snowwolf Posted October 7, 2014 ID:887562 Share Posted October 7, 2014 i see a couple of saspsus programs and i have run both kaspersky and malwarebytes and nothing comes up i have also googled on program and it says bitmine virus so help plz thank you for your timeFRST.txtAddition.txt Link to post Share on other sites More sharing options...
snowwolf Posted October 8, 2014 Author ID:887626 Share Posted October 8, 2014 the virus in qustion is RzMaelstromVAD_1.1.41.1089 in the C:\ProgramData and any that i missed Link to post Share on other sites More sharing options...
kevinf80 Posted October 8, 2014 ID:887671 Share Posted October 8, 2014 Hello and P2P/Piracy Warning: If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy. There is definite evidence of illegal software running on your system (AutoKMS.exe) as this is in direct breach of forum protocol no help can be offered... Kevin. Link to post Share on other sites More sharing options...
snowwolf Posted October 8, 2014 Author ID:887827 Share Posted October 8, 2014 i have know delete AutoKMS.exe can i get help do i have to post the new additiion and frst ? or do i open a new topic Link to post Share on other sites More sharing options...
snowwolf Posted October 8, 2014 Author ID:887848 Share Posted October 8, 2014 i have RzMaelstromVAD_1.1.41.1089 i think its a virus and i think there my be more virus please i need help p.s i have know delete AutoKMS.exe (i did not even know what it is but i found and dealete it )can i get help pleaseAddition.txtFRST.txt Link to post Share on other sites More sharing options...
kevinf80 Posted October 9, 2014 ID:888001 Share Posted October 9, 2014 As far as i`m aware RzMaelstromVAD_1.1.41.1089 belongs to Razer, (Surround Audio Service) Continue: Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Run FRST and press the Fix button just once and wait.The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... linkWhen the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware. Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected. In most cases, a restart will be required. Wait for the prompt to restart the computer to appear, then click on Yes. Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply. Next, Download AdwCleaner by Xplode onto your Desktop. Double click on Adwcleaner.exe to run the tool. Click on Scan Once the scan is done, click on the Clean button. You will get a prompt asking to close all programs. Click OK. Click OK again to reboot your computer. A text file will open after the restart. Please post the content of that logfile in your reply. You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number Next, Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts. (re-enable when done)Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message. Next, Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktopEnsure to get the correct version for your system.... 32 Bit version:https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en64 Bit version:https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en'>https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en Right click on the Tool, select “Run as Administrator” the tool will expand to the options WindowIn the "Scan Type" window, select Full ScanPerform a scan and Click Finish when the scan is done.Retrieve the MSRT log as follows, and post it in your next reply: 1) Select the Windows key and R key together to open the "Run" function2) Type or Copy/Paste the following command to the "Run Line" and Press Enternotepad c:\windows\debug\mrt.log Let me see those logs in your next reply, also give an update on any remaining issues or concerns... Thanks, Kevin.. Fixlist.txt Link to post Share on other sites More sharing options...
