Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bad Trojen stopping all attempts to remove& locking me out of programs


  • This topic is locked This topic is locked
58 replies to this topic

#1 andrewb27

andrewb27

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 23 February 2017 - 06:14 AM

So you guys are my last hope ive read a few threads and started my back up something wont let me in malware-bytes or any other method i know of removal. Such as going in safe mode or creating a new user. i even tried chameolon malware but even that and kill wouldnt open so i guess my bugger is advanced  here are my logs i will leave a screen shoot of the note i get after trying to use malware.  

I will check in here atleast twice a day you have my word and i will work with any of you as long as needed untill you say im free and clean thanks in advance,

Andrew 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2017
Ran by andre (administrator) on LAPTOP-OBQ1VT5M (23-02-2017 04:57:07)
Running from C:\Users\andre\Downloads
Loaded Profiles: andre (Available Profiles: andre)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
Failed to access process -> tbaseprovisioning.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\dataup\dataup.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
() C:\Program Files\AVAST Software\SecureLine\vpnsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(HP) C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe
() C:\Program Files (x86)\svcvmx\svcvmx.exe
() C:\Program Files (x86)\svcvmx\vmxclient.exe
() C:\Program Files (x86)\svcvmx\vmxclient.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(qdcomsvc Inc.) C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe
(ct Corp.) C:\Users\andre\AppData\Local\Temp\20170223\ct.exe
(splsrv Corp.) C:\Windows\SysWOW64\splsrv.exe
(winscr) C:\Program Files (x86)\winscr\winscr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
Failed to access process -> AdaptiveSleepService.exe
(Runtime Software) C:\Program Files (x86)\Runtime Software\DriveImage XML\dixml.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Runtime Software\DriveImage XML\vss642008.exe
() C:\Program Files (x86)\svcvmx\vmxclient.exe
() C:\Program Files (x86)\svcvmx\vmxclient.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8848640 2016-02-25] (Realtek Semiconductor)
HKLM\...\Run: [StartCN] => c:\Program Files\AMD\CNext\CNext\cnext.exe [4998856 2016-03-26] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-01-01] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2016-01-11] (HP Inc.)
HKLM-x32\...\Run: [HPRadioMgr] => C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe [258600 2016-01-05] (HP)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795336 2016-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-12-25] (AVAST Software)
HKLM-x32\...\Run: [cpx] => "C:\Program Files (x86)\cpx\cpx.exe" -starup <===== ATTENTION
HKLM-x32\...\Run: [svcvmx] => C:\Program Files (x86)\svcvmx\svcvmx.exe [896512 2017-01-13] ()
HKU\S-1-5-21-173804362-2601080516-66741419-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation)
HKU\S-1-5-21-173804362-2601080516-66741419-1001\...\Run: [Capture Screenshot lite] => C:\Program Files (x86)\CaptureScreenshotLite\CaptureScreenShot.exe [3436544 2016-05-16] ()
HKU\S-1-5-21-173804362-2601080516-66741419-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
HKU\S-1-5-18\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-12-25] (AVAST Software)
Startup: C:\Users\andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hide.me VPN.lnk [2017-02-12]
ShortcutTarget: hide.me VPN.lnk -> C:\Program Files (x86)\hide.me VPN\Hide.me.exe (No File)
GroupPolicy\User: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{A312A28B-353F-463D-8E27-D902818584B1}: [NameServer] 109.201.137.44 109.201.137.45
Tcpip\..\Interfaces\{e39d299f-85d8-4118-b4d3-fdcaa1ff9e76}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKU\S-1-5-21-173804362-2601080516-66741419-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-173804362-2601080516-66741419-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-173804362-2601080516-66741419-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
