Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan "The requested resource is in use


  • This topic is locked This topic is locked
16 replies to this topic

#1 artex222

artex222

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 16 July 2017 - 10:18 AM

"Cannot install or open any antivirus, malware etc. software. Cannot do restore, nothing shows.

Need help.

Have done Frst scan (attached).

 

Les

Attached Files



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,750 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:21 AM

Posted 16 July 2017 - 10:49 AM

Welcome :)

  • Please download Malwarebytes Anti-Rootkit and save the file to your Desktop.
  • Right-Click MBAR.exe and select AVOiBNU.jpgRun as administrator to run the installer.
  • Select your Desktop as the location to extract the contents and click OK. The programme should open upon completion.
  • Click Next, followed by Update. Upon update completion, click Next.
  • Ensure Drivers, Sectors & System are checked and click Scan.
  • Note: Do not use your computer during the scan.
  • Upon completion:
    • If no infection is found, close the MBAR window.
    • If an infection is found, ensure Create Restore Point is checked and click Cleanup. Reboot when prompted.
  • Two logs (mbar-log.txt and system-log.txt) will be created. Copy the contents of both logs and paste in your next reply. Both logs can be found in the MBAR folder.

 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 artex222

artex222
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 16 July 2017 - 02:30 PM

I tried to run MBAR. It was going fine, and then - after nearly two hours - stopped responding. However, it did find over 5000 malwares. It just hung there, not checking any files any more. Any ideas?



#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,750 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:21 AM

Posted 16 July 2017 - 05:16 PM

This program will hang if the computer is used while it is scanning. Stop the program and run the installer (MBAR.exe) once again to re-run the application. Let me know of any problems.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 artex222

artex222
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 16 July 2017 - 05:26 PM

I will leave it running overnight and will let you know. Thanks for your assistance.



#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,750 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:21 AM

Posted 16 July 2017 - 05:32 PM

If the tool fails, we still can run a fix in the Recovery environment.

 

Keep me posted.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 artex222

artex222
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 17 July 2017 - 07:35 AM

The tool worked perfectly. I cleaned it up. And now everything works jus fine, and the compo runs faster, much faster. Thank you so much!



#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,750 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:21 AM

Posted 17 July 2017 - 09:25 AM

Lets just confirm all was taken care of.

 

 

  • Highlight the entire content of the quote box below.