snowwolf Posted October 9, 2014 Author ID:888080 Share Posted October 9, 2014 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-10-2014 01Ran by Joe at 2014-10-09 13:16:57 Run:1Running from C:\Users\Joe\DownloadsLoaded Profile: Joe (Available profiles: Joe)Boot Mode: Normal==============================================Content of fixlist:*****************StartHKLM\...\Run: [] => [X]HKLM-x32\...\Run: [] => [X]HKU\S-1-5-21-1958978909-1473249692-2050056403-1001\...\Run: [AdobeBridge] => [X]S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]R3 WinRing0_1_2_0; \??\C:\Users\Joe\AppData\Local\Temp\tmp46EE.tmp [X]C:\Users\Joe\jagex_cl_runescape_LIVE.datC:\Users\Joe\random.datTask: {30CB2AD2-5402-4ECB-9DC8-21E0D29E48EC} - \VisualBeeRecovery No Task File <==== ATTENTIONTask: {D67AE6EB-5F05-4608-A3BD-7BF2BA1B1014} - \AutoKMS No Task File <==== ATTENTIONAlternateDataStreams: C:\ProgramData\TEMP:A1EDB939Hosts:EmptyTemp:End*****************HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.HKU\S-1-5-21-1958978909-1473249692-2050056403-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.vmci => Service deleted successfully.VMnetAdapter => Service deleted successfully.WinRing0_1_2_0 => Unable to stop serviceWinRing0_1_2_0 => Service deleted successfully.C:\Users\Joe\jagex_cl_runescape_LIVE.dat => Moved successfully.C:\Users\Joe\random.dat => Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{30CB2AD2-5402-4ECB-9DC8-21E0D29E48EC}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30CB2AD2-5402-4ECB-9DC8-21E0D29E48EC}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\VisualBeeRecovery" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{D67AE6EB-5F05-4608-A3BD-7BF2BA1B1014}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D67AE6EB-5F05-4608-A3BD-7BF2BA1B1014}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => Key deleted successfully.C:\ProgramData\TEMP => ":A1EDB939" ADS removed successfully.Could not reset Hosts.EmptyTemp: => Removed 806.6 MB temporary data.The system needed a reboot.==== End of Fixlog ==== Link to post Share on other sites More sharing options...
snowwolf Posted October 9, 2014 Author ID:888083 Share Posted October 9, 2014 Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 09/10/2014Scan Time: 1:31:09 PMLogfile:Administrator: YesVersion: 2.00.2.1012Malware Database: v2014.10.09.08Rootkit Database: v2014.10.08.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: JoeScan Type: Threat ScanResult: CompletedObjects Scanned: 361240Time Elapsed: 12 min, 33 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 0(No malicious items detected)Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 1PUP.Optional.SweetPacks.A, C:\Program Files (x86)\sweetpacks bundle uninstaller, Quarantined, [1b2d5ab88bf1fc3ac6b75bb58b78956b],Files: 1PUP.Optional.SweetPacks.A, C:\Program Files (x86)\sweetpacks bundle uninstaller\uninstaller.exe, Quarantined, [1b2d5ab88bf1fc3ac6b75bb58b78956b],Physical Sectors: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
snowwolf Posted October 9, 2014 Author ID:888088 Share Posted October 9, 2014 # AdwCleaner v3.311 - Report created 09/10/2014 at 13:54:15# Updated 30/09/2014 by Xplode# Operating System : Windows 7 Professional Service Pack 1 (64 bits)# Username : Joe - JOE-PC# Running from : C:\Users\Joe\Downloads\AdwCleaner.exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] *****Folder Deleted : C:\ProgramData\Tarma InstallerFile Deleted : C:\END***** [ Scheduled Tasks ] ********** [ Shortcuts ] ********** [ Registry ] *****Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancsKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancsKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancsKey Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}Key Deleted : HKCU\Software\APN PIPKey Deleted : HKCU\Software\ConduitKey Deleted : HKCU\Software\Cr_InstallerKey Deleted : HKCU\Software\IMKey Deleted : HKCU\Software\ImInstallerKey Deleted : HKCU\Software\visualbeeKey Deleted : HKLM\SOFTWARE\PIPKey Deleted : HKLM\SOFTWARE\VBMZKey Deleted : HKLM\SOFTWARE\visualbeeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileParade bundle uninstallerKey Deleted : [x64] HKLM\SOFTWARE\Tarma Installer***** [ Browsers ] *****-\\ Internet Explorer v11.0.9600.17280-\\ Mozilla Firefox v32.0.3 (x86 en-US)[ File : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\pqsp1cg8.default-1398121802275\prefs.js ]*************************AdwCleaner[R0].txt - [2613 octets] - [09/10/2014 13:53:11]AdwCleaner[s0].txt - [2332 octets] - [09/10/2014 13:54:15]########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2392 octets] ########## Link to post Share on other sites More sharing options...