SearchScopes: HKLM -> {FC93DE21-C2A0-497C-ABD6-D518321C6C51} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {FC93DE21-C2A0-497C-ABD6-D518321C6C51} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-173804362-2601080516-66741419-1001 -> DefaultScope {FC93DE21-C2A0-497C-ABD6-D518321C6C51} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-173804362-2601080516-66741419-1001 -> {1711FC25-F05A-40CE-B859-A0C1CF01FD18} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=86311067&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC1atm8eB7qfwFneYnkiNliisMUTA6U7CX9SMEKVkDH1dlJshl%2BDntJQztZInXjxaXA2PiP4pDqAsPG%2BTczn2kqBgA%2FESmM60O1sAqB3VxkStdElU7%2FrhJt%2BfL%2BGjEN8g%2FFhjpG3dDarr1JkaULuVo9PWghVY8ZZnhzUyYapjbUZioc%2BHPu3wQxarqqT2iJ9kLMZb0ByRkMBzzP7RLF9j1O3VugpKVRRtKsSbBjk3sW6%2FQ%3D%3D&p={searchTerms}
SearchScopes: HKU\S-1-5-21-173804362-2601080516-66741419-1001 -> {F84299E5-3940-484D-97A7-A53CA78F821F} URL = hxxp://search.yourclassifiedsnow.com/s?source=239204&uid=abc20478-6282-41a8-b8e1-f37be6554fd3&uc=20170223&ap=AppFocus33&i_id=classifieds__1.30&query={searchTerms}
SearchScopes: HKU\S-1-5-21-173804362-2601080516-66741419-1001 -> {FC93DE21-C2A0-497C-ABD6-D518321C6C51} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2016-12-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2016-12-21] (McAfee, Inc.)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017-02-12]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-02-12]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-02-06] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-12-21] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1219159.dll [2015-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-12-21] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-25] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-25] (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> homepage.ssoextension.com/
CHR StartupUrls: Default -> "hxxp://utopia-game.com/","hxxp://vstclub.com/forum/2"
CHR Profile: C:\Users\andre\AppData\Local\Google\Chrome\User Data\Default [2017-02-23]
CHR Extension: (Google Slides) - C:\Users\andre\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-25]
CHR Extension: (Google Docs) - C:\Users\andre\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-25]
CHR Extension: (Google Drive) - C:\Users\andre\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-25]
CHR Extension: (YouTube) - C:\Users\andre\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-25]
CHR Extension: (Adblock Plus) - C:\Users\andre\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-12-25]
CHR Extension: (Google Sheets) - C:\Users\andre\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-25]
CHR Extension: (Google Docs Offline) - C:\Users\andre\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-25]
CHR Extension: (Avast Online Security) - C:\Users\andre\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\andre\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\andre\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-25]
CHR Extension: (Chrome Media Router) - C:\Users\andre\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-27]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gkcffmoikcgfhagefelmhiakelnjihik] - hxxps://chrome.google.com/webstore/detail/gkcffmoikcgfhagefelmhiakelnjihik
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AdaptiveSleepService; c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2016-03-26] () [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-12-25] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1701840 2016-12-08] (Intel Security)
R2 Dataup; C:\Program Files (x86)\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-25] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-25] (Dropbox, Inc.)
S2 e658c27ca41bc5305f3a3db9744fded4; C:\Program Files\e658c27ca41bc5305f3a3db9744fded4\626f6a515761693c5065e0407e69006e.exe [39824896 2017-02-20] () [File not signed] <==== ATTENTION
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-01-11] (HP Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [989632 2017-01-18] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [352104 2015-09-29] (McAfee, Inc.)
