Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problems with Windows 10


  • Please log in to reply
9 replies to this topic

#1 wire_jp

wire_jp

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 26 April 2018 - 02:08 AM

Hello,

 

Since January 2018, I hav been receiving Windows 10 Update notifications to install the latest updates of Windows 10 software, as it will no longer support my current Windows Edge version from April 10, 2018. I have tried countless times (probably about 35 times to run these updates, the installation process always stops around 45 percent mark).

 

I google searched the problem on the web and I followed some instructions to clear all of my Windows Edge history and perform a sfc /scannow in the Windows PowerShell. It pointed out to me that there are some files in Windows edge which are corrupted. I also created a second user account. I resisted using the new user account, as all of my files are in the current (corrupted) account and I didn't have the time to migrate over to the new user account. After using the corrupted user account for some time, I had downloaded Snag software in the past and I was now getting a sudden error message that "SnagPriv.exe" cannot be found. I found some online instructions to fix the problem by right clicking on the Properties of "SnagPriv.exe" and going to the General tab, to check the box to Run as administrator. However, this did not solve the problem, as every time when I start my computer, this error message still pops up.

 

I now have another problem where I no longer have Administrator rights to my PC. When I try to uninstall any programs, I get an error message. Tonight, I was unable to type a message in the Windows Edge search box,while I was browsing the web. I found some temporary online solution to fix the problem,

 

In my desperation, I google searched for online antivirus diagnostic tools and I downloaded ESET SysInspector Tool, and it ran a diagnostic scan of my harddrive. The results of the scan, highlighted in red some unknown files in my hostfile.

 

Whenever, I try to shut down my PC, it does not shut down. Instead it boots to the sign-in screen to login to the PC desktop. So I have to manually turn off my PC.

 

Can you help me with these issues.

 

Regards


Edited by britechguy, 26 April 2018 - 09:11 AM.
Moved from Win10 Support to AII. Suspect infection.


BC AdBot (Login to Remove)

 


#2 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 8,135 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:08:12 PM

Posted 26 April 2018 - 09:14 AM

I have moved this post from the Windows 10 Support forum to this forum as this has the hallmarks of damage from an unaddressed infection.

 

My own opinion is that far too much time has been spent fixing symptoms rather than addressing what is the likely problem and that the damage that's been done is not likely to be easily repaired and may require an entirely clean installation of Windows 10 after having backed up your user data and having made an inventory of the apps and application programs you need to reinstall.  After restoring your user data a thorough scan of same should be made.

 

Others may have different advice.


Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

      Memory is a crazy woman that hoards rags and throws away food.

                    ~ Austin O'Malley

 

 

 

              

 


#3 wire_jp

wire_jp
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 26 April 2018 - 10:48 AM

Thank you for the advice. Can you kindly provide me with the steps to do these tasks (I am a novice)?

Thanks

#4 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,601 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:05:12 PM

Posted 26 April 2018 - 12:05 PM

Please run the scans suggested below in the order that they are requested and post the logs in the same order.  Unless otherwise instructed post the logs in your topic, do not use a host website to post these logs.   Please do not wrap your logs in quotes or code brackets or use use spoilers.


Please download and run RKill

RKill attempts to terminate known malware processes so that your normal security software can then run and clean your computer of infections.  RKill will not remove any of the processes it stops, you will need to run security scans to remove any malware found.  These settings will remain until the computer is rebooted, for this reason you must run your security applications before the computer is restarted.  

Please download RKill and install it.

When RKill is run it will display a console screen similar to the one below:

Z40Tp3r.png

After this has run you will see another image explaining that RKill has finished running and you should be able to run the scan.  You need to click/tap on OK.

2Q1rnlf.png

When RKill has finished running a log will be displayed showing all of the processes that were terminated by RKill.

AttentionAt this time you need to run your security applications listed below.  When the scan has finished running a lot will be posted in Notepad.  Copy and paste this log in your topic.

Importanat: There is a possibility that malware may recognize RKill and keep it from running, if this is the case do the following.

