Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 10 crashes when trying to update AV software


  • Please log in to reply
12 replies to this topic

#1 lapsedhibee

lapsedhibee

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 21 December 2017 - 06:00 PM

Hello

 

My Dell laptop running Windows 10 Home (v.1607, os build 14393.1944) often will not get past the Windows Welcome page before it crashes. If it does get past that page and my full desktop shows up, it crashes if I try to update my AVG anti-virus software. Sometimes the laptop will start in Safe Mode, but sometimes not.

 

The (free version) AVG software shows e-mail Protected but PC Not Protected.

 

Problem may have started with a recent Windows Update or that might just have been coincidence. The machine began to run very slowly about that time and I have added RAM (now 6GB total). I am not able to use System Restore.

 

I believe I have malware on my PC and would be most grateful for any assistance you can give.

 

Many thanks in advance

 

LH



BC AdBot (Login to Remove)

 


#2 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:08:41 PM

Posted 22 December 2017 - 01:07 AM

G'day LH,

 

 

Christmas isn't far off now. Have you finished off your shopping?

 

I need to advise you that I am a Standard Member, like you. I am NOT a Trained Malware Removal Expert. If anything I suggest concerns you, please contact me or a Moderator before actioning it. I have been working on and with computers since the 1970s.

 

 

If you're happy to continue:

 

 

We'll take a quick look at your P.C.

 

 

 

Do Not Enclose Reports In Quotes or Delete or Insert Any Characters - No Redaction!

Please Post All Reports in Plain Text. Ensure You Include All Report Headers.

Please Press the Return Key 3 Times Between Reports.

Don't Attach them either.....Pleeeez!

 

 

Please make sure you have Backed Up your Files and Save any Work you have Open before proceeding!

You can find Free Back Up Software available on the Web.

(It's unlikely that anything I ask you to do will wipe your data, but better to be safe than sorry.)

 

 

Some Tools May Close Down Any Open Windows or Programs, Please Be Aware of This!

 

 

 

Remember that there is no such thing as a "Stupid Question." If you encounter ANY problems or difficulties along the way, STOP and Message Me!!

 

 

 

**Read All Notes Under Individual Instructions BEFORE Running the Tools.**

 

You might find it useful to print these instructions for reference.

 

 

 

 

 

Let's start relatively simply.....

 

Boot the Computer until you get to Desktop.

Ensure you have an internet connection.

Then continue.

If you're stuck. Please msg back.

 

(1)

Download a copy of a program called RKill (Courtesy of Grinler at Bleeping Computer) which is available at the links below:

(This program attempts to stop any running malware processes so other tools may function efficiently, plus a few other things.)

 

Save it to your Desktop so you can easily locate it.

 

(If one won't run, download the other. Malware sometimes recognises RKill.exe and tries to interfere with it.)

 

 

RKill.exe                              <<== Try this first.

 

RKill as iExplore.exe         <<== Try this one if option one doesn't work.

 

  • Right Click RKill and Select "Run As Administrator."
  • Soon after a Black Box will appear while RKill Runs. (This is normal. RKill may appear to hang. It's just working.)
  • When RKill has finished it will Open a Report in Notepad.
  • RKill will also save a copy of its log to your Desktop called "RKill.log"
  • After RKill has run successfully Don't Restart your computer until the other tool(s) have run.
  • Please Copy and Paste the contents of the Report into your Next Reply.
  • If the RKill will not run in Normal Windows Mode, Restart in Safe Mode and Repeat the above Steps.

 

NOTES:

 

Please Ignore any warnings from about RKill containing Viruses or Trojans etc. If necessary, shut down or temporarily disable your Antivirus while RKill runs. Don't forget to Re-enable your Anti-Virus once RKill completes, unless I ask otherwise.

 

If RKill still won't run, please Post back here and advise me.(After trying both versions and Safe Mode.) Please note any Error messages or other useful information and Include it in your Reply.

 

 

Then.......

 

(2)

Please download Security Check (by screen317) from HERE & save it to your Desktop.

 

 

  • Right Click SecurityCheck and Select "Run As Administrator."
  • Follow the Prompts in the Black Box which opens on your screen.
  • When the program is complete a Notepad Document called Checkup.txt should open Automatically in Notepad.
  • Please Copy & Paste the Contents of Checkup.txt into your Next Reply.

 

Please Note the Following:

 

If you receive an "UNSUPPORTED OPERATING SYSTEM! ABORTED!," please Restart Windows and Security Check should Run Fine.

Should a problem persist, please Post Back Here and include any Error Messages & Other Useful Information.

 

Security Check may require you to permit "Dig.exe" to access the internet. Please allow access through your Firewall if necessary.

