192.168.56.0    255.255.255.0         On-link      192.168.56.1    281
     192.168.56.1  255.255.255.255         On-link      192.168.56.1    281
   192.168.56.255  255.255.255.255         On-link      192.168.56.1    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link      192.168.56.1    281
        224.0.0.0        240.0.0.0         On-link     192.168.1.102    311
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link      192.168.56.1    281
  255.255.255.255  255.255.255.255         On-link     192.168.1.102    311
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    331 ::1/128                  On-link
 22    281 fe80::/64                On-link
  8    311 fe80::/64                On-link
  8    311 fe80::44b5:fa1:bc9f:e7b9/128
                                    On-link
 22    281 fe80::8960:627b:aadc:1f82/128
                                    On-link
  1    331 ff00::/8                 On-link
 22    281 ff00::/8                 On-link
  8    311 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWoW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWoW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWoW64\winrnr.dll [24064] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128] (Apple Inc.)
Catalog5 08 C:\WINDOWS\system32\wlidnsp.dll [43520] (Microsoft Corporation)
Catalog5 09 C:\WINDOWS\system32\wlidnsp.dll [43520] (Microsoft Corporation)
Catalog5 10 C:\WINDOWS\SysWoW64\wshbth.dll [51712] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [133392] (Apple Inc.)
x64-Catalog5 08 C:\Windows\System32\wshbth.dll [62976] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (02/19/2017 08:04:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: MSI)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/19/2017 08:00:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: MSI)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/19/2017 08:00:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: MSI)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/19/2017 07:57:10 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 10.0.14393.0, time stamp: 0x57899b1c
Faulting module name: WlanRadioManager.dll, version: 10.0.14393.0, time stamp: 0x57899bae
Exception code: 0xc0000005
Fault offset: 0x0000000000003305
Faulting process id: 0x4dc
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
Faulting package full name: svchost.exe4
Faulting package-relative application ID: svchost.exe5
 
Error: (02/19/2017 04:15:08 PM) (Source: Application Error) (User: )
Description: Faulting application name: NIS.exe, version: 14.1.0.64, time stamp: 0x587ff4ab
Faulting module name: SHUIROL.dll, version: 22.9.0.68, time stamp: 0x589a0d52
Exception code: 0xc0000005
Fault offset: 0x000000000000a0e7
Faulting process id: 0x15bc
Faulting application start time: 0xNIS.exe0
Faulting application path: NIS.exe1
Faulting module path: NIS.exe2
Report Id: NIS.exe3
Faulting package full name: NIS.exe4
Faulting package-relative application ID: NIS.exe5
 
Error: (02/19/2017 04:14:43 PM) (Source: Windows Search Service) (User: )
Description: Enumerating user sessions to generate filter pools failed.
 
 
Details:
(HRESULT : 0x80040210) (0x80040210)
 
Error: (02/19/2017 04:14:43 PM) (Source: Windows Search Service) (User: )
Description: Enumerating user sessions to generate filter pools failed.
 
 
Details:
(HRESULT : 0x80040210) (0x80040210)
 
Error: (02/19/2017 04:13:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: MSI)
Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/19/2017 01:37:18 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (02/19/2017 01:36:31 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
 
System errors:
=============
Error: (02/19/2017 08:06:50 PM) (Source: DCOM) (User: MSI)
Description: application-specificLocalActivation{9E175B6D-F52A-11D8-B9A5-505054503030}{9E175B9C-F52A-11D8-B9A5-505054503030}MSIgaberildeS-1-5-21-2573605897-3760810489-296237192-1001LocalHost (Using LRPC)Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbweS-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194
 
Error: (02/19/2017 08:04:39 PM) (Source: DCOM) (User: MSI)
Description: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7705.42037.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server2microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mcaUnavailableUnavailable
 
Error: (02/19/2017 08:03:22 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Time Broker service, but this action failed with the following error: 
%%1056 = An instance of the service is already running.
 
 
Error: (02/19/2017 08:01:22 PM) (Source: Service Control Manager) (User: )
Description: The Security Center service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (02/19/2017 08:01:22 PM) (Source: Service Control Manager) (User: )
Description: The Time Broker service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (02/19/2017 08:01:22 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP NetBIOS Helper service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
 
Error: (02/19/2017 08:01:22 PM) (Source: Service Control Manager) (User: )
Description: The Windows Event Log service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (02/19/2017 08:01:22 PM) (Source: Service Control Manager) (User: )
Description: The DHCP Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (02/19/2017 08:00:04 PM) (Source: Service Control Manager) (User: )
Description: The COM+ System Application service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (02/19/2017 07:58:03 PM) (Source: Service Control Manager) (User: )
Description: The COM+ System Application service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (02/19/2017 08:04:39 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: MSI)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147024894
 
Error: (02/19/2017 08:00:51 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: MSI)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147024894
 