S2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.3.290.0\\McCSPServiceHost.exe [2054080 2017-02-03] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [1342904 2016-12-15] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241040 2016-11-14] (McAfee, Inc.)
S2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [383032 2016-11-14] (McAfee, Inc.)
S3 mfevtp; C:\windows\system32\mfevtps.exe [342768 2016-11-14] (McAfee, Inc.)
S2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1465840 2016-12-22] (McAfee, Inc.)
S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
S2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1104304 2016-11-15] (Intel Security, Inc.)
R2 qdcomsvc; C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe [755200 2017-02-16] (qdcomsvc Inc.) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-02-25] (Realtek Semiconductor)
R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [592392 2016-12-25] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [266872 2016-08-19] (Synaptics Incorporated)
S2 tbaseprovisioning; C:\WINDOWS\SysWOW64\tbaseprovisioning.exe [54808 2016-04-02] (Advanced Micro Devices, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 windowsmanagementservice; C:\Users\andre\AppData\Local\Temp\20170223\ct.exe [724480 2017-02-22] (ct Corp.) [File not signed] <==== ATTENTION <==== ATTENTION
S2 hmevpnsvc; "C:\Program Files (x86)\hide.me VPN\vpnsvc.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 697d17d5221878632ec82c4d9fe8cd50; C:\WINDOWS\system32\drivers\697d17d5221878632ec82c4d9fe8cd50.sys [96272 2017-02-20] (UOYM62) <==== ATTENTION
R3 AmdAS4; C:\WINDOWS\System32\drivers\AmdAS4.sys [27384 2016-04-02] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101112 2016-04-02] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [73976 2016-04-02] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [277240 2016-04-02] (Advanced Micro Devices, Inc. )
R3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [37656 2016-12-25] (AVAST Software)
S3 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [37144 2016-12-25] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [108816 2016-12-25] (AVAST Software)
S3 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [103064 2016-12-25] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-12-25] (AVAST Software)
S3 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [969184 2016-12-25] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [513632 2016-12-25] (AVAST Software)
S3 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [163416 2016-12-25] (AVAST Software)
S3 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-12-25] (AVAST Software)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111120 2016-04-02] (Advanced Micro Devices)
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [88456 2016-11-18] (McAfee, Inc.)
R1 drmkpro64; C:\WINDOWS\System32\drivers\drmkpro64.sys [51784 2017-02-22] () [File not signed]
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.)
R3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [140672 2016-03-10] (Malwarebytes)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [484576 2016-11-18] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [366320 2016-11-18] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85048 2016-11-18] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [518184 2016-11-18] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [916432 2016-11-18] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [498152 2016-10-24] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [109336 2016-10-24] (McAfee, Inc.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [110248 2016-11-18] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [254800 2016-11-18] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [935168 2016-02-25] (Realtek                                            )
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [413912 2016-02-25] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6294016 2017-02-01] (Realtek Semiconductor Corporation                           )
R3 SmbDrv; C:\WINDOWS\system32\DRIVERS\Smb_driver_AMDASF.sys [68728 2016-08-19] (Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [62568 2016-03-14] (Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30544 2015-08-12] (HP)
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 