It is not uncommon for Security Check to generate "false positives" from  some Anti-Virus/Anti-Malware Programs. Please Ignore These if They Occur.

 

 

 

Then.......

 

(3)

Download and run the ESET Free Online Virus Scanner from:  HERE

​(If you had to restart for any reason between running RKill and this step,

​Please re-run Rkill.1)

 

  • Turn off your antivirus program. See here how to do this.
  • Accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Now click on Advanced Settings and make sure that the option Clean threats automatically is NOT checked, and select the following:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth Technology
    • Click on the Change button and select only Operating Memory, Autostart Locations and drive(s) C:\ D:\ etc., to be scanned
    • Click Start to begin the Scan.
  • The ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan completes a list of found threats will open automatically (if any malicious files are found).
  • Push the SAVE to TEXT FILE button and save the file to your desktop using a unique name, such as ESETScan+Date.txt. Include the contents of this report in your next reply.
  • CLEAN any THREATS found.
  • Click Back, then Finish to exit ESET Online Scanner.
  • ​Do NOT delete the ESET scanner at this stage please.

Please re-enable your antivirus when the scan is complete.

 

Let me know if you encounter any problems.

 

 

After you've finished the ESET Online scan:

  • Please ensure you've saved the Log File to your desktop.
  • Post the Log File contents in your Reply, assuming there was one.
  • Close down any other open programs.
  • Reboot.

 

 

Then.......

 

(4)

 

 

Download AdwCleaner(from Xplode.

(If you had to Reboot after Running ESET

re-run RKill - That was Step 1

 

From here: AdwCleaner.exe

 

 

Save to your Desktop so you can easily locate it.

 

  • Before Starting Ensure You've Saved Anything You Have Open that you Wish to Keep!!
  • Right Click AdwCleaner.exe & Select "Run As Administrator"
  • Please Click on the Tools Menu. There should be 2 Tabs: Options & Advanced.
  • In Options under DeleteSelect Tracing Keys(Usually pre-selected,) and, under RESET select all Options on the Right Hand Side.
  • Do Not select any other Options with Square Boxes.
  • There should be Options for Mode and Debug. You can leave these at their Defaults. Press OK.
  • Next, you should see Two main Buttons, Scan and Logfiles. Please Press Scan.
  • AdwCleaner will Start to Update the Database if required. This may take a little while.
  • The Progress Bar will gradually move to the right as the scan progresses. It can take a while.
  • Next you should receive a Popup Notification advising of the Scan Result.
  • Select any Items AdwCleaner may have found for DeletionorDeselect anything you may wish to keep.
  • Under the Popup there will be a Log. Please Copy and Paste the Contents into your next Reply.
  • NextClick Clean. Even if nothing was detected. This will require you to reboot the machine. Please do so.
  • Once the computer has rebooted,second Log should appear. Please Paste into your Reply as well.

 

  • If you need to access Logs again, Open the Tool and Click the LogFiles Button. They are stored there.

 

The Logs can be a tad confusing at first. They all contain a number such as [S0] which is Log One. They are also accompanied by a date to the left side column. The lower the number in the square brackets, the earlier the Log. For example, I may have Logs; AdwCleaner[S0].txt (Earliest) to AdwCleaner[S27].txt (Most Recent.) Double Click a Log to Open it.

 

 

 

​I'll look over your log file(s.)

 

Log back in to your thread for further instructions please.

 

We're in different time zones, so there may be a delay.

If I don't respond in 48 hours Please Personally Message Me.

If you don't hear back after 3 days, please post: HERE

 

I am a Volunteer and do my best to be here. This is sometimes interrupted by sleep, eating, outages.......

 

 

 

Cheers,

 

 

 

Kilt :thumbup2: 

 

 

 

:santa: I'd like to wish all Bleeping Computer Members a Very Merry Christmas and a Happy New Year! :santa:


Edited by Unworn_Kilt, 22 December 2017 - 05:38 AM.

PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#3 lapsedhibee

lapsedhibee
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 22 December 2017 - 08:40 AM

Many thanks, UK.

 

Before posting I had "Repaired" my AVG installation, which did not improve matters.  Before embarking on the steps above I completely re-installed AVG, which did appear to improve matters a bit. But it did not cure the problem, as my laptop crashed just at the end of my first ESET online scan (nearly 2 hours worth of scanning but no chance to save any details). The second ESET scan did complete and found 2 threats, of which I think I only managed to clean 1.

 

My laptop seems to be behaving much better now than it was a day ago, but I will be grateful if you can have a look through the logs below and advise if you think any further action might be useful.  I have updated Java.