If while RKill is running you may see a message from the malware stating that the program could not be run because it is a virus or is infected.  This is the malware trying to protect itself.  Two methods that you can try to get past this and allow RKill to run are:

1)  Rename Rkill so that it has a .com extension.

2)  Download a version that is already renamed as files that are commonly white-listed by malware. The main Rkill download page contains individual links to renamed versions.  

After the application has run successfully and you have run the requested scans you should reboot the computer to restore the processes and Windows Registry entries.


Please run TDSSKiller.
 
Please download TDSSKiller from here and save it to your Desktop.

The log for the TDSSKiller can be very long.  If you go to the bottom of the log to where you find Scan finished you will see the results of the scan.  If it shows Detected object count: 0 and Actual detected object count: 0, this means that nothing malicious was found and you will not need to post the log.
 
1.  Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
 
2.  Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system.
 
If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now.
 
3.  Click Start Scan and allow the scan process to run.

yEt9i3P.png
 
4.  If threats are detected select Cure (if available) for all of them unless otherwise instructed.  If threats are not found you will see a screen like the one below.

DOrb0BK.png
 
***Do NOT select Delete!

Click on Continue.
 
5.  Click on Reboot computer.
 
Please copy the TDSSKiller.[Version]_[Date]_[Time]_log.txt file found in your root directory (in most cases this is c: Drive) and paste it into your next reply.

Note:  The log may be very long.  You may need to break it into parts to post the whole log in your topic.



Please run Malwarebytes AntiMalware

Please download Malwarebytes Anti-Malware 2.2.

1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.

2)  Malwarebytes will automatically open.  You will see an image like the one below, click on Update Now.  

4YSU8ND.png

3)  Click on Settings, you will see a image like the one below.

35AFYEE.png

When Settings opens click on Detection and Protection, then under Non-Malware Protection, click on the down arrow for PUP (Potentially Unwanted Programs) detections and select Treat detections as malware.  Under Detection Options place a check in the box for Scan for rootkits

4)  Click on Scan (next to Settings), then click on Scan Now.  The scan will automatically run now.

5)  When the scan is complete the results will be displayed.  Click on Delete All.

jEVtTTK.png

6)  Please post the Malwarebytes log.

To find the Malwarebytes log do the following.  Copy and paste the log in your topic.

*Open Malwarebytes Anti-Malware.
*Click the Scan Tab at the top.
*Click the View detailed log link on the right.
*Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
*Alternatively, you can click Export and save the log as a .txt file on yout Desktop or another location.
*Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Please download AdwCleaner and install it.

When AdwCleaner opens click on Scan to start the scan.

ZQk62WV.png

Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.

If there are no malicious programs are found you will receive a message informing you of this.  
 
Click on Clean to remove the selected items.  If you have any questions about any items in the list please copy and paste the list in your topic so we can review it.  

CsqnoTW.png
 
You will receive a message telling you that all programs will be closed so that the infections can be removed.  Click on OK.  The computer will be restarted to complete the cleaning process.
 
When the cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your topic.


Please run the ESET OnlineScan

This scan takes quite a long time to run, so be prepared to allow this to run
till it is completed.

***Please note. If you run this scan using Internet Explorer you won't need
to download the Eset Smartinstaller.***

ESET Online Scanner

  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that
    here
    .
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology

  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • If threats are found click on Save to text file in Documents.
  • Open Documents, find the report, copy and paste it in your topic.









 


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#5 wire_jp

wire_jp
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 26 April 2018 - 03:48 PM

Hi dc3,

 

Thank you for the links. I cannot get none of the RKill links to work (even the RKill.com link) as they appear with the administrator icon (at the bottom of the RKill icon). When I try to double-click on the RKill icon, I get the message: -

 

Windows cannot find: 'C:\Users\Download\RKill.exe'. Make sure you typed the name correctly, and try again.

 

Regards.



#6 wire_jp

wire_jp
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 27 April 2018 - 05:08 AM

Hello,

 

I tried to open the antivirus programs in safe mode, but it still did not work. I already had Spybot - Search & Destroy on my PC installed, and I performed a scan log using this software. The scan logs are attached.