Attached Files



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,427 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:50 PM

Posted 23 February 2017 - 06:43 AM


:welcome: to BleepingComputer.

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


:step1: Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


:step2: Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step3: Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 andrewb27

andrewb27
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 23 February 2017 - 05:37 PM

Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender                     
Avast Antivirus                      
McAfee Anti-Virus and Anti-Spyware   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Google Chrome (56.0.2924.87) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Windows Defender MSASCuiL.exe   
 Windows Defender MpCmdRun.exe   
 AVAST Software SecureLine VpnSvc.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
results of my security check


#4 andrewb27

andrewb27
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 23 February 2017 - 06:34 PM

adv results i see nothing here i worry about keeping so it all can go but im DOING NOTHING WITHOUT YOUR WORD PROMSE tyty again
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
Key Found:  HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Dataup
Key Found:  [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Dataup
Key Found:  HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
Key Found:  HKU\S-1-5-21-173804362-2601080516-66741419-1001\Software\SU
Key Found:  HKU\S-1-5-21-173804362-2601080516-66741419-1001\Software\WajIEnhance
Key Found:  HKU\S-1-5-21-173804362-2601080516-66741419-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
Key Found:  HKU\S-1-5-21-173804362-2601080516-66741419-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\SU
Key Found:  HKU\S-1-5-21-173804362-2601080516-66741419-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\WajIEnhance
Key Found:  HKU\S-1-5-21-173804362-2601080516-66741419-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
Key Found:  HKCU\Software\SU
Key Found:  HKCU\Software\WajIEnhance
Key Found:  HKLM\SOFTWARE\Microleaves
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}
Key Found:  [x64] HKCU\Software\SU
Key Found:  [x64] HKCU\Software\WajIEnhance
Key Found:  [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
Key Found:  HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
Key Found:  HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
Key Found:  [x64] HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
Key Found:  [x64] HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
Key Found:  HKU\S-1-5-21-173804362-2601080516-66741419-1001\Software\Microsoft\Internet Explorer\SearchScopes\{1711FC25-F05A-40CE-B859-A0C1CF01FD18}
Key Found:  HKU\S-1-5-21-173804362-2601080516-66741419-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{1711FC25-F05A-40CE-B859-A0C1CF01FD18}
Key Found:  HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1711FC25-F05A-40CE-B859-A0C1CF01FD18}
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1711FC25-F05A-40CE-B859-A0C1CF01FD18}
Value Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [cpx]
Value Found:  HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
Key Found:  HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\andre\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - bahkljhhdeciiaodlkppoonappfnheoi
Chrome pref Found:  [C:\Users\andre\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=86311067&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZF
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [4552 Bytes] - [23/02/2017 17:04:02]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4625 Bytes] ##########


#5 andrewb27

andrewb27
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 23 February 2017 - 06:52 PM

im letting it try to finish but this is what happened after a hour into the scan 

 

i cant lie that number is quite daunting 1400 issues smh

Attached Files



#6 andrewb27

andrewb27
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 23 February 2017 - 06:57 PM

so it froze i cant continue in that malware add on but as i stated in the title thats whats been happening


Edited by andrewb27, 23 February 2017 - 06:57 PM.


#7 andrewb27

andrewb27
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 23 February 2017 - 07:12 PM

ill be back on later today hey jo i wanted to say im a broke producer who lives off my computer you dont know how much all this means if you want id be happy to make you a free song/beat  in any of the following genres rock alt or any type of hip hop. let me know your saving my hide with this i mean it.

 

Andrew



#8 Jo*

Jo*

  • Malware Response Team
  • 3,427 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:50 PM

Posted 24 February 2017 - 03:36 AM

Hello,

:step1: Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


:step2: Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


:step3: How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 andrewb27

andrewb27
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 24 February 2017 - 07:29 AM

my pc is choppy but still going 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64 
Ran by andre (Administrator) on Fri 02/24/2017 at  6:14:24.91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 5 
 
Failed to delete: C:\WINDOWS\tempcoral.vbs (File) 
Failed to delete: C:\Program Files (x86)\dataup (Folder) 
Successfully deleted: C:\Users\andre\AppData\Roaming\advantage (Folder) 
Successfully deleted: C:\Users\andre\AppData\Roaming\microleaves (Folder) 
Successfully deleted: C:\Program Files (x86)\regtool (Folder) 
 
 
 
Registry: 8 
 
Failed to delete: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\cpx (Registry Value) 
Failed to delete: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\cpx (Registry Value) 
Failed to delete: HKLM\SYSTEM\CurrentControlSet\services\Dataup (Registry Key) 
Failed to delete: HKLM\SYSTEM\CurrentControlSet\services\windowsmanagementservice (Registry Key) 
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\697d17d5221878632ec82c4d9fe8cd50 (Registry Key) 
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\e658c27ca41bc5305f3a3db9744fded4 (Registry Key) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FC93DE21-C2A0-497C-ABD6-D518321C6C51} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{FC93DE21-C2A0-497C-ABD6-D518321C6C51} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 02/24/2017 at  6:27:57.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#10 andrewb27

andrewb27
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 24 February 2017 - 07:51 AM

# AdwCleaner v6.043 - Logfile created 24/02/2017 at 06:46:50
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-23.4 [Local]
# Operating System : Windows 10 Home  (X64)
# Username : andre - LAPTOP-OBQ1VT5M
# Running from : C:\Users\andre\Downloads\AdwCleaner.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
[-] Service deleted: Dataup
[-] Service deleted: windowsmanagementservice
 
 
***** [ Folders ] *****
 
[#] Folder deleted on reboot: C:\Program Files (x86)\dataup
[-] Folder deleted: C:\Program Files (x86)\regtool
[-] Folder deleted: C:\quardata
 
 
***** [ Files ] *****
 
[#] File deleted: C:\WINDOWS\SysNative\drivers\697d17d5221878632ec82c4d9fe8cd50.sys
[#] File deleted: C:\WINDOWS\TEMPcoral.vbs
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Dataup
[-] Key deleted: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Dataup
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
[-] Key deleted: HKU\S-1-5-21-173804362-2601080516-66741419-1001\Software\SU
[-] Key deleted: HKU\S-1-5-21-173804362-2601080516-66741419-1001\Software\WajIEnhance
[-] Key deleted: HKU\S-1-5-21-173804362-2601080516-66741419-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
[#] Key deleted on reboot: HKCU\Software\SU
[#] Key deleted on reboot: HKCU\Software\WajIEnhance
[-] Key deleted: HKLM\SOFTWARE\Microleaves
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}
[#] Key deleted on reboot: [x64] HKCU\Software\SU
[#] Key deleted on reboot: [x64] HKCU\Software\WajIEnhance
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key deleted: HKU\S-1-5-21-173804362-2601080516-66741419-1001\Software\Microsoft\Internet Explorer\SearchScopes\{1711FC25-F05A-40CE-B859-A0C1CF01FD18}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1711FC25-F05A-40CE-B859-A0C1CF01FD18}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1711FC25-F05A-40CE-B859-A0C1CF01FD18}
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [cpx]
[-] Value deleted: HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
[-] Key deleted: HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\andre\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: bahkljhhdeciiaodlkppoonappfnheoi
[-] [C:\Users\andre\AppData\Local\Google\Chrome\User Data\Default] [homepage] Deleted: hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=86311067&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC1atm8eB7qfwFneYnkiNliiBeeRc%2B9BDp%2BB%2BLUuY1ldaO%2B8eW85ovQnIyauh3LbHnP2JuwpEv6iKbyByZPGZBLJH3Gp9V%2BeHTQ4MhTbveC%2FI44r5kug%2BdoMe4QDMwX8YUhV1AHyb48WzlpaITxNCYcMHIHdZbWz8qbsdFQNkNfIUpECpStP7msp63yOu8cQpCzhwXdMockHmmBfoOCOQjOLrNxZxjdsKXui5lx6gRBFR9CkXPIwklpPRjJ9Hh9zzcY%3D
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [4240 Bytes] - [24/02/2017 06:46:50]
C:\AdwCleaner\AdwCleaner[S0].txt - [4740 Bytes] - [23/02/2017 17:04:02]
C:\AdwCleaner\AdwCleaner[S1].txt - [4033 Bytes] - [24/02/2017 06:45:54]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [4459 Bytes] ##########


#11 Jo*

Jo*

  • Malware Response Team
  • 3,427 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:50 PM

Posted 24 February 2017 - 08:09 AM

Hello,
 

***


Copy FRST / FSRT64.exe to your desktop!