Start::  
FirewallRules: [{5A860E7F-D552-40C2-8C7C-1FC52A269277}] => (Allow) LPort=2869
FirewallRules: [{3B393E63-B4E6-4025-813D-757085878F52}] => (Allow) LPort=1900
FirewallRules: [{60F7D6CD-AD1A-4F50-9EF0-80C6556F97D7}] => (Allow) LPort=3306
FirewallRules: [{7D1EC4A9-2562-4E43-9BC0-23281C59A551}] => (Allow) LPort=3306
FirewallRules: [{1AADA617-66B4-4005-A229-D3C6CDFB8D2B}] => (Block) LPort=445
FirewallRules: [{81206AB6-78D7-4C68-ADCC-1EBBDBB1041C}] => (Block) LPort=445
Task: {3EFBC39A-1A26-4140-BD98-8C4892CFBB6D} - \TweakBit\PC Repair\Start PC Repair ?n logon -> No File <==== ATTENTION
Task: {864104B7-978D-4159-95CD-1ACD65B175BC} - System32\Tasks\{7C57A324-CB08-4058-80A6-D0B9CD355FB1} => C:\Windows\system32\pcalua.exe -a C:\Users\User\AppData\Local\Temp\jre-8u73-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
HKLM-x32\...\Run: [cpx] => "C:\Users\User\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <==== ATTENTION
C:\Users\User\AppData\Local\ntuserlitelist
C:\Users\Michael\AppData\Local\Temp\20170324
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
C:\Windows\Sstem32\Drivers\drmkpro64.sys
C:\Users\User\AppData\Local\ceqxfvdw
2017-07-08 08:00 - 2017-07-08 08:00 - 00000000 ____D C:\Users\User\AppData\Local\rocfqc
2017-07-08 08:00 - 2017-07-08 08:00 - 00000000 ____D C:\Users\User\AppData\Local\ceqxfvdw
S4 Dataup; C:\Users\User\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
S2 windowsmanagementservice; C:\Users\User\AppData\Local\ceqxfvdw\bhxkwsga\ct.exe [689664 2017-05-30] () [File not signed] <==== ATTENTION
ShellIconOverlayIdentifiers: [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} =>  -> No File
ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} =>  -> No File
ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} =>  -> No File
ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} =>  -> No File
ContextMenuHandlers01: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} =>  -> No File
ContextMenuHandlers01: [PCKeeperShell32] -> {05562BE7-0EFC-4BD2-BD8F-FAA363E68410} =>  -> No File
ContextMenuHandlers01: [PCKeeperShell64] -> {828FB706-5749-4255-862F-3D30FCF017E1} =>  -> No File
ContextMenuHandlers01: [RmgShellExtModule] -> {EA31839B-63AA-4550-92CD-D9EEDE3127A9} =>  -> No File
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers04: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} =>  -> No File
ContextMenuHandlers06: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} =>  -> No File
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
Task: {3EFBC39A-1A26-4140-BD98-8C4892CFBB6D} - \TweakBit\PC Repair\Start PC Repair ?n logon -> No File <==== ATTENTION
BHO: No Name -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> No File
FF Plugin HKU\.DEFAULT: @hola.org/FlashPlayer -> C:\Users\User\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll [No File]
FF Plugin HKU\.DEFAULT: @hola.org/vlc -> C:\Users\User\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll [No File]
Task: {864104B7-978D-4159-95CD-1ACD65B175BC} - System32\Tasks\{7C57A324-CB08-4058-80A6-D0B9CD355FB1} => C:\Windows\system32\pcalua.exe -a C:\Users\User\AppData\Local\Temp\jre-8u73-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
2017-07-14 14:29 - 2017-07-14 14:30 - 00002432 _____ C:\Users\User\AppData\Local\Tempdh5672.html
2017-07-14 14:29 - 2017-07-14 14:30 - 00002089 _____ C:\Users\User\AppData\Local\Tempbe5672.html
2016-03-17 11:55 - 2016-03-17 12:48 - 0002089 _____ () C:\Users\User\AppData\Local\Tempae6676.html
2017-07-14 14:29 - 2017-07-14 14:30 - 0002089 _____ () C:\Users\User\AppData\Local\Tempbe5672.html
2016-04-25 06:28 - 2016-04-25 06:32 - 0002089 _____ () C:\Users\User\AppData\Local\TempBP2504.html
2017-07-14 14:29 - 2017-07-14 14:30 - 0002432 _____ () C:\Users\User\AppData\Local\Tempdh5672.html
2016-04-25 06:28 - 2016-04-25 06:32 - 0002432 _____ () C:\Users\User\AppData\Local\TempHl2504.html
2016-03-17 11:55 - 2016-03-17 12:48 - 0002432 _____ () C:\Users\User\AppData\Local\Tempml6676.html
2017-07-14 20:28 - 2017-07-14 20:28 - 0476672 _____ () C:\Users\User\AppData\Local\Temp\7za.exe
2017-07-14 20:28 - 2017-07-14 20:28 - 0020480 _____ (E Dev) C:\Users\User\AppData\Local\Temp\DaS_21.exe
2017-07-14 20:28 - 2017-07-14 20:28 - 0388608 _____ (Trend Micro Inc.) C:\Users\User\AppData\Local\Temp\hijackthis.exe
2017-07-14 20:28 - 2017-07-14 20:28 - 0030720 _____ (NirSoft) C:\Users\User\AppData\Local\Temp\NirCmd.exe
2017-07-14 20:28 - 2017-07-14 20:28 - 0256512 _____ () C:\Users\User\AppData\Local\Temp\PEVZ.EXE
2017-07-14 20:28 - 2017-07-14 20:28 - 0069632 _____ () C:\Users\User\AppData\Local\Temp\remove.exe
2017-07-14 20:28 - 2017-07-14 20:28 - 0098816 _____ () C:\Users\User\AppData\Local\Temp\sed.exe
2017-07-14 20:28 - 2017-07-14 20:28 - 0057344 _____ (Optimum X) C:\Users\User\AppData\Local\Temp\shortcut.exe
2017-07-14 20:28 - 2017-07-14 20:28 - 0161792 _____ (SteelWerX) C:\Users\User\AppData\Local\Temp\swreg.exe
2017-07-14 20:28 - 2017-07-14 20:28 - 0217088 _____ (SteelWerX) C:\Users\User\AppData\Local\Temp\swxcacls.exe
2017-07-14 20:28 - 2017-07-14 20:28 - 0154232 _____ (No‰l Danjou) C:\Users\User\AppData\Local\Temp\wget.exe
2017-07-14 20:28 - 2017-07-14 20:28 - 0024064 _____ () C:\Users\User\AppData\Local\Temp\zoek-delete.exe
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the information you just copied to the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Please download Junkware Removal Tool to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