 

1st Scan is below: -

Search results from Spybot - Search & Destroy
4/27/2018 4:17:33 AM
Scan took 00:48:29.
10 items found.
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\wire_jp\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AZQTL7PD\#AppContainer\mpsnare.iesnare.com\stm.sol
  Category=Tracks
  ThreatLevel=2
  Weblink=http://forums.spybot.info/forumdisplay.php?54
  Properties.size=79
  Properties.md5=A8AEB75819958ECCC986A17F30B282D4
  Properties.filedate=1524745275
  Properties.filedatetext=2018-04-26 12:21:14
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1748551376-4089309731-517978228-1258\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
  Category=Tracks
  ThreatLevel=2
  Weblink=http://forums.spybot.info/forumdisplay.php?54
MS Management Console: [SBI $ECD50EAD] Recent command list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1748551376-4089309731-517978228-1258\Software\Microsoft\Microsoft Management Console\Recent File List
  Category=Tracks
  ThreatLevel=2
  Weblink=http://forums.spybot.info/forumdisplay.php?54
MS Office 10.0: [SBI $A0473B14] Access recent file (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1748551376-4089309731-517978228-1258\Software\Microsoft\Office\10.0\Access\Settings
  Category=Tracks
  ThreatLevel=2
  Weblink=http://forums.spybot.info/forumdisplay.php?54
Windows Explorer: [SBI $7308A845] Run history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1748551376-4089309731-517978228-1258\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
  Category=Tracks
  ThreatLevel=2
  Weblink=http://forums.spybot.info/forumdisplay.php?54
Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1748551376-4089309731-517978228-1258\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
  Category=Tracks
  ThreatLevel=2
  Weblink=http://forums.spybot.info/forumdisplay.php?54
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1748551376-4089309731-517978228-1258\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
  Category=Tracks
  ThreatLevel=2
  Weblink=http://forums.spybot.info/forumdisplay.php?54
Cookie: [SBI $49804B54] Browser: Cookie (8) (Browser: Cookie, nothing done)
 
  Category=Browser
  ThreatLevel=1
  Weblink=http://forums.spybot.info/forumdisplay.php?54
Cache: [SBI $49804B54] Browser: Cache (140) (Browser: Cache, nothing done)
 
  Category=Browser
  ThreatLevel=1
  Weblink=http://forums.spybot.info/forumdisplay.php?54
History: [SBI $49804B54] Browser: History (52) (Browser: History, nothing done)
 
  Category=Browser
  ThreatLevel=1
  Weblink=http://forums.spybot.info/forumdisplay.php?54