snowwolf Posted October 9, 2014 Author ID:888091 Share Posted October 9, 2014 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.3.2 (10.09.2014:1)OS: Windows 7 Professional x64Ran by Joe on 09/10/2014 at 14:06:03.91~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry ValuesSuccessfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL~~~ Registry KeysSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181102}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181102}~~~ Files~~~ Folders~~~ FireFoxEmptied folder: C:\Users\Joe\AppData\Roaming\mozilla\firefox\profiles\pqsp1cg8.default-1398121802275\minidumps [11 files]~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 09/10/2014 at 14:07:54.87End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites More sharing options...
kevinf80 Posted October 9, 2014 ID:888111 Share Posted October 9, 2014 Did you run the last step "Malicious Software Removal Tool" can I see that log? Link to post Share on other sites More sharing options...
snowwolf Posted October 9, 2014 Author ID:888122 Share Posted October 9, 2014 it still running Link to post Share on other sites More sharing options...
kevinf80 Posted October 9, 2014 ID:888128 Share Posted October 9, 2014 Thanks for the update.... Link to post Share on other sites More sharing options...
snowwolf Posted October 9, 2014 Author ID:888152 Share Posted October 9, 2014 ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v4.15, December 2012Started On Thu Dec 27 16:08:23 2012Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu Dec 27 16:09:07 2012Return code: 0 (0x0)---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v4.16, January 2013Started On Tue Jan 08 13:42:48 2013->Scan ERROR: resource process://pid:1304 (code 0x00000005 (5))Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Tue Jan 08 13:43:22 2013Return code: 0 (0x0)---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v4.17, February 2013Started On Wed Feb 13 23:28:02 2013->Scan ERROR: resource process://pid:9740 (code 0x00000005 (5))Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Wed Feb 13 23:28:49 2013Return code: 0 (0x0)---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v4.18, March 2013Started On Wed Mar 13 22:30:14 2013->Scan ERROR: resource process://pid:1780 (code 0x00000005 (5))Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Wed Mar 13 22:31:08 2013Return code: 0 (0x0)---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v4.19, April 2013Started On Wed Apr 10 21:02:07 2013->Scan ERROR: resource process://pid:8376 (code 0x00000005 (5))Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 10 21:03:06 2013Return code: 0 (0x0)---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v4.20, May 2013Started On Wed May 15 23:18:31 2013->Scan ERROR: resource process://pid:8640 (code 0x00000005 (5))Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Wed May 15 23:19:31 2013Return code: 0 (0x0)---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v4.21, June 2013Started On Thu Jun 13 03:00:55 2013->Scan ERROR: resource process://pid:1272 (code 0x00000005 (5))Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu Jun 13 03:02:12 2013Return code: 0 (0x0)---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v4.22, July 2013Started On Tue Jul 09 23:05:45 2013->Scan ERROR: resource process://pid:1320 (code 0x00000005 (5))Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Tue Jul 09 23:06:51 2013Return code: 0 (0x0)---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.2, July 2013 (build 5.2.9201.0)Started On Thu Jul 11 21:52:43 2013Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu Jul 11 21:53:51 2013Return code: 0 (0x0)---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.3, August 2013 (build 5.3.9301.0)Started On Tue Aug 13 22:33:49 2013Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Tue Aug 13 22:34:55 2013Return code: 0 (0x0)---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.4, September 2013 (build 5.4.9400.0)Started On Tue Sep 10 22:22:30 2013Engine: 1.1.9800.0Signatures: 1.157.932.0Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Tue Sep 10 22:23:31 2013Return code: 0 (0x0)---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.5, October 2013 (build 5.5.9502.0)Started On Tue Oct 08 23:12:00 2013Engine: 1.1.9901.0Signatures: 1.159.530.0Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Tue Oct 08 23:13:12 2013Return code: 0 (0x0)---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.6, November 2013 (build 5.6.9603.0)Started On Tue Nov 12 23:33:26 2013Engine: 1.1.10003.0Signatures: 1.161.1618.0Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Tue Nov 12 23:34:34 2013Return code: 0 (0x0)---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.7, December 2013 (build 5.7.9701.0)Started On Mon Dec 16 02:51:10 2013Engine: 1.1.10100.0Signatures: 1.163.1013.0Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Mon Dec 16 02:52:25 2013Return code: 0 (0x0)---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.8, January 2014 (build 5.8.9803.0)Started On Thu Jan 16 11:00:28 2014Engine: 1.1.10201.0Signatures: 1.165.1273.0Results Summary:----------------No infection found.Failed to submit MAPS report: 0x80072EFDMicrosoft Windows Malicious Software Removal Tool Finished On Thu Jan 16 11:03:12 2014Return code: 0 (0x0)---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.9, February 2014 (build 5.9.9902.0)Started On Sun Feb 16 14:31:36 2014Engine: 1.1.10201.0Signatures: 1.165.3163.0Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Sun Feb 16 14:32:59 2014Return code: 0 (0x0)---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.10, March 2014 (build 5.10.10001.0)Started On Wed Mar 19 10:18:36 2014Engine: 1.1.10302.0Signatures: 1.167.1001.0Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Wed Mar 19 10:19:39 2014Return code: 0 (0x0)---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.11, April 2014 (build 5.11.10100.0)Started On Thu Apr 10 12:41:05 2014Engine: 1.1.10401.0Signatures: 1.169.1258.0Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 10 12:42:05 2014Return code: 0 (0x0)---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.12, May 2014 (build 5.12.10200.0)Started On Wed May 14 13:03:59 2014Engine: 1.1.10502.0Signatures: 1.173.1305.0Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Wed May 14 13:04:59 2014Return code: 0 (0x0)---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.13, June 2014 (build 5.13.10300.0)Started On Thu Jun 12 12:53:01 2014Engine: 1.1.10600.0Signatures: 1.175.1113.0Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu Jun 12 12:54:27 2014Return code: 0 (0x0)---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.14, July 2014 (build 5.14.10402.0)Started On Thu Jul 10 13:22:44 2014Engine: 1.1.10701.0Signatures: 1.177.949.0Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu Jul 10 13:25:20 2014Return code: 0 (0x0)---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.15, August 2014 (build 5.15.10500.0)Started On Sun Aug 31 23:59:41 2014Engine: 1.1.10802.0Signatures: 1.179.1796.0Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Mon Sep 01 00:01:17 2014Return code: 0 (0x0)---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0)Started On Thu Sep 11 11:36:18 2014Engine: 1.1.10904.0Signatures: 1.183.882.0Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu Sep 11 11:39:29 2014Return code: 0 (0x0)---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0)Started On Thu Oct 09 14:09:58 2014Engine: 1.1.10904.0Signatures: 1.183.882.0Microsoft Windows Malicious Software Removal Tool Finished On Thu Oct 09 14:10:14 2014Return code: 0 (0x0)---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0)Started On Thu Oct 09 14:10:47 2014Engine: 1.1.10904.0Signatures: 1.183.882.0Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu Oct 09 18:20:24 2014Return code: 0 (0x0) Link to post Share on other sites More sharing options...
kevinf80 Posted October 10, 2014 ID:888294 Share Posted October 10, 2014 What is the current status of your system, are there any remaining issues or concerns? We still need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete: Run Eset Online Scanner **Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin. (To run ESET Online Scanner in a browser other than Internet Explorer, you'll need to download ESET SMART Installer during the process) Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scan click on the Run ESET Online Scanner button Tick the box next to YES, I accept the Terms of Use.Click Start When asked, allow the add/on to be installedClick Start Make sure that the option "Remove found threats" is UNticked Click on Advanced Settings, ensure the following options are checked: Scan for potentially unsafe applicationsEnable Anti-Stealth Technology Click Scan wait for the virus definitions to be downloaded Wait for the scan to finish When the scan is complete If no threats were found put a checkmark in "Uninstall application on close" close program report to me that nothing was found If threats were found click on "list of threats found" click on "export to text file" and save it as ESET SCAN and save to the desktop Click on back put a checkmark in "Uninstall application on close" click on finish close program Copy and paste the report in next reply. Thank you, Kevin... Link to post Share on other sites More sharing options...