 

 

 

Rkill 2.9.1 by Lawrence Abrams (Grinler)
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 12/22/2017 10:49:40 AM in x64 mode.
Windows Version: Windows 10 Home 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 12/22/2017 10:50:11 AM
Execution time: 0 hours(s), 0 minute(s), and 30 seconds(s)
 
 
 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Windows Defender   
AVG Antivirus      
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 144  
 Java version 32-bit out of Date!
 Google Chrome (63.0.3239.84) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 AVG Antivirus AVGUI.exe  
 Malwarebytes Anti-Malware mbamtray.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
 
 

C:\$WINDOWS.~BT\NewOS\Program Files (x86)\Panasonic\PBX Web Manager\bin\PROCESS.EXE Win32/PrcView potentially unsafe application
C:\Program Files (x86)\Panasonic\PBX Web Manager\bin\PROCESS.EXE Win32/PrcView potentially unsafe application
 
 
 

# AdwCleaner 7.0.6.0 - Logfile created on Fri Dec 22 13:03:50 2017
# Updated on 2017/21/12 by Malwarebytes 
# Database: 12-21-2017.1
# Running on Windows 10 Home (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
PUP.Optional.Legacy, C:\ProgramData\AVG Security Toolbar
PUP.Optional.Legacy, C:\ProgramData\Application Data\AVG Security Toolbar
PUP.Optional.Legacy, C:\Users\All Users\AVG Security Toolbar
 
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ak.staticimgfarm.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\azlyrics.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\bringmesports.dl.tb.ask.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\chatango.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cloudfront.net
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d10lpsik1i8c69.cloudfront.net
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d16fk4ms6rqz1v.cloudfront.net
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d1af033869koo7.cloudfront.net
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d22j4fzzszoii2.cloudfront.net
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d30ke5tqu2tkyx.cloudfront.net
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d3l3lkinz3f56t.cloudfront.net
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\findit.scotsman.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\inboxace.dl.tb.ask.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\land.pckeeper.software
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\metrolyrics.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pckeeper.software
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\st.chatango.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\st.chatango.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ttdetect.staticimgfarm.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\videodownloadconverter.dl.tb.ask.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.azlyrics.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.metrolyrics.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d10lpsik1i8c69.cloudfront.net
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d16fk4ms6rqz1v.cloudfront.net
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d3l3lkinz3f56t.cloudfront.net
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\findit.edinburghnews.scotsman.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d10lpsik1i8c69.cloudfront.net
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d16fk4ms6rqz1v.cloudfront.net
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d3l3lkinz3f56t.cloudfront.net
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\findit.edinburghnews.scotsman.com
PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | Start Page [https:\\mysearch.avg.com\?cid={97DA1DDB-4F1C-41D2-A91A-E2209F08914E}&mid=d4d9a8c15fb147cdb794f5ffbbdee7b8-7e213c19d6b8cfabda196eaeb659d6d4d06f41f4&lang=en&ds=AVG&coid=avgtbavg&cmpid=0716tb&pr=fr&d=2016-03-10 22:51:20&v=4.3.1.831&pid=wtu&sg=&sap=hp]
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\AVG Secure Search
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
C:/AdwCleaner/AdwCleaner[C1].txt - [1522 B] - [2015/12/30 14:59:58]
C:/AdwCleaner/AdwCleaner[C2].txt - [866 B] - [2016/1/1 18:52:12]
C:/AdwCleaner/AdwCleaner[S1].txt - [1384 B] - [2015/12/30 14:57:47]
C:/AdwCleaner/AdwCleaner[S2].txt - [6717 B] - [2016/1/1 18:49:58]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt ##########
 
 
 

# AdwCleaner 7.0.6.0 - Logfile created on Fri Dec 22 13:05:14 2017
# Updated on 2017/21/12 by Malwarebytes 
# Running on Windows 10 Home (X64)
# Mode: clean
 
***** [ Services ] *****
 
No malicious services deleted.
 
***** [ Folders ] *****
 
Deleted: C:\ProgramData\AVG Security Toolbar
Deleted: C:\ProgramData\Application Data\AVG Security Toolbar
Deleted: C:\Users\All Users\AVG Security Toolbar
 
 
***** [ Files ] *****
 
No malicious files deleted.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ak.staticimgfarm.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\azlyrics.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\bringmesports.dl.tb.ask.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\chatango.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d10lpsik1i8c69.cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d16fk4ms6rqz1v.cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d1af033869koo7.cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d22j4fzzszoii2.cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d30ke5tqu2tkyx.cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d3l3lkinz3f56t.cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\findit.scotsman.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\inboxace.dl.tb.ask.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\land.pckeeper.software
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\metrolyrics.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pckeeper.software
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\st.chatango.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\st.chatango.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ttdetect.staticimgfarm.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\videodownloadconverter.dl.tb.ask.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.azlyrics.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.metrolyrics.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d10lpsik1i8c69.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d16fk4ms6rqz1v.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d3l3lkinz3f56t.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\findit.edinburghnews.scotsman.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d10lpsik1i8c69.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d16fk4ms6rqz1v.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d3l3lkinz3f56t.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\findit.edinburghnews.scotsman.com
Deleted: [Data] - HKCU\Software\Microsoft\Internet Explorer\Main|Start Page [https:\\mysearch.avg.com\?cid={97DA1DDB-4F1C-41D2-A91A-E2209F08914E}&mid=d4d9a8c15fb147cdb794f5ffbbdee7b8-7e213c19d6b8cfabda196eaeb659d6d4d06f41f4&lang=en&ds=AVG&coid=avgtbavg&cmpid=0716tb&pr=fr&d=2016-03-10 22:51:20&v=4.3.1.831&pid=wtu&sg=&sap=hp]
Deleted: [Key] - HKLM\SOFTWARE\AVG Secure Search
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries deleted.
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Proxy settings cleared
::TCP/IP settings cleared
::Firewall rules cleared
::IPSec settings cleared
::BITS queue cleared
::IE policies deleted
::Chrome policies deleted
::Hosts file cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[C1].txt - [1522 B] - [2015/12/30 14:59:58]
C:/AdwCleaner/AdwCleaner[C2].txt - [866 B] - [2016/1/1 18:52:12]
C:/AdwCleaner/AdwCleaner[S1].txt - [1384 B] - [2015/12/30 14:57:47]
C:/AdwCleaner/AdwCleaner[S2].txt - [6718 B] - [2016/1/1 18:49:58]
C:/AdwCleaner/AdwCleaner[S2]221217.txt - [6718 B] - [2017/12/22 13:4:29]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt ##########

 



#4 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:08:41 PM

Posted 22 December 2017 - 08:49 AM

G'day again,

 

Thanks for doing that. It looks like a good start.

 

I'd like to run a couple more tools just to make sure we haven't missed anything.

 

 

Now I'd like you to download the JRT (Junkware Removal Tool)HERE

Save it to your Desktop so it's handy.

 

  • Right click on the JRT.exe Icon and select "Run as Administrator."
  • A black box will open and ask you if you want to continue. Do so. (Hit Enter I believe.)
  • The tool will do some work. Just be patient please.
  • When it's finished, a report should pop up in Notepad.
  • Please copy and paste the contents of the report into your Reply.

 

Ignore any warnings about the tool containing viruses etc.

 

 

Then.....

 

 

Download Malwarebytes Anti-Rootkit (MBAR) to your desktop.

 

From Here: Malwarebytes Anti-Rootkit

  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"



NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.

 

 (My Thanks to Broni, Bleeping Computer Advisor for the use of the above, mostly pilfered without notice, MBAR Notes.

 

 

Finally, please re-run RKill and post back the logs.  <<<====

 

 

 

 

Please post back your results when you are done.

 


Edited by Unworn_Kilt, 22 December 2017 - 08:50 AM.

PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#5 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:08:41 PM

Posted 22 December 2017 - 10:22 AM

Hi There,

 

I just realised that it would be a good idea, when you have a minute, to do this too:

 

  • Go to Control Panel
  • Click on Internet Options
  • Click on the Advanced Tab
  • Click Restore Internet Explorer's Settings to their Default Condition => Click RESET.
  • Click Apply then OK.
  • Now Restart Internet Explorer
  • Now go back through the settings and tweak them to your liking. Try to think Security First!

 

That should help prevent sites storing so much junk.


PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#6 lapsedhibee

lapsedhibee
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 22 December 2017 - 10:24 AM

Thanks again UK

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64 
Ran by Keith (Administrator) on 22-Dec-17 at 14:49:50.83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
File System: 0 
 
Registry: 1 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} (Registry Key)
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22-Dec-17 at 14:52:12.67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2017.12.22.04
  rootkit: v2017.10.14.01
 
Windows 10 x64 NTFS
Internet Explorer 11.1944.14393.0
Keith :: DELL [administrator]
 
22-Dec-17 2:56:52 PM
mbar-log-2017-12-22 (14-56-52).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 292856
Time elapsed: 19 minute(s), 26 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 10.0.9200 Windows 10 x64
 
Account is Administrative
 
Internet Explorer version: 11.1944.14393.0
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.128000 GHz
Memory total: 6231363584, free: 3937611776
 
Downloaded database version: v2017.12.22.04
Downloaded database version: v2017.11.28.01
Initializing...
======================
Driver version: 4.3.0.15
------------ Kernel report ------------
     12/22/2017 14:56:46
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStor.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\system32\drivers\avgRvrt.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\avgSP.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\??\C:\WINDOWS\system32\drivers\mbae64.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\athwnx.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\rt640x64.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\Impcd.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\DRIVERS\HdAudio.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\drivers\USBSTOR.SYS
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\drivers\avgMonFlt.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\drivers\WpdUpFltr.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\Sftvolwin7.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\mqac.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\system32\DRIVERS\Sftfswin7.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\Sftplaywin7.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\drivers\tunnel.sys
\SystemRoot\system32\drivers\avgStm.sys
\SystemRoot\system32\DRIVERS\Sftredirwin7.sys
\SystemRoot\System32\Drivers\mbamswissarmy.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\273553F7.sys
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2017.12.22.04
  rootkit: v2017.10.14.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffff858e3e1f3060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffff858e3e1f2710, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffff858e3e1f3060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffff858e3da7e050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 254F6F15
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition is bootable
    Partition file system is NTFS
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 466886576
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 2 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 467093504  Numsec = 1765376
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 240057409536 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffff858e40d06060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffff858e40d0eae0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffff858e40d06060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffff858e4011c670, DeviceName: \Device\00000035\, DriverName: \Driver\USBSTOR\
------------ End ----------
File "C:\WINDOWS\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
Scan finished
=======================================
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-206848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-467093504-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 
 
 
 
Rkill 2.9.1 by Lawrence Abrams (Grinler)
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 12/22/2017 03:17:10 PM in x64 mode.
Windows Version: Windows 10 Home 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 12/22/2017 03:17:39 PM
Execution time: 0 hours(s), 0 minute(s), and 29 seconds(s)
 
 
 
 
LH
 
 


#7 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:08:41 PM

Posted 22 December 2017 - 10:40 AM

Great,

 

That's looking a lot better.

 

There's only one thing that's slightly bothering me: 

 

  • File "C:\WINDOWS\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)

It's probably nothing but I'll do a little research on it and let you know if we need to do anything else.

 

 

So, how's the computer running now?

 

 

We need to run some cleanup tools. They're pretty quick.

 

Please run this one, Delfix. It will remove some of the tools and has some other settings too. Download:  HERE

 

Please Select(In addition to the Default Remove Disinfection Tools:)

 

  • Activate UAC
  • Create Registry Backup
  • Purge System Restore
  • Reset System Settings

 

 

It's a pleasure helping you. You've been a textbook case. Thanks!

 

Take a break and have a Truly Great Christmas and Very Happy New Year!!

 

 

Cheers,

 

 

 

Kilt   :thumbup2:

 

 

 

 

:santa: I'd like to wish all Bleeping Computer Members a Very Merry Christmas and a Happy New Year! :santa:


PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#8 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:08:41 PM

Posted 22 December 2017 - 10:42 AM

Activate UAC and Backup Registry are Optional.


PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#9 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:08:41 PM

Posted 22 December 2017 - 10:51 AM

Keep an Eye on the System over the next few days.

 

If there are any signs of problems, please post back here again and I'll grab your Topic as soon as I can.

 

I'll be taking a break shortly, but back after a bit of sleep.

 

You're about as Clean as I can get you with the tools available to me.

 

Take care!!


PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#10 lapsedhibee

lapsedhibee
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 22 December 2017 - 11:08 AM

Many thanks for your efforts UK. My system is running fine just now and if it deteriorates over the next days I'll get back to you.

 

Enjoy your break.

 

LH



#11 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:08:41 PM

Posted 22 December 2017 - 11:11 AM

Thank you my friend. You take some downtime too.

 

Do you do any data sharing with a workplace or school, college or such?

 

I'm still thinking on that line I mentioned.

 

I don't expect problems though.

 

Take it easy.

 

 

Kilt


PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#12 lapsedhibee

lapsedhibee
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 22 December 2017 - 11:54 AM

Do you do any data sharing with a workplace or school, college or such?

 

I'm still thinking on that line I mentioned.

 

Laptop is used occasionally on customer premises for work (programming Panasonic telephone systems) but not really data sharing, no.  (It might have been plugged into a customer's network switch/router once or twice to gain internet access.)



#13 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:08:41 PM

Posted 22 December 2017 - 07:09 PM

Thanks for clarifying that.

 

Have a great Christmas!


PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users