--- Spybot - Search & Destroy version: 2.6.46.134  DLL (build: 20170523) ---
2017-05-23 blindman.exe (2.6.46.151)
2017-05-23 explorer.exe (2.6.46.181)
2017-05-23 SDBootCD.exe (2.6.46.109)
2017-05-23 SDCleaner.exe (2.6.46.110)
2017-05-23 SDDelFile.exe (2.6.46.94)
2017-05-23 SDFiles.exe (2.6.46.135)
2017-05-23 SDFileScanHelper.exe (2.6.46.1)
2017-05-23 SDFSSvc.exe (2.6.46.217)
2017-05-23 SDHelp.exe (2.6.46.1)
2017-05-23 SDHookHelper.exe (2.6.46.2)
2017-05-23 SDHookInst32.exe (2.6.46.2)
2017-05-23 SDHookInst64.exe (2.6.46.2)
2017-05-23 SDImmunize.exe (2.6.46.130)
2017-05-23 SDLogReport.exe (2.6.46.107)
2017-05-23 SDOnAccess.exe (2.6.46.11)
2017-05-23 SDPESetup.exe (2.6.46.3)
2017-05-23 SDPEStart.exe (2.6.46.86)
2017-05-23 SDPhoneScan.exe (2.6.46.28)
2017-05-23 SDPRE.exe (2.6.46.22)
2017-05-23 SDPrepPos.exe (2.6.46.15)
2017-05-23 SDQuarantine.exe (2.6.46.103)
2017-05-23 SDRootAlyzer.exe (2.6.46.116)
2017-05-23 SDSBIEdit.exe (2.6.46.39)
2017-05-23 SDScan.exe (2.6.46.181)
2017-05-23 SDScript.exe (2.6.46.54)
2017-05-23 SDSettings.exe (2.6.46.141)
2017-05-23 SDShell.exe (2.6.46.2)
2017-05-23 SDShred.exe (2.6.46.108)
2017-05-23 SDSysRepair.exe (2.6.46.102)
2017-05-23 SDTools.exe (2.6.46.157)
2017-05-23 SDTray.exe (2.6.46.129)
2017-05-23 SDUpdate.exe (2.6.46.94)
2017-05-23 SDUpdSvc.exe (2.6.46.77)
2017-05-23 SDWelcome.exe (2.6.46.130)
2017-05-23 SDWSCSvc.exe (2.6.46.3)
2018-03-24 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2017-06-08 DelZip192.dll (2.6.46.132)
2017-05-12 libeay32.dll (2.6.46.11)
2012-09-10 libssl32.dll (1.0.0.4)
2017-05-23 NotificationSpreader.dll (2.6.46.4)
2017-05-23 SDAdvancedCheckLibrary.dll (2.6.46.98)
2017-05-23 SDAV.dll (2.6.46.1)
2017-05-23 SDECon32.dll (2.6.46.114)
2017-05-23 SDECon64.dll (2.6.46.0)
2017-05-23 SDEvents.dll (2.6.46.2)
2017-05-23 SDFileScanLibrary.dll (2.6.46.14)
2017-05-23 SDHook32.dll (2.6.46.2)
2017-05-23 SDHook64.dll (2.6.46.2)
2017-05-23 SDImmunizeLibrary.dll (2.6.46.2)
2017-05-23 SDLicense.dll (2.6.46.0)
2017-05-23 SDLists.dll (2.6.46.4)
2017-05-23 SDResources.dll (2.6.46.7)
2017-05-23 SDScanLibrary.dll (2.6.46.134)
2017-05-23 SDTasks.dll (2.6.46.15)
2017-05-23 SDWinLogon.dll (2.6.46.0)
2017-05-12 sqlite3.dll
2017-05-12 ssleay32.dll (2.6.46.11)
2017-05-23 Tools.dll (2.6.46.36)
2018-02-22 Includes\Adware-000.sbi (*)
2015-08-05 Includes\Adware-001.sbi (*)
2018-03-21 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-11-14 Includes\Dialer-000.sbi (*)
2014-11-14 Includes\Dialer-001.sbi (*)
2016-11-16 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2017-01-30 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2016-07-06 Includes\Fraud-003.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-11-14 Includes\Hijackers-000.sbi (*)
2014-11-14 Includes\Hijackers-001.sbi (*)
2018-03-07 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2016-05-27 Includes\Keyloggers-000.sbi (*)
2017-12-27 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2015-06-25 Includes\Malware-000.sbi (*)
2014-11-14 Includes\Malware-001.sbi (*)
2016-06-14 Includes\Malware-002.sbi (*)
2016-11-07 Includes\Malware-003.sbi (*)
2014-11-14 Includes\Malware-004.sbi (*)
2014-11-14 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2018-03-14 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-11-14 Includes\PUPS-000.sbi (*)
2017-06-14 Includes\PUPS-001.sbi (*)
2017-05-03 Includes\PUPS-002.sbi (*)
2018-03-21 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2017-09-27 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2015-11-11 Includes\Spyware-000.sbi (*)
2015-05-06 Includes\Spyware-001.sbi (*)
2018-01-03 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2017-06-28 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2017-10-25 Includes\Trojans-002.sbi (*)
2016-01-20 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2015-03-31 Includes\Trojans-006.sbi (*)
2017-12-01 Includes\Trojans-007.sbi (*)
2014-07-09 Includes\Trojans-008.sbi (*)
2014-07-09 Includes\Trojans-009.sbi (*)
2018-03-21 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2016-02-03 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
 
 

 

2nd Scan is below: -

 

 

Search results from Spybot - Search & Destroy
4/27/2018 5:26:05 AM
Scan took 00:40:13.
2 items found.
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1748551376-4089309731-517978228-1258\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
  Category=Tracks
  ThreatLevel=2
  Weblink=http://forums.spybot.info/forumdisplay.php?54
History: [SBI $49804B54] Browser: History (1) (Browser: History, nothing done)
 
  Category=Browser
  ThreatLevel=1
  Weblink=http://forums.spybot.info/forumdisplay.php?54

--- Spybot - Search & Destroy version: 2.6.46.134  DLL (build: 20170523) ---
2017-05-23 blindman.exe (2.6.46.151)
2017-05-23 explorer.exe (2.6.46.181)
2017-05-23 SDBootCD.exe (2.6.46.109)
2017-05-23 SDCleaner.exe (2.6.46.110)
2017-05-23 SDDelFile.exe (2.6.46.94)
2017-05-23 SDFiles.exe (2.6.46.135)
2017-05-23 SDFileScanHelper.exe (2.6.46.1)
2017-05-23 SDFSSvc.exe (2.6.46.217)
2017-05-23 SDHelp.exe (2.6.46.1)
2017-05-23 SDHookHelper.exe (2.6.46.2)
2017-05-23 SDHookInst32.exe (2.6.46.2)
2017-05-23 SDHookInst64.exe (2.6.46.2)
2017-05-23 SDImmunize.exe (2.6.46.130)
2017-05-23 SDLogReport.exe (2.6.46.107)
2017-05-23 SDOnAccess.exe (2.6.46.11)
2017-05-23 SDPESetup.exe (2.6.46.3)
2017-05-23 SDPEStart.exe (2.6.46.86)
2017-05-23 SDPhoneScan.exe (2.6.46.28)
2017-05-23 SDPRE.exe (2.6.46.22)
2017-05-23 SDPrepPos.exe (2.6.46.15)
2017-05-23 SDQuarantine.exe (2.6.46.103)
2017-05-23 SDRootAlyzer.exe (2.6.46.116)
2017-05-23 SDSBIEdit.exe (2.6.46.39)
2017-05-23 SDScan.exe (2.6.46.181)
2017-05-23 SDScript.exe (2.6.46.54)
2017-05-23 SDSettings.exe (2.6.46.141)
2017-05-23 SDShell.exe (2.6.46.2)
2017-05-23 SDShred.exe (2.6.46.108)
2017-05-23 SDSysRepair.exe (2.6.46.102)
2017-05-23 SDTools.exe (2.6.46.157)
2017-05-23 SDTray.exe (2.6.46.129)
2017-05-23 SDUpdate.exe (2.6.46.94)
2017-05-23 SDUpdSvc.exe (2.6.46.77)
2017-05-23 SDWelcome.exe (2.6.46.130)
2017-05-23 SDWSCSvc.exe (2.6.46.3)
2018-03-24 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2017-06-08 DelZip192.dll (2.6.46.132)
2017-05-12 libeay32.dll (2.6.46.11)
2012-09-10 libssl32.dll (1.0.0.4)
2017-05-23 NotificationSpreader.dll (2.6.46.4)
2017-05-23 SDAdvancedCheckLibrary.dll (2.6.46.98)
2017-05-23 SDAV.dll (2.6.46.1)
2017-05-23 SDECon32.dll (2.6.46.114)
2017-05-23 SDECon64.dll (2.6.46.0)
2017-05-23 SDEvents.dll (2.6.46.2)
2017-05-23 SDFileScanLibrary.dll (2.6.46.14)
2017-05-23 SDHook32.dll (2.6.46.2)
2017-05-23 SDHook64.dll (2.6.46.2)
2017-05-23 SDImmunizeLibrary.dll (2.6.46.2)
2017-05-23 SDLicense.dll (2.6.46.0)
2017-05-23 SDLists.dll (2.6.46.4)
2017-05-23 SDResources.dll (2.6.46.7)
2017-05-23 SDScanLibrary.dll (2.6.46.134)
2017-05-23 SDTasks.dll (2.6.46.15)
2017-05-23 SDWinLogon.dll (2.6.46.0)
2017-05-12 sqlite3.dll
2017-05-12 ssleay32.dll (2.6.46.11)
2017-05-23 Tools.dll (2.6.46.36)
2018-02-22 Includes\Adware-000.sbi (*)
2015-08-05 Includes\Adware-001.sbi (*)
2018-03-21 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-11-14 Includes\Dialer-000.sbi (*)
2014-11-14 Includes\Dialer-001.sbi (*)
2016-11-16 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2017-01-30 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2016-07-06 Includes\Fraud-003.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-11-14 Includes\Hijackers-000.sbi (*)
2014-11-14 Includes\Hijackers-001.sbi (*)
2018-03-07 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2016-05-27 Includes\Keyloggers-000.sbi (*)
2017-12-27 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2015-06-25 Includes\Malware-000.sbi (*)
2014-11-14 Includes\Malware-001.sbi (*)
2016-06-14 Includes\Malware-002.sbi (*)
2016-11-07 Includes\Malware-003.sbi (*)
2014-11-14 Includes\Malware-004.sbi (*)
2014-11-14 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2018-03-14 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-11-14 Includes\PUPS-000.sbi (*)
2017-06-14 Includes\PUPS-001.sbi (*)
2017-05-03 Includes\PUPS-002.sbi (*)
2018-03-21 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2017-09-27 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2015-11-11 Includes\Spyware-000.sbi (*)
2015-05-06 Includes\Spyware-001.sbi (*)
2018-01-03 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2017-06-28 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2017-10-25 Includes\Trojans-002.sbi (*)
2016-01-20 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2015-03-31 Includes\Trojans-006.sbi (*)
2017-12-01 Includes\Trojans-007.sbi (*)
2014-07-09 Includes\Trojans-008.sbi (*)
2014-07-09 Includes\Trojans-009.sbi (*)
2018-03-21 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2016-02-03 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
 

 



#7 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,601 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:05:12 PM

Posted 27 April 2018 - 09:22 AM

Please only do what has been requested
 
Do not run the scans in Safe Mode unless specifically requested.
 
Download and run Malwarebytes Antimalware.  Use the instructions I provided for this.  If you can't get RKill to install and run, run the requested scans without it.
 
Please do the following.
 
Right click on the Taskbar, move the mouse over Cortana, select Show search box.
 
When the search box is open type in RKill.
 
If RKill does not appear I would suggest opening the Control Panel and select Programs and Features to see if RKill in the list of programs.  If it still does not appear I would suspect that there was a problem with the download or installation.

Edited by dc3, 27 April 2018 - 09:22 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#8 wire_jp

wire_jp
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 27 April 2018 - 11:25 AM

Hello,

 

ok, I cannot install RKill, as I receive the error message: -

 

Windows cannot find 'C\Users\Desktop\BleepingComputer.com\RKill\rkill.com'. Make sure you typed the name correctly, and then try again.

 

I received the same message when I try to run TDSSKiller. When I try to install Malwarebytes and run the program, I received this error message: ShellExecuteEx failed; code 2. The system cannot find the file specified.

 

When I try to run the AdwCleaner program, I receive the error message: -

 

 

Windows cannot find 'C:\Users\Desktop\BleepingComputer.com\AdwCleaner\AdwCleaner.exe'. Make sure you typed the name correctly, and then try again.

 

For the ESET Online Scanner, when I clicked to open the program and checked the Yes, I accept the Terms of Use check box, and then press "Start", nothing happens and so I cannot use the program.