snowwolf Posted October 10, 2014 Author ID:888492 Share Posted October 10, 2014 C:\Program Files (x86)\AlienRespawn\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe applicationC:\Program Files (x86)\AlienRespawn\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe applicationC:\Program Files (x86)\Cheat Engine 6.3\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB potentially unsafe applicationC:\Program Files (x86)\Cheat Engine 6.3\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF potentially unsafe applicationE:\Movies\dao-Bwolf89.exe a variant of Win32/GameHack.F potentially unsafe application Link to post Share on other sites More sharing options...
kevinf80 Posted October 10, 2014 ID:888503 Share Posted October 10, 2014 ESET log is ok, nothing to worry about. Only one point, the Hosts file is missing and FRST could not make a reset....... Please Download HostsXpert and unzip it to your computer, somewhere where you can find it. The root of the system drive would be a ideal location: EG: C:\ Right-click on HostsXpert.exe and select Run as Administrator to launch the programme. Check to see if top button on left hand side says Make Writable? If it does. click on it then proceed to next instruction. If not, just proceed to next instruction.. Click on Restore MS Hosts File to restore your Hosts file to its default condition When prompted to confirm, click OK. Click on the Download button (lower left hand side) Click on MVPs Hosts... button. Click on Replace button.Press OK in the box that pops up. (HostsXpert will now download and update your Hosts file. If prompted about DNS, just ignore it click on OK etc) When finished... Click on File Handling button. Click on Make Read Only? to secure it against infection. Exit the programme. Let me know if that completes ok... Thanks, Kevin.. Link to post Share on other sites More sharing options...
snowwolf Posted October 10, 2014 Author ID:888506 Share Posted October 10, 2014 ok just did that Link to post Share on other sites More sharing options...
kevinf80 Posted October 10, 2014 ID:888515 Share Posted October 10, 2014 What is the current status of your system, any remaining issues or concerns? Link to post Share on other sites More sharing options...
snowwolf Posted October 10, 2014 Author ID:888523 Share Posted October 10, 2014 it seems to be fine i think and i dont think im getting as much weird cpu and gpu spicks that i would get for no reasons Link to post Share on other sites More sharing options...
kevinf80 Posted October 10, 2014 ID:888525 Share Posted October 10, 2014 Download "Delfix by Xplode" and save it to your desktop. Or use the following if first link is down: "Delfix link mirror" Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator Make Sure the following items are checked: Activate UAC Remove disinfection tools Create registry backup Purge System Restore Reset system settings Now click on "Run" and wait patiently until the tool has completed. The tool will create a log when it has completed. We don't need you to post this. Part of the routine will be to create a registry back up with ERUNT, the back up will be created here: C:\Windows\ERUNT When all is known to be well with your system you can delete that back up folder if you consider it as not needed...Any remnant files/logs from tools we have used can be deleted… Next, Read the following link to fully understand PC security and best practices, you may find it useful.... http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629 If no remaining issues or concerns are we ok to close out? Thanks, Kevin... Link to post Share on other sites More sharing options...
snowwolf Posted October 11, 2014 Author ID:888579 Share Posted October 11, 2014 yes you can close thank you for your time and for helping me out Link to post Share on other sites More sharing options...
kevinf80 Posted October 11, 2014 ID:888639 Share Posted October 11, 2014 You`re very welcome, it was a pleasure to work with you.... Take care and surf safe, Kevin.... Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 17, 2014 Root Admin ID:891230 Share Posted October 17, 2014 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts