Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My virus wont let me open my antivirus software, or open certain programs.


  • This topic is locked This topic is locked
13 replies to this topic

#1 xooxghostxoox

xooxghostxoox

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 07 January 2018 - 10:45 PM

Ive had this virus for a few days now and have tried just about everything, i was just going to to a clean reinstall of my os but cant even make a media creation disk, i get an error. i even had a buddy make one for me but my pc is so corrupted that it wont even boot the usb. someone please help me here. 



BC AdBot (Login to Remove)

 


#2 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 8,103 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:10:30 AM

Posted 07 January 2018 - 11:15 PM

Not knowing what OS you're using makes this possibly not applicable, but if it's Windows 10:

 

https://support.microsoft.com/en-us/help/17466/windows-defender-offline-help-protect-my-pc 

 

An offline scan, if you can trigger it, runs before the OS is loaded and can nuke things that cannot be touched once the OS is loaded and the virus/malware is active.


Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

      Memory is a crazy woman that hoards rags and throws away food.

                    ~ Austin O'Malley

 

 

 

              

 


#3 xooxghostxoox

xooxghostxoox
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 08 January 2018 - 01:29 AM

it is windows 10, and i cant turn on real time protection, i get errors every time, is there anyway you can check out whats going on via FRST.exe? and i cant do the offline scan.


Edited by xooxghostxoox, 08 January 2018 - 01:32 AM.


#4 xooxghostxoox

xooxghostxoox
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 08 January 2018 - 09:36 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.01.2018
Ran by Ghosty (administrator) on DESKTOP-UD61PDT (08-01-2018 18:35:01)
Running from C:\Users\Ghosty\Desktop
Loaded Profiles: Ghosty (Available Profiles: Ghosty)
Platform: Windows 10 Home Version 1709 16299.15 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(TOSHIBA CORPORATION) C:\Windows\System32\spobkztsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe
() C:\Users\Ghosty\AppData\Local\psoumrn\psoumrn.exe
() C:\Users\Ghosty\AppData\Local\psoumrn\gggggg.exe
() C:\Users\Ghosty\AppData\Local\auorckv\dwnumvs.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [58824184 2018-01-06] (Discord Inc.)
HKLM-x32\...\Run: [AutorunRemover.exe] => C:\Program Files (x86)\AutorunRemover\AutorunRemover.exe [1929216 2013-05-22] ()
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2700948461-3225110850-4095052298-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-2700948461-3225110850-4095052298-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10249048 2017-12-13] (Piriform Ltd)
HKU\S-1-5-21-2700948461-3225110850-4095052298-1001\...\Run: [Discord] => C:\Users\Ghosty\AppData\Local\Discord\app-0.0.299\Discord.exe [57954808 2017-12-11] (Discord Inc.)
HKU\S-1-5-21-2700948461-3225110850-4095052298-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [5345672 2017-12-21] (Nota Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Genie.lnk [2018-01-06]
ShortcutTarget: NETGEAR WNA3100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe ()
Startup: C:\Users\Ghosty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\slowdown.lnk [2018-01-06]
ShortcutTarget: slowdown.lnk -> C:\Program Files (x86)\Spang\tenors.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{7c40171d-e9ee-4f9f-8031-ff4e27d19b31}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
 
FireFox:
========
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-12-15] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-12-15] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-01-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-01-06] (Google Inc.)
 
Chrome: 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by Ghosty (08-01-2018 18:35:27)
Running from C:\Users\Ghosty\Desktop
Windows 10 Home Version 1709 16299.15 (X64) (2018-01-06 08:50:57)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2700948461-3225110850-4095052298-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2700948461-3225110850-4095052298-503 - Limited - Disabled)
Ghosty (S-1-5-21-2700948461-3225110850-4095052298-1001 - Administrator - Enabled) => C:\Users\Ghosty
Guest (S-1-5-21-2700948461-3225110850-4095052298-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2700948461-3225110850-4095052298-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 17.01 beta (x64) (HKLM\...\7-Zip) (Version: 17.01 beta - Igor Pavlov)
Autorun Virus Remover 3.2 (HKLM-x32\...\Autorun Virus Remover_is1) (Version:  - Autorun Remover)
CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform)
Discord (HKU\S-1-5-21-2700948461-3225110850-4095052298-1001\...\Discord) (Version: 0.0.299 - Discord Inc.)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Gyazo 3.3.5 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-2700948461-3225110850-4095052298-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM-x32\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 2.2.0.4 - NETGEAR)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 388.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.71 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.11.0.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.11.0.73 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.71 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8302 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.3.1 - Rockstar Games)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.0.6447 - TeamViewer)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2700948461-3225110850-4095052298-1001_Classes\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InprocServer32 -> C:\Users\Ghosty\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\amd64\FileCoAuthLib64.dll => No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers3-x32: [FAExt] -> {05672D66-9736-42F5-8BEB-FA1DD3CA51C4} => C:\Program Files (x86)\FileASSASSIN\FileASSASSINExt.dll [2007-03-30] (Malwarebytes)
ContextMenuHandlers3-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-12-15] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0435D154-C842-4E62-B6F2-5DB015A51D36} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-12-13] (Piriform Ltd)
Task: {08929C07-7208-49C2-92D8-676470328C1A} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-12-13] (Piriform Ltd)
Task: {202B66D1-6A6D-49FD-AE68-4FDBDC517F85} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-06] (Google Inc.)
Task: {3F8A72C7-5EDB-4D9C-AC78-A9A98825438B} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-11-15] (NVIDIA Corporation)
Task: {6B97F659-7EA2-4BAD-99EE-44F574D0BB77} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-12-21] (Nota Inc.)
Task: {6D008E08-DB4C-410F-B74B-14A0F6B4961F} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-11-15] (NVIDIA Corporation)
Task: {84771F3B-A587-4DAD-88F1-A38E2456606B} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-11-15] (NVIDIA Corporation)
Task: {8D480B4D-CE44-433D-9126-24EF9FEC920A} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2700948461-3225110850-4095052298-1001 => C:\Users\Ghosty\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {A6A313D6-0BBD-4A1B-B7DB-0C61868714C3} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-11-15] (NVIDIA Corporation)
Task: {C87A57DC-4E64-4C5E-87E3-65A8509CD427} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-06] (Google Inc.)
Task: {CCA27A40-B77B-467A-A085-3BACF99D860C} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-11-15] (NVIDIA Corporation)
Task: {CFFF9A3B-3B8E-440B-87BD-7159F4AB81CD} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-11-15] (NVIDIA Corporation)
Task: {EA7CA319-C702-49BF-8A7C-7C6C15BFA851} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-12-21] (Nota Inc.)
Task: {ECC2B79F-78CD-4677-B2CE-D08221AB338B} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-11-15] (NVIDIA Corporation)
Task: {EEF97A86-1D42-4E51-BF8B-ACF1D2D9F735} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-11-15] (NVIDIA Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-29 05:41 - 2017-09-29 05:41 - 000184432 _____ () C:\Windows\SYSTEM32\inputhost.dll
2018-01-06 01:02 - 2014-08-18 17:50 - 000316120 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
2018-01-06 11:33 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-01-06 11:33 - 2017-11-29 09:11 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-09-29 05:42 - 2017-09-29 06:43 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-09-29 05:42 - 2017-09-29 06:43 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-01-06 01:33 - 2018-01-06 01:34 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-01-06 01:33 - 2018-01-06 01:34 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-01-06 01:33 - 2018-01-06 01:34 - 024670720 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-01-06 01:33 - 2018-01-06 01:34 - 002550272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\skypert.dll
2018-01-06 01:02 - 2014-08-18 17:49 - 008274648 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
2018-01-06 01:07 - 2018-01-03 01:20 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libglesv2.dll
2018-01-06 01:07 - 2018-01-03 01:20 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libegl.dll
2018-01-06 01:02 - 2015-02-26 20:19 - 000380928 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiLib.dll
2018-01-06 01:47 - 2017-11-28 21:09 - 000781088 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2018-01-06 01:47 - 2017-12-15 11:59 - 002558752 _____ () C:\Program Files (x86)\Steam\video.dll
2018-01-06 01:47 - 2016-08-31 17:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2018-01-06 01:47 - 2017-11-03 17:54 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2018-01-06 01:47 - 2017-11-03 17:54 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2018-01-06 01:47 - 2017-11-03 17:54 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2018-01-06 01:47 - 2017-11-03 17:54 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2018-01-06 01:47 - 2017-11-03 17:54 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2018-01-06 01:47 - 2016-08-31 17:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2018-01-06 01:47 - 2016-08-31 17:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2018-01-06 01:47 - 2017-12-15 11:59 - 000904992 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2018-01-06 01:47 - 2016-07-04 14:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2018-01-06 01:48 - 2017-09-06 18:04 - 000678400 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2018-01-06 01:48 - 2017-10-30 20:44 - 071471904 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2018-01-06 01:47 - 2015-09-24 15:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2018-01-06 01:02 - 2014-07-22 10:18 - 000278528 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll
2018-01-06 15:44 - 2017-11-15 17:37 - 066906744 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Geforce Experience\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-09-29 05:46 - 2018-01-06 11:40 - 000000830 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2700948461-3225110850-4095052298-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{4494D50E-3F91-440C-8D15-962DB31C34AE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C166E1E9-53FD-4A0E-A209-DC4D1388D5BE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{130A14CE-C53F-442B-8C7F-3DBCAD9E6D5D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{1B5D20C8-2B96-4AC6-A380-25B87201602D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{9662C48E-2362-445B-9A2F-70136E169BEE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{059B853F-1E98-40D3-A17F-9007E77AB6CD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{C33EBACF-B2CA-49CC-ADF8-946728D471EC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{F198E742-A86C-4E6B-80BD-94816DE9C065}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{F799C479-EFB5-40EB-A362-3C2F31CA2C16}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{0A1956C1-8C2F-4083-9083-6CDD3C727135}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{B5D937AE-00B9-44D5-A8A0-68CC4ED8D760}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{D09F650D-5BA6-4DCE-8A4F-FBB5FF78696E}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{83E4266D-701D-4330-8348-DAA1E0AC7BF0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D751D61E-13AE-48FE-A062-2139D333B955}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9B269E30-35B9-4461-AD21-C620C591299D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{4E031919-EA28-406C-B4C1-E5EF14AB0DF3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{69AE5E25-B311-424C-A359-A86AAA3247F0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{CDB7CFFD-5459-4DFC-B7EF-338AE6EB7DBE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D6C796CF-F34D-4581-9DAA-AD30B3AEF0F6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{549F7DEE-A0EA-4EB1-AF63-43A72959E2DF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/08/2018 06:31:35 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (01/08/2018 06:31:35 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (01/07/2018 10:40:50 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (01/07/2018 10:40:50 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (01/07/2018 10:40:50 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (01/07/2018 10:25:48 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (01/07/2018 09:04:28 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (01/07/2018 09:04:28 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (01/07/2018 06:57:48 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 13) (User: DESKTOP-UD61PDT)
Description: C:\Users\Ghosty\AppData\Local\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\LocalStateMicrosoft.SkypeApp_kzf8qxf38zg5c-2147024894
 