 

Kind regards



#9 wire_jp

wire_jp
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 29 April 2018 - 07:08 PM

Summary of the Scan Logs (Normal Mode):

 

RKill Scan:

 

Rkill 2.9.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2018 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 04/29/2018 06:32:55 PM in x64 mode.
Windows Version: Windows 10 Home
Checking for Windows services to stop:
 * No malware services found to stop.
Checking for processes to terminate:
 * No malware processes found to kill.
Checking Registry for malware related settings:
 * No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
 * Windows Defender Disabled
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
 
(ii) Kaspersky TDSSKill:
 
No Threats were found
 
(iii) Malwarebytes
 
No scan performed, as I received an error message: -
 
Unable to execute file in the temporary directory. Setup aborted.
 
Error 5 : Access denied
 
(iv) AdwCleaner
AdwCleaner Log:
 
# -------------------------------
# Malwarebytes AdwCleaner 7.1.0.0
# -------------------------------
# Build:    04-12-2018
# Database: 2018-04-27.2
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    04-29-2018
# Duration: 00:01:09
# OS:       Windows 10 Home
# Cleaned:  58
# Failed:   0

***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted       HKLM\Software\Classes\tsckmna
Deleted       HKU\S-1-5-18\Software\ByteFence
Deleted       HKU\.DEFAULT\Software\ByteFence
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
Deleted       HKLM\Software\Microsoft\DMunversion
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DD0688A5-FC8B-4E93-A485-CBF606A56D49}
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Searchy
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}
Deleted       HKLM\Software\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}
Deleted       HKLM\Software\Classes\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}
Deleted       HKLM\Software\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}
Deleted       HKLM\Software\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{F1912128-469A-4138-AA26-9699C15BB13E}
Deleted       HKLM\Software\Classes\Interface\{F1912128-469A-4138-AA26-9699C15BB13E}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}
Deleted       HKLM\Software\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}
Deleted       HKLM\Software\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{D83C83BF-3EDD-4410-ADAB-5295116DD8C7}
Deleted       HKLM\Software\Classes\Interface\{D83C83BF-3EDD-4410-ADAB-5295116DD8C7}
Deleted       HKLM\Software\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}
Deleted       HKLM\Software\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}
Deleted       HKLM\Software\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}
Deleted       HKLM\Software\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}
Deleted       HKLM\Software\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}
Deleted       HKLM\Software\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}
Deleted       HKLM\Software\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}
Deleted       HKLM\Software\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}
Deleted       HKLM\Software\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}
Deleted       HKLM\Software\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}
Deleted       HKLM\Software\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}
Deleted       HKLM\Software\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}
Deleted       HKLM\Software\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}
Deleted       HKLM\Software\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}
Deleted       HKLM\Software\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}
Deleted       HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{2FF49ED5-A3EF-410B-918E-97DECEB5996D}
Deleted       HKLM\Software\Classes\tschmna
Deleted       HKU\S-1-5-21-1748551376-4089309731-517978228-1259\Software\Microsoft\Etsy
Deleted       HKCU\Software\Microsoft\Etsy
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\paint-net.en.softonic.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ms-paint.en.softonic.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\en.softonic.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\paint-net.en.softonic.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\ms-paint.en.softonic.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\en.softonic.com
Deleted       HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\SpyHunter4.exe
Deleted       HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted       HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted       HKCU\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d}
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.

*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C03].txt ##########
 

 

 

Kind regards


Edited by wire_jp, 30 April 2018 - 10:39 AM.


#10 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,601 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:05:12 PM

Posted 30 April 2018 - 08:15 AM

It looks like you need the help of our Malware Removal Team to get this sorted out.  You need to start a topic in the Virus, Trojan, Spyware, and Malware Removal Logs forum.  

You will need to do the following prior to starting your topic.

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

   * If you cannot complete a step, then skip it and continue with the next.
   * In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done this, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so this topic can be closed by a Moderator.

DO NOT bump your new topic. Wait for a response from one of the Malware Response Team Members.  The MRT members look for topics which have not been addressed.  If you bump your topic it will make it appear that your topic is being addressed.
 


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users