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt



	
Start	
CreateRestorePoint:	
CloseProcesses:	
HKLM-x32\...\Run: [cpx] => "C:\Program Files (x86)\cpx\cpx.exe"tarup <===== ATTENTION	
ShortcutTarget: hide.me VPN.lnk -> C:\Program Files (x86)\hide.me VPN\Hide.me.exe (No File)	
GroupPolicy\User: Restriction <======= ATTENTION
HKU\S-1-5-21-173804362-2601080516-66741419-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION	
SearchScopes: HKLM -> {FC93DE21-C2A0-497C-ABD6-D518321C6C51} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}	
SearchScopes: HKLM-x32 -> {FC93DE21-C2A0-497C-ABD6-D518321C6C51} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}	
SearchScopes: HKU\S-1-5-21-173804362-2601080516-66741419-1001 -> DefaultScope {FC93DE21-C2A0-497C-ABD6-D518321C6C51} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}	
SearchScopes: HKU\S-1-5-21-173804362-2601080516-66741419-1001 -> {1711FC25-F05A-40CE-B859-A0C1CF01FD18} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=86311067&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC1atm8eB7qfwFneYnkiNliisMUTA6U7CX9SMEKVkDH1dlJshl%2BDntJQztZInXjxaXA2PiP4pDqAsPG%2BTczn2kqBgA%2FESmM60O1sAqB3VxkStdElU7%2FrhJt%2BfL%2BGjEN8g%2FFhjpG3dDarr1JkaULuVo9PWghVY8ZZnhzUyYapjbUZioc%2BHPu3wQxarqqT2iJ9kLMZb0ByRkMBzzP7RLF9j1O3VugpKVRRtKsSbBjk3sW6%2FQ%3D%3D&p={searchTerms}
SearchScopes: HKU\S-1-5-21-173804362-2601080516-66741419-1001 -> {F84299E5-3940-484D-97A7-A53CA78F821F} URL = hxxp://search.yourclassifiedsnow.com/s?source=239204&uid=abc20478-6282-41a8-b8e1-f37be6554fd3&uc=20170223&ap=AppFocus33&i_id=classifieds__1.30&query={searchTerms}	
SearchScopes: HKU\S-1-5-21-173804362-2601080516-66741419-1001 -> {FC93DE21-C2A0-497C-ABD6-D518321C6C51} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}	
R2 Dataup; C:\Program Files (x86)\dataup\dataup.exe [77824 2017-01-05]  <==== ATTENTION	
S2 e658c27ca41bc5305f3a3db9744fded4; C:\Program Files\e658c27ca41bc5305f3a3db9744fded4\626f6a515761693c5065e0407e69006e.exe [39824896 2017-02-20]  <==== ATTENTION	
R2 windowsmanagementservice; C:\Users\andre\AppData\Local\Temp\20170223\ct.exe [724480 2017-02-22] (ct Corp.)  <==== ATTENTION <==== ATTENTION	
S2 hmevpnsvc; "C:\Program Files (x86)\hide.me VPN\vpnsvc.exe" [X]	
R1 697d17d5221878632ec82c4d9fe8cd50; C:\WINDOWS\system32\drivers\697d17d5221878632ec82c4d9fe8cd50.sys [96272 2017-02-20] (UOYM62) <==== ATTENTION	
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]	
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION	
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square	
C:\WINDOWS\tempcoral.vbs
C:\Program Files (x86)\dataup
EmptyTemp:	
End	


NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again as Administrator like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

---

Download and run Chrome Software Cleaner


---

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#12 andrewb27

andrewb27
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 24 February 2017 - 03:41 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 23-02-2017 01
Ran by andre (24-02-2017 14:12:46) Run:1
Running from C:\Users\andre\Downloads\FRST-OlderVersion
Loaded Profiles: andre (Available Profiles: andre)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [cpx] => "C:\Program Files (x86)\cpx\cpx.exe"tarup <===== ATTENTION
ShortcutTarget: hide.me VPN.lnk -> C:\Program Files (x86)\hide.me VPN\Hide.me.exe (No File)
GroupPolicy\User: Restriction <======= ATTENTION
HKU\S-1-5-21-173804362-2601080516-66741419-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> {FC93DE21-C2A0-497C-ABD6-D518321C6C51} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {FC93DE21-C2A0-497C-ABD6-D518321C6C51} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-173804362-2601080516-66741419-1001 -> DefaultScope {FC93DE21-C2A0-497C-ABD6-D518321C6C51} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-173804362-2601080516-66741419-1001 -> {1711FC25-F05A-40CE-B859-A0C1CF01FD18} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=86311067&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC1atm8eB7qfwFneYnkiNliisMUTA6U7CX9SMEKVkDH1dlJshl%2BDntJQztZInXjxaXA2PiP4pDqAsPG%2BTczn2kqBgA%2FESmM60O1sAqB3VxkStdElU7%2FrhJt%2BfL%2BGjEN8g%2FFhjpG3dDarr1JkaULuVo9PWghVY8ZZnhzUyYapjbUZioc%2BHPu3wQxarqqT2iJ9kLMZb0ByRkMBzzP7RLF9j1O3VugpKVRRtKsSbBjk3sW6%2FQ%3D%3D&p={searchTerms}
SearchScopes: HKU\S-1-5-21-173804362-2601080516-66741419-1001 -> {F84299E5-3940-484D-97A7-A53CA78F821F} URL = hxxp://search.yourclassifiedsnow.com/s?source=239204&uid=abc20478-6282-41a8-b8e1-f37be6554fd3&uc=20170223&ap=AppFocus33&i_id=classifieds__1.30&query={searchTerms}
SearchScopes: HKU\S-1-5-21-173804362-2601080516-66741419-1001 -> {FC93DE21-C2A0-497C-ABD6-D518321C6C51} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
R2 Dataup; C:\Program Files (x86)\dataup\dataup.exe [77824 2017-01-05]  <==== ATTENTION
S2 e658c27ca41bc5305f3a3db9744fded4; C:\Program Files\e658c27ca41bc5305f3a3db9744fded4\626f6a515761693c5065e0407e69006e.exe [39824896 2017-02-20]  <==== ATTENTION
R2 windowsmanagementservice; C:\Users\andre\AppData\Local\Temp\20170223\ct.exe [724480 2017-02-22] (ct Corp.)  <==== ATTENTION <==== ATTENTION
S2 hmevpnsvc; "C:\Program Files (x86)\hide.me VPN\vpnsvc.exe" [X]
R1 697d17d5221878632ec82c4d9fe8cd50; C:\WINDOWS\system32\drivers\697d17d5221878632ec82c4d9fe8cd50.sys [96272 2017-02-20] (UOYM62) <==== ATTENTION
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square
C:\WINDOWS\tempcoral.vbs
C:\Program Files (x86)\dataup
EmptyTemp:
End
*****************
 
Start => Error: No automatic fix found for this entry.
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\cpx => value could not remove.
C:\Program Files (x86)\hide.me VPN\Hide.me.exe => not found.
C:\WINDOWS\system32\GroupPolicy\User => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKU\S-1-5-21-173804362-2601080516-66741419-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FC93DE21-C2A0-497C-ABD6-D518321C6C51} => key removed successfully
HKCR\CLSID\{FC93DE21-C2A0-497C-ABD6-D518321C6C51} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{FC93DE21-C2A0-497C-ABD6-D518321C6C51} => key not found. 
HKCR\Wow6432Node\CLSID\{FC93DE21-C2A0-497C-ABD6-D518321C6C51} => key not found. 
HKU\S-1-5-21-173804362-2601080516-66741419-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-173804362-2601080516-66741419-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1711FC25-F05A-40CE-B859-A0C1CF01FD18} => key not found. 
HKCR\CLSID\{1711FC25-F05A-40CE-B859-A0C1CF01FD18} => key not found. 
HKU\S-1-5-21-173804362-2601080516-66741419-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F84299E5-3940-484D-97A7-A53CA78F821F} => key removed successfully
HKCR\CLSID\{F84299E5-3940-484D-97A7-A53CA78F821F} => key not found. 
HKU\S-1-5-21-173804362-2601080516-66741419-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FC93DE21-C2A0-497C-ABD6-D518321C6C51} => key not found. 
HKCR\CLSID\{FC93DE21-C2A0-497C-ABD6-D518321C6C51} => key not found. 
Dataup => Unable to stop service.
HKLM\System\CurrentControlSet\Services\Dataup => key could not remove, key could be protected
e658c27ca41bc5305f3a3db9744fded4 => service not found.
windowsmanagementservice => Unable to stop service.
HKLM\System\CurrentControlSet\Services\windowsmanagementservice => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\hmevpnsvc => key removed successfully
hmevpnsvc => service removed successfully
697d17d5221878632ec82c4d9fe8cd50 => service not found.
HKLM\System\CurrentControlSet\Services\MBAMSwissArmy => key removed successfully
MBAMSwissArmy => service removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\\SystemComponent => value not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk => Shortcut argument removed successfully.
Could not move "C:\WINDOWS\tempcoral.vbs" => Scheduled to move on reboot.
 