Error: (01/07/2018 08:55:11 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=NetworkAvailable
 
 
System errors:
=============
Error: (01/08/2018 06:34:13 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (01/08/2018 06:34:13 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (01/08/2018 06:34:13 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (01/08/2018 06:34:13 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (01/08/2018 06:34:13 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (01/08/2018 06:34:13 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (01/08/2018 06:34:13 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (01/08/2018 06:34:13 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (01/08/2018 06:34:13 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (01/08/2018 06:34:13 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
 
CodeIntegrity:
===================================
  Date: 2018-01-07 22:47:02.879
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Users\Ghosty\Desktop\anti-malware-setup.exe that did not meet the Unchecked signing level requirements.
 
  Date: 2018-01-07 22:47:02.835
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Users\Ghosty\Desktop\anti-malware-setup.exe that did not meet the Unchecked signing level requirements.
 
  Date: 2018-01-07 22:47:02.835
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Users\Ghosty\Desktop\anti-malware-setup.exe that did not meet the Unchecked signing level requirements.
 
  Date: 2018-01-07 22:46:01.842
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Users\Ghosty\Desktop\anti-malware-setup.exe that did not meet the Unchecked signing level requirements.
 
  Date: 2018-01-07 22:46:01.825
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Users\Ghosty\Desktop\anti-malware-setup.exe that did not meet the Unchecked signing level requirements.
 
  Date: 2018-01-07 22:46:01.825
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Users\Ghosty\Desktop\anti-malware-setup.exe that did not meet the Unchecked signing level requirements.
 
  Date: 2018-01-06 20:34:40.945
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-06 17:36:30.083
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2018-01-06 17:36:22.585
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2018-01-06 17:36:06.349
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD Ryzen 7 1700X Eight-Core Processor 
Percentage of memory in use: 20%
Total physical RAM: 16332.38 MB
Available physical RAM: 12976.7 MB
Total Virtual: 19276.38 MB
Available Virtual: 15947.34 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:55.3 GB) (Free:23.97 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:297.26 GB) (Free:296.86 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:931.39 GB) (Free:931.18 GB) NTFS
Drive f: (WDO_MEDIA32) (Removable) (Total:31.99 GB) (Free:31.71 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 55.9 GB) (Disk ID: 71FDF568)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: BDCFAC41)
Partition 1: (Not Active) - (Size=297.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=847 MB) - (Type=27)
 
========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 71FDF510)
 
Partition: GPT.
 
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 58.6 GB) (Disk ID: 9DC412F1)
Partition 1: (Active) - (Size=32 GB) - (Type=0C)
 
==================== End of Addition.txt ============================


#5 xooxghostxoox

xooxghostxoox
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 08 January 2018 - 09:38 PM

I cant enable my antivirus, i get unknown errors. please help me



#6 xooxghostxoox

xooxghostxoox
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 08 January 2018 - 09:42 PM

all i need is someone who has some it experience to write me a fixlist.txt



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,000 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:30 AM

Posted 09 January 2018 - 10:11 AM

Greetings xooxghostxoox and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 xooxghostxoox

xooxghostxoox
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 09 January 2018 - 02:01 PM

i am still here, and the name's Devin.. I could really use your help.

 

Ps. these are what I believe to be the virus'es psournm,audvlnm,auorckv. I attached a photo file down below so you can see what im talking about. psournm pops up as windows process manager in my taskes/processes, when its running it makes my cpu jump to 99%. so if you could help me out here that would be nice..Attached File  602fd8bee49da245bbea4c9d2291b879.png   298.92KB   0 downloads


Edited by xooxghostxoox, 09 January 2018 - 02:28 PM.


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,000 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:30 AM

Posted 09 January 2018 - 02:35 PM

Thank you for your patience Devin.

Please do this.

===================================================

MGADiag Tool

-------------------
  • Download MGADiag Tool and save it to your desktop
  • Right click on the icon and select Run as administrator
  • Click Continue
  • Once completed a Microsoft Genuine Advantage Diagnostic Tool screen will open
  • Click the Windows tab and click Copy
  • Paste the information in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • WGA information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 xooxghostxoox

xooxghostxoox
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 09 January 2018 - 05:14 PM

Microsoft Genuine Advantage Diagnostic Tool
---------------------------
Failed to create output files, hr = 0x80070002. Please contact support.
---------------------------
 
It wont let me copy,

Edited by Oh My!, 09 January 2018 - 05:18 PM.


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,000 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:30 AM

Posted 09 January 2018 - 05:22 PM

Thank you.

I removed the screenshot. There is an issue with your Windows activation. Do you have the Product Key number attached to your computer? Don't post it, just let me know.

Let's do this first.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
() C:\Users\Ghosty\AppData\Local\psoumrn
() C:\Users\Ghosty\AppData\Local\auorckv
ShortcutTarget: slowdown.lnk -> C:\Program Files (x86)\Spang\tenors.exe (No File)
C:\Program Files (x86)\Spang
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Product key?
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 xooxghostxoox

xooxghostxoox
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 09 January 2018 - 05:28 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by Ghosty (09-01-2018 14:25:17) Run:2
Running from C:\Users\Ghosty\Desktop
Loaded Profiles: Ghosty (Available Profiles: Ghosty)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
                                                                                                                                                                                                                                                                     
*****************
 
 
 
 = = = =   E n d   o f   F i x l o g   1 4 : 2 5 : 1 7   = = = =
 
 
 
 
 
 
 
 
 
 
 
 
 
 
No product key, that is how this whole mess started, I didnt have 100 dollars to purchase a key so I downloaded a kms activator which had a trojan on it.. 


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,000 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:30 AM

Posted 09 January 2018 - 05:32 PM

Unfortunately without a valid Windows Product Key and successful Windows Activation I will be unable to assist you.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,000 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:30 AM

Posted 11 January 2018 - 05:56 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users