Error: (02/19/2017 08:00:51 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: MSI)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147024894
 
Error: (02/19/2017 07:57:10 PM) (Source: Application Error)(User: )
Description: svchost.exe10.0.14393.057899b1cWlanRadioManager.dll10.0.14393.057899baec000000500000000000033054dc01d28ae94fae640fC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\WlanRadioManager.dll625b0070-1e93-4ba6-97b4-7583375306e2
 
Error: (02/19/2017 04:15:08 PM) (Source: Application Error)(User: )
Description: NIS.exe14.1.0.64587ff4abSHUIROL.dll22.9.0.68589a0d52c0000005000000000000a0e715bc01d28ab33a05e5e3C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\22.9.0.68\NIS.exeC:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\22.9.0.68\SHUIROL.dll40628330-650a-454c-b77a-ae3b821008ee
 
Error: (02/19/2017 04:14:43 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
(HRESULT : 0x80040210) (0x80040210)
 
Error: (02/19/2017 04:14:43 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
(HRESULT : 0x80040210) (0x80040210)
 
Error: (02/19/2017 04:13:52 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: MSI)
Description: Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App-2144927142
 
Error: (02/19/2017 01:37:18 PM) (Source: VSS)(User: )
Description: QueryFullProcessImageNameW0x80070006, The handle is invalid.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (02/19/2017 01:36:31 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
 
 
CodeIntegrity Errors:
===================================
  Date: 2016-12-31 12:56:57.303
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-12-31 12:56:57.303
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-12-31 12:56:57.303
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-12-31 12:56:57.303
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-12-31 12:56:57.303
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-12-31 12:56:57.303
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-12-31 12:56:57.303
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-11-16 18:30:41.390
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\usermgrcli.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-11-16 18:30:02.700
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\usermgrcli.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-11-01 20:12:29.081
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\usermgrcli.dll because the set of per-page image hashes could not be found on the system.
 
 
**** End of log ****

The Friget spinner is spreading like the WanaCry ransomware!


#11 nasdaq

nasdaq

  • Malware Response Team
  • 37,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:14 PM

Posted 20 February 2017 - 08:05 AM


Download Farbar's Service Scanner utility
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/
and Save to your Desktop.
If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Administrator.
If using XP, double-click to start.
Answer Yes to ok when prompted.
If your firewall then puts out a prompt, again, allow it to run.
Once FSS is on-screen, be sure the following items are checkmarked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender


Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.

Post that log now for my review.

the following may take awhile complete do if after the post and report.

Check the integrity of the operating system files.
How to run sfc /Scannow
http://support.microsoft.com/kb/929833

When completed refer to the Microsoft article again and follow the instructions to view details of the System File Checker process

Post the contents of the sfcdetails.txt file for my review.
===
Check also for outdated 3rd party drivers.

How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector (PSI)
Follow the instructions on this page.

http://www.bleepingcomputer.com/tutorials/detect-vulnerable-programs-with-secunia-psi/

Run the application and updates all the programs/drivers that needs to be updated.

p.s.

Secunia will start looking for new updates every time you boot the system.
This is an overkill. When all is well you can remove it using the Add/Remove programs applet.

#12 gaberilde

gaberilde
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 20 February 2017 - 12:19 PM

psi crashed my computer when it was done installing i had to restart
 
sfc fixe corrupted files
 
psi also dosent work it either crashes in scan or gets to end and just goes back and says last scan underfined it also tells me to install windows update even though it comes with the computer????
 
logs
 
Farbar Service Scanner Version: 27-01-2016
Ran by gaberilde (administrator) on 20-02-2017 at 16:00:47
Running from "C:\Users\gaberilde\Downloads"
Microsoft Windows 10 Home  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.
Checking LEGACY_mpsdrv: ATTENTION!=====> Unable to open LEGACY_mpsdrv\0000 registry key. The key does not exist.
 
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is set to Disabled. The default start type is Auto.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
 
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableConfig"="0"
 
 
Security Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****

The Friget spinner is spreading like the WanaCry ransomware!


#13 nasdaq

nasdaq

  • Malware Response Team
  • 37,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:14 PM

Posted 20 February 2017 - 02:36 PM

Please reinstall the Norton security programs Anti virus and the Firewall.

Restart the computer normally when done.

Let me know what problem persists.

#14 gaberilde

gaberilde
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 20 February 2017 - 05:21 PM

i already reinstalled it very recently and it was a pain so im not going to do it again plus my internet is the slowest ever so probally take 10 days just to download it


The Friget spinner is spreading like the WanaCry ransomware!


#15 nasdaq

nasdaq

  • Malware Response Team
  • 37,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:14 PM

Posted 21 February 2017 - 08:04 AM

Disable Norton for a sort period.

Is the computer running faster?

HoW is the computer running in Safe Mode with Networking?

Edited by nasdaq, 21 February 2017 - 01:47 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users