"C:\Program Files (x86)\dataup" folder move:
 
Could not move "C:\Program Files (x86)\dataup" => Scheduled to move on reboot.
 
End => Error: No automatic fix found for this entry.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 38980189 B
Java, Flash, Steam htmlcache => 57167125 B
Windows/system/drivers => 1371454 B
Edge => 10036800 B
Chrome => 610456061 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 74289 B
systemprofile32 => 0 B
LocalService => 874 B
NetworkService => 23400 B
andre => 116599639 B
 
RecycleBin => 1497513 B
EmptyTemp: => 797.5 MB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 24-02-2017 14:29:47)
 
"C:\WINDOWS\tempcoral.vbs" => Could not move
"C:\Program Files (x86)\dataup" => Could not move
 
Result of scheduled keys to remove after reboot:
 
HKLM\System\CurrentControlSet\Services\Dataup => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\windowsmanagementservice => key could not remove, key could be protected
 
==== End of Fixlog 14:29:51 ====


#13 andrewb27

andrewb27
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 24 February 2017 - 03:46 PM

thankyou its already alot faster havent tried to download anything just yet waiting for your further instructions and once again i hope you atleast know a musician who could use a free exclusive (thats atleast 500 dollars) you spent time helping me i wouldnt mind returning the favor since im a poor sob atm its all i got friend  hit me at realcabinproductions@gmail.com if thats something youd be down for. its not soliciting i wish to do this free of charge (just as you did for me) Jo from europe :D


Edited by andrewb27, 24 February 2017 - 03:47 PM.


#14 Jo*

Jo*

  • Malware Response Team
  • 3,427 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:50 PM

Posted 24 February 2017 - 04:02 PM

thankyou its already alot faster havent tried to download anything just yet waiting for your further instructions and once again i hope you atleast know a musician who could use a free exclusive (thats atleast 500 dollars) you spent time helping me i wouldnt mind returning the favor since im a poor sob atm its all i got friend  hit me at realcabinproductions@gmail.com if thats something youd be down for. its not soliciting i wish to do this free of charge (just as you did for me) Jo from europe :D

Thanks, but my help is for free.

---

Try if downloads and the Internet work for you now.

---


Hello again,

:step1: Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 5 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7/8/10 users need to right click and choose Run as Administrator
You only need to get one of them to run, not all of them.Do not reboot your computer after running rkill as the malware programs will start again.


---


:step2: Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download and install: Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs: (Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

---


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#15 andrewb27

andrewb27
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 24 February 2017 - 08:29 PM

SO i can now downloads some files not all and i ran r kill and STILL cant enter into malware anti im still getting the it in use already message so whats can i do download another product on that list and see if it works? because r kill is running and finishing  but still not letting me into the malware app

 

thank you for the help we need more folks like you in this world






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users