Download AdwCleaner from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8/10 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

iO5EZayK.png


  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

adwcleaner_delete_restart.jpg


  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 artex222

artex222
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 18 July 2017 - 04:39 PM

Done as requested.

 

===============================
 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-07-2017

Ran by User (18-07-2017 14:06:52) Run:2

Running from C:\Users\User\Desktop

Loaded Profiles: User (Available Profiles: User)

Boot Mode: Normal

==============================================

 

fixlist content:

*****************

 

FirewallRules: [{5A860E7F-D552-40C2-8C7C-1FC52A269277}] => (Allow) LPort=2869

FirewallRules: [{3B393E63-B4E6-4025-813D-757085878F52}] => (Allow) LPort=1900

FirewallRules: [{60F7D6CD-AD1A-4F50-9EF0-80C6556F97D7}] => (Allow) LPort=3306

FirewallRules: [{7D1EC4A9-2562-4E43-9BC0-23281C59A551}] => (Allow) LPort=3306

FirewallRules: [{1AADA617-66B4-4005-A229-D3C6CDFB8D2B}] => (Block) LPort=445

FirewallRules: [{81206AB6-78D7-4C68-ADCC-1EBBDBB1041C}] => (Block) LPort=445

Task: {3EFBC39A-1A26-4140-BD98-8C4892CFBB6D} - \TweakBit\PC Repair\Start PC Repair ?n logon -> No File <==== ATTENTION

Task: {864104B7-978D-4159-95CD-1ACD65B175BC} - System32\Tasks\{7C57A324-CB08-4058-80A6-D0B9CD355FB1} => C:\Windows\system32\pcalua.exe -a C:\Users\User\AppData\Local\Temp\jre-8u73-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION

HKLM-x32\...\Run: [cpx] => "C:\Users\User\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <==== ATTENTION

C:\Users\User\AppData\Local\ntuserlitelist

C:\Users\Michael\AppData\Local\Temp\20170324

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION

C:\Windows\Sstem32\Drivers\drmkpro64.sys

C:\Users\User\AppData\Local\ceqxfvdw

2017-07-08 08:00 - 2017-07-08 08:00 - 00000000 ____D C:\Users\User\AppData\Local\rocfqc

2017-07-08 08:00 - 2017-07-08 08:00 - 00000000 ____D C:\Users\User\AppData\Local\ceqxfvdw

S4 Dataup; C:\Users\User\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION

S2 windowsmanagementservice; C:\Users\User\AppData\Local\ceqxfvdw\bhxkwsga\ct.exe [689664 2017-05-30] () [File not signed] <==== ATTENTION

ShellIconOverlayIdentifiers: [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} =>  -> No File

ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} =>  -> No File

ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} =>  -> No File

ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} =>  -> No File

ContextMenuHandlers01: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} =>  -> No File

ContextMenuHandlers01: [PCKeeperShell32] -> {05562BE7-0EFC-4BD2-BD8F-FAA363E68410} =>  -> No File

ContextMenuHandlers01: [PCKeeperShell64] -> {828FB706-5749-4255-862F-3D30FCF017E1} =>  -> No File

ContextMenuHandlers01: [RmgShellExtModule] -> {EA31839B-63AA-4550-92CD-D9EEDE3127A9} =>  -> No File

ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File

ContextMenuHandlers04: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} =>  -> No File

ContextMenuHandlers06: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} =>  -> No File

ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File

Task: {3EFBC39A-1A26-4140-BD98-8C4892CFBB6D} - \TweakBit\PC Repair\Start PC Repair ?n logon -> No File <==== ATTENTION

BHO: No Name -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> No File

FF Plugin HKU\.DEFAULT: @hola.org/FlashPlayer -> C:\Users\User\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll [No File]

FF Plugin HKU\.DEFAULT: @hola.org/vlc -> C:\Users\User\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll [No File]

Task: {864104B7-978D-4159-95CD-1ACD65B175BC} - System32\Tasks\{7C57A324-CB08-4058-80A6-D0B9CD355FB1} => C:\Windows\system32\pcalua.exe -a C:\Users\User\AppData\Local\Temp\jre-8u73-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION

2017-07-14 14:29 - 2017-07-14 14:30 - 00002432 _____ C:\Users\User\AppData\Local\Tempdh5672.html

2017-07-14 14:29 - 2017-07-14 14:30 - 00002089 _____ C:\Users\User\AppData\Local\Tempbe5672.html

2016-03-17 11:55 - 2016-03-17 12:48 - 0002089 _____ () C:\Users\User\AppData\Local\Tempae6676.html

2017-07-14 14:29 - 2017-07-14 14:30 - 0002089 _____ () C:\Users\User\AppData\Local\Tempbe5672.html

2016-04-25 06:28 - 2016-04-25 06:32 - 0002089 _____ () C:\Users\User\AppData\Local\TempBP2504.html

2017-07-14 14:29 - 2017-07-14 14:30 - 0002432 _____ () C:\Users\User\AppData\Local\Tempdh5672.html

2016-04-25 06:28 - 2016-04-25 06:32 - 0002432 _____ () C:\Users\User\AppData\Local\TempHl2504.html

2016-03-17 11:55 - 2016-03-17 12:48 - 0002432 _____ () C:\Users\User\AppData\Local\Tempml6676.html

2017-07-14 20:28 - 2017-07-14 20:28 - 0476672 _____ () C:\Users\User\AppData\Local\Temp\7za.exe

2017-07-14 20:28 - 2017-07-14 20:28 - 0020480 _____ (E Dev) C:\Users\User\AppData\Local\Temp\DaS_21.exe

2017-07-14 20:28 - 2017-07-14 20:28 - 0388608 _____ (Trend Micro Inc.) C:\Users\User\AppData\Local\Temp\hijackthis.exe

2017-07-14 20:28 - 2017-07-14 20:28 - 0030720 _____ (NirSoft) C:\Users\User\AppData\Local\Temp\NirCmd.exe

2017-07-14 20:28 - 2017-07-14 20:28 - 0256512 _____ () C:\Users\User\AppData\Local\Temp\PEVZ.EXE

2017-07-14 20:28 - 2017-07-14 20:28 - 0069632 _____ () C:\Users\User\AppData\Local\Temp\remove.exe

2017-07-14 20:28 - 2017-07-14 20:28 - 0098816 _____ () C:\Users\User\AppData\Local\Temp\sed.exe

2017-07-14 20:28 - 2017-07-14 20:28 - 0057344 _____ (Optimum X) C:\Users\User\AppData\Local\Temp\shortcut.exe

2017-07-14 20:28 - 2017-07-14 20:28 - 0161792 _____ (SteelWerX) C:\Users\User\AppData\Local\Temp\swreg.exe

2017-07-14 20:28 - 2017-07-14 20:28 - 0217088 _____ (SteelWerX) C:\Users\User\AppData\Local\Temp\swxcacls.exe

2017-07-14 20:28 - 2017-07-14 20:28 - 0154232 _____ (No‰l Danjou) C:\Users\User\AppData\Local\Temp\wget.exe

2017-07-14 20:28 - 2017-07-14 20:28 - 0024064 _____ () C:\Users\User\AppData\Local\Temp\zoek-delete.exe

HOSTS:

Removeproxy:

CMD: netsh advfirewall reset

CMD: netsh advfirewall set allprofiles state ON

CMD: ipconfig /flushdns

CMD: netsh winsock reset catalog

CMD: netsh int ip reset C:\resettcpip.txt

CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"

CMD: Bitsadmin /Reset /Allusers

EMPTYTEMP:

Reboot:

 

*****************

 

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5A860E7F-D552-40C2-8C7C-1FC52A269277} => value removed successfully

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3B393E63-B4E6-4025-813D-757085878F52} => value removed successfully

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{60F7D6CD-AD1A-4F50-9EF0-80C6556F97D7} => value removed successfully

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7D1EC4A9-2562-4E43-9BC0-23281C59A551} => value removed successfully

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1AADA617-66B4-4005-A229-D3C6CDFB8D2B} => value removed successfully

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{81206AB6-78D7-4C68-ADCC-1EBBDBB1041C} => value removed successfully

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3EFBC39A-1A26-4140-BD98-8C4892CFBB6D} => key removed successfully

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3EFBC39A-1A26-4140-BD98-8C4892CFBB6D} => key removed successfully

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TweakBit\PC Repair\Start PC Repair ?n logon => key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{864104B7-978D-4159-95CD-1ACD65B175BC} => key removed successfully

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{864104B7-978D-4159-95CD-1ACD65B175BC} => key removed successfully

C:\Windows\System32\Tasks\{7C57A324-CB08-4058-80A6-D0B9CD355FB1} => moved successfully

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7C57A324-CB08-4058-80A6-D0B9CD355FB1} => key removed successfully

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\cpx => value not found.

"C:\Users\User\AppData\Local\ntuserlitelist" => not found.

"C:\Users\Michael\AppData\Local\Temp\20170324" => not found.

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully

"C:\Windows\Sstem32\Drivers\drmkpro64.sys" => not found.

C:\Users\User\AppData\Local\ceqxfvdw => moved successfully

C:\Users\User\AppData\Local\rocfqc => moved successfully

"C:\Users\User\AppData\Local\ceqxfvdw" => not found.

Dataup => service not found.

windowsmanagementservice => service not found.

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GGDriveOverlay1 => key removed successfully

HKLM\Software\Classes\CLSID\{E68D0A50-3C40-4712-B90D-DCFA93FF2534} => key not found.

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GGDriveOverlay2 => key removed successfully

HKLM\Software\Classes\CLSID\{E68D0A51-3C40-4712-B90D-DCFA93FF2534} => key not found.

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GGDriveOverlay3 => key removed successfully

HKLM\Software\Classes\CLSID\{E68D0A52-3C40-4712-B90D-DCFA93FF2534} => key not found.

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GGDriveOverlay4 => key removed successfully

HKLM\Software\Classes\CLSID\{E68D0A53-3C40-4712-B90D-DCFA93FF2534} => key not found.

HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\IObitUnstaler => key removed successfully

HKLM\Software\Classes\CLSID\{B19ED566-D419-470b-B111-3C89040BC027} => key not found.

HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\PCKeeperShell32 => key removed successfully

HKLM\Software\Classes\CLSID\{05562BE7-0EFC-4BD2-BD8F-FAA363E68410} => key not found.

HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\PCKeeperShell64 => key removed successfully

HKLM\Software\Classes\CLSID\{828FB706-5749-4255-862F-3D30FCF017E1} => key not found.

HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\RmgShellExtModule => key removed successfully

HKLM\Software\Classes\CLSID\{EA31839B-63AA-4550-92CD-D9EEDE3127A9} => key not found.

HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32 => key removed successfully

HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => key not found.

HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\IObitUnstaler => key not found.

HKLM\Software\Classes\CLSID\{B19ED566-D419-470b-B111-3C89040BC027} => key not found.

HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\IObitUnstaler => key not found.

HKLM\Software\Classes\CLSID\{B19ED566-D419-470b-B111-3C89040BC027} => key not found.

HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32 => key removed successfully

HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3EFBC39A-1A26-4140-BD98-8C4892CFBB6D} => key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TweakBit\PC Repair\Start PC Repair ?n logon => key not found.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} => key removed successfully

HKLM\Software\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814} => key not found.

HKU\.DEFAULT\Software\MozillaPlugins\@hola.org/FlashPlayer => key removed successfully

C:\Users\User\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll => not found.

HKU\.DEFAULT\Software\MozillaPlugins\@hola.org/vlc => key removed successfully

C:\Users\User\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll => not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{864104B7-978D-4159-95CD-1ACD65B175BC} => key not found.

C:\Windows\System32\Tasks\{7C57A324-CB08-4058-80A6-D0B9CD355FB1} => not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7C57A324-CB08-4058-80A6-D0B9CD355FB1} => key not found.

C:\Users\User\AppData\Local\Tempdh5672.html => moved successfully

C:\Users\User\AppData\Local\Tempbe5672.html => moved successfully

C:\Users\User\AppData\Local\Tempae6676.html => moved successfully

"C:\Users\User\AppData\Local\Tempbe5672.html" => not found.

C:\Users\User\AppData\Local\TempBP2504.html => moved successfully

"C:\Users\User\AppData\Local\Tempdh5672.html" => not found.

C:\Users\User\AppData\Local\TempHl2504.html => moved successfully

C:\Users\User\AppData\Local\Tempml6676.html => moved successfully

C:\Users\User\AppData\Local\Temp\7za.exe => moved successfully

C:\Users\User\AppData\Local\Temp\DaS_21.exe => moved successfully

C:\Users\User\AppData\Local\Temp\hijackthis.exe => moved successfully

C:\Users\User\AppData\Local\Temp\NirCmd.exe => moved successfully

C:\Users\User\AppData\Local\Temp\PEVZ.EXE => moved successfully

C:\Users\User\AppData\Local\Temp\remove.exe => moved successfully

C:\Users\User\AppData\Local\Temp\sed.exe => moved successfully

C:\Users\User\AppData\Local\Temp\shortcut.exe => moved successfully

C:\Users\User\AppData\Local\Temp\swreg.exe => moved successfully

C:\Users\User\AppData\Local\Temp\swxcacls.exe => moved successfully

C:\Users\User\AppData\Local\Temp\wget.exe => moved successfully

C:\Users\User\AppData\Local\Temp\zoek-delete.exe => moved successfully

C:\Windows\System32\Drivers\etc\hosts => moved successfully

Hosts restored successfully.

 

========= RemoveProxy: =========

 

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully

HKU\S-1-5-21-176798144-3595912555-2340562074-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

HKU\S-1-5-21-176798144-3595912555-2340562074-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

HKU\S-1-5-21-176798144-3595912555-2340562074-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

 

 

========= End of RemoveProxy: =========

 

 

========= netsh advfirewall reset =========

 

Ok.

 

 

========= End of CMD: =========

 

 

========= netsh advfirewall set allprofiles state ON =========

 

Ok.

 

 

========= End of CMD: =========

 

 

========= ipconfig /flushdns =========

 

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

 

========= End of CMD: =========

 

 

========= netsh winsock reset catalog =========

 

 

Sucessfully reset the Winsock Catalog.

You must restart the computer in order to complete the reset.

 

 

========= End of CMD: =========

 

 

========= netsh int ip reset C:\resettcpip.txt =========

 

Reseting Global, OK!

Reseting Interface, OK!

Restart the computer to complete this action.

 

 

========= End of CMD: =========

 

 

========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========

 

Failed to clear log DebugChannel. The requested operation cannot be performed over an enabled direct channel. The channel must first be disabled before performing the requested operation.

 

========= End of CMD: =========

 

 

========= Bitsadmin /Reset /Allusers =========

 

 

BITSADMIN version 3.0 [ 7.5.7601 ]

BITS administration utility.

© Copyright 2000-2006 Microsoft Corp.

 

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

 

Unable to cancel {08FE81D1-37E0-4E0B-A717-B51316218953}.

0 out of 1 jobs canceled.

 

========= End of CMD: =========

 

 

=========== EmptyTemp: ==========

 

BITS transfer queue => 8388608 B

DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11407 B

Java, Flash, Steam htmlcache => 6767 B

Windows/system/drivers => 55255788 B

Edge => 0 B

Chrome => 653312 B

Firefox => 23622704 B

Opera => 514502406 B

 

Temp, IE cache, history, cookies, recent:

Users => 0 B

Default => 0 B

Public => 0 B

ProgramData => 0 B

systemprofile => 83519 B

systemprofile32 => 16674 B

LocalService => 16384 B

NetworkService => 36891928 B

User => 85753338 B

 

RecycleBin => 0 B

EmptyTemp: => 691.6 MB temporary data Removed.

 

================================

 

 

The system needed a reboot.

 

==== End o

 

==========================================================================
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 8.1.4 (07.09.2017)

Operating System: Windows 7 Professional x64

Ran by User (Administrator) on 07/18/17 at 17:13:05.80

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

File System: 20

 

Successfully deleted: C:\ProgramData\productdata (Folder)

Successfully deleted: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\exakvevw.default-1464446928417\extensions\trash (Folder)

Successfully deleted: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\exakvevw.default-1464446928417\user.js (File)

Successfully deleted: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zrmqgxto.default\user.js (File)

Successfully deleted: C:\Users\User\AppData\Roaming\productdata (Folder)

Successfully deleted: C:\Windows\system32\Tasks\Driver Booster Scheduler (Task)

Successfully deleted: C:\Windows\system32\Tasks\Driver Booster SkipUAC (SYSTEM) (Task)

Successfully deleted: C:\Windows\system32\Tasks\Driver Booster SkipUAC (User) (Task)

Successfully deleted: C:\Windows\system32\Tasks\Google Update (Task)

Successfully deleted: C:\Windows\system32\Tasks\SmartDefrag_Startup (Task)

Successfully deleted: C:\Windows\system32\Tasks\Uninstaller_SkipUac_User (Task)

Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0L6KBMQN (Temporary Internet Files Folder)

Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\60UZV0I9 (Temporary Internet Files Folder)

Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CQJTC6NC (Temporary Internet Files Folder)

Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UMBLIAVL (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0L6KBMQN (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\60UZV0I9 (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CQJTC6NC (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UMBLIAVL (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\SysWOW64\REN8202.tmp (File)

 

 

 

Registry: 0

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 07/18/17 at 17:18:04.27

End of JRT log

~~~~~~~~~~~~~~~~~~
 



#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,750 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:21 AM

Posted 18 July 2017 - 09:56 PM

Did you run AdwCleaner?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 artex222

artex222
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 19 July 2017 - 04:53 AM

# AdwCleaner 7.0.0.0 - Logfile created on Wed Jul 19 09:33:16 2017

# Updated on 2017/17/07 by Malwarebytes

# Running on Windows 7 Professional (X64)

# Mode: clean

# Support: https://www.malwarebytes.com/support

 

***** [ Services ] *****

 

Deleted: AdvancedSystemCareService10

 

 

***** [ Folders ] *****

 

Deleted: C:\ProgramData\IObit\Advanced SystemCare

Deleted: C:\ProgramData\Application Data\IObit\Advanced SystemCare

Deleted: C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare

Deleted: C:\Program Files (x86)\IObit\Advanced SystemCare

Deleted: C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare

Deleted: C:\Users\All Users\IObit\Advanced SystemCare

Deleted: C:\Users\User\AppData\LocalLow\IObit\Advanced SystemCare

Deleted: C:\Users\User\AppData\Roaming\IObit\Advanced SystemCare

Deleted: C:\ProgramData\IObit\ASCDownloader

Deleted: C:\ProgramData\Application Data\IObit\ASCDownloader

Deleted: C:\Users\All Users\IObit\ASCDownloader

Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare

Deleted: C:\Users\User\AppData\Local\llssoft

 

 

***** [ Files ] *****

 

Deleted: C:\Users\All Users\Desktop\Advanced SystemCare 10.lnk

Deleted: C:\Users\Public\Desktop\Advanced SystemCare 10.lnk

Deleted: C:/Users\All Users\Desktop\\Smart Defrag 5.lnk

Deleted: C:/Users\Public\Desktop\\Smart Defrag 5.lnk

 

 

***** [ DLL ] *****

 

No malicious DLLs cleaned.

 

***** [ WMI ] *****

 

No malicious WMI cleaned.

 

***** [ Shortcuts ] *****

 

No malicious shortcuts cleaned.

 

***** [ Tasks ] *****

 

Deleted: TweakBit

Deleted: ASC10_PerformanceMonitor

Deleted: ASC10_SkipUac_User

 

 

***** [ Registry ] *****

 

Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{BD0C1912-66C3-49CC-8B12-7B347BF6C846}

Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{128507E0-C56F-43C0-BCF1-8193B35FE4C4}

Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{40217CB8-4463-4030-B324-AC6A8075FEC8}

Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{63C40CBE-DE43-4B56-BCEB-E14B825CF245}

Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{AFA0E6A1-28D7-4F2C-87A7-7266367B4655}

Deleted: [Key] - HKLM\SOFTWARE\IOBIT\ASC

Deleted: [Key] - HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare

Deleted: [Key] - HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare

Deleted: [Key] - HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare

Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TweakBit

Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare_is1

Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}

Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}

Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{0319DE47-F039-45DC-A213-DBB61C6AE509}

Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{074BFF31-CA38-43C4-8F25-79213AD708EF}

Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{0D838143-D511-4555-8B97-16C3CF5A780D}

Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{206E5E13-3B8F-4146-9C21-F18A63A9689B}

Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{6F09F687-2C4C-4A37-8D7A-2CB76D2B3F71}

Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{828FB706-5749-4255-862F-3D30FCF017E1}

Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{D8F2F7F9-F8F3-4562-9FDA-C1E2DAE60A30}

Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{F6649783-7559-4772-96C7-02D33BEACD8C}

Deleted: [Value] - HKU\S-1-5-21-176798144-3595912555-2340562074-1000\Software\Microsoft\Windows\CurrentVersion\Run|Advanced SystemCare 10

Deleted: [Value] - HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Advanced SystemCare 10

Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application

Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC10_SkipUac_User

 

 

***** [ Firefox (and derivatives) ] *****

 

No malicious Firefox entries deleted.

 

***** [ Chromium (and derivatives) ] *****

 

No malicious Chromium entries deleted.

 

*************************

 

::Tracing keys deleted

::Winsock settings cleared

::Additional Actions: 0

 

 

 

*************************

 

C:/AdwCleaner/AdwCleaner[C0].txt - [17912 B] - [2017/4/25 12:28:52]

C:/AdwCleaner/AdwCleaner[C2].txt - [5949 B] - [2017/7/11 20:27:28]

C:/AdwCleaner/AdwCleaner[S0].txt - [16348 B] - [2017/4/25 12:13:11]

C:/AdwCleaner/AdwCleaner[S1].txt - [5452 B] - [2017/7/11 20:12:54]

C:/AdwCleaner/AdwCleaner[S2].txt - [5396 B] - [2017/7/19 9:32:35]

 

 

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt ##########



#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,750 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:21 AM

Posted 19 July 2017 - 11:36 AM

How is the computer doing?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 artex222

artex222
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 19 July 2017 - 12:08 PM

Working like new. However, on restart I did get a blue screen a few times. Eventually it kicked in and works well. Thank you for your outstanding help.



#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,750 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:21 AM

Posted 19 July 2017 - 02:45 PM

Congratulations.

 

Lets remove the quarantined item.

 

Please download DelFix by Xplode and save to your Desktop.

  • Double-click on delfix.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator.
  • Put a check mark next to these items:
    - Remove disinfection tools
    - Create registry backup
    delfix.jpg
    .
  • Click the "Run" button.
  • When the tool has finished, it will create and open a log report (DelFix.txt)

 

Best regards. :hello:


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 artex222

artex222
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 19 July 2017 - 03:00 PM

Here is the report:

 

 

y# DelFix v1.013 - Logfile created 19/07/2017 at 15:55:48

# Updated 17/04/2016 by Xplode

# Username : User - USER-PC

# Operating System : Windows 7 Professional Service Pack 1 (64 bits)

 

~ Removing disinfection tools ...

 

Deleted : C:\Qoobox

Deleted : C:\FRST

Deleted : C:\zoek_backup

Deleted : C:\AdwCleaner

Deleted : C:\ComboFix.txt

Deleted : C:\zoek-results.log

Deleted : C:\Users\User\Desktop\ComboFix.exe

Deleted : C:\Users\User\Desktop\JRT.txt

Deleted : C:\Users\User\Downloads\ComboFix.exe

Deleted : C:\Users\User\Downloads\SR Engine Supplement License.rtf

Deleted : C:\Users\User\Downloads\tdsskiller.zip

Deleted : C:\Windows\grep.exe

Deleted : C:\Windows\PEV.exe

Deleted : C:\Windows\NIRCMD.exe

Deleted : C:\Windows\MBR.exe

Deleted : C:\Windows\SED.exe

Deleted : C:\Windows\SWREG.exe

Deleted : C:\Windows\SWSC.exe

Deleted : C:\Windows\SWXCACLS.exe

Deleted : C:\Windows\Zip.exe

Deleted : HKLM\SOFTWARE\AdwCleaner

Deleted : HKLM\SOFTWARE\Swearware

Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

 

~ Creating registry backup ... OK

 

########## - EOF - ##########

 

 

Anything else I should do?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users