Jump to content

ICE Ransomware removal help


Recommended Posts

Please help me remove this ransomware from my computer. The Kaspersky rescue disk scan's that I've run have not found it. I can't create a bootable USB because the infected computer runs windows 8 and my backup old laptop i'm using now is on older windows.  I have managed to run the farbar scan, here is the log, please tell me what to do now? One note, my C: drive is the main drive, I put my old hard drive (E:) in my desktop a while back to use it's memory space but it still has some windows drivers and files on it, but Windows is driven from the C: drive.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by SYSTEM on MININT-8DSA8OJ on 29-01-2015 09:17:08
Running from E:\
Platform: Windows Vista Home Basic (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

ATTENTION!:=====> THE OPERATING SYSTEM IS A X86 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X64 SYSTEM DISK.
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [Google Desktop Search] => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6183456 2008-07-23] (Realtek Semiconductor)
HKLM\...\Run: [eRecoveryService] => [X]
HKLM\...\Run: [updateP2GoShortCut] => "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
HKLM\...\Run: [RemoteControl] => "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
HKLM\...\Run: [LanguageShortcut] => "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
HKLM\...\Run: [WiLife Command Center] => "C:\Program Files\WiLife Command Center\Werks.exe" /logon
HKLM\...\Run: [Adobe Photo Downloader] => C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe [61440 2006-09-14] (Adobe Systems Incorporated)
HKLM\...\Run: [Malwarebytes Anti-Malware (reboot)] => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
HKLM\...\Run: [updatePPShortCut] => "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
HKLM\...\Run: [updatePSTShortCut] => "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
HKLM\...\Run: [nmctxth] => C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [642856 2008-12-12] (Cisco Systems, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jaureg.exe [239336 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [TuneClone] => C:\Program Files\TuneClone\TuneClone.exe /silence
HKLM\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1667072 2012-02-28] (AimerSoft)
HKLM\...\Run: [LogitechQuickCamRibbon] => "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
HKLM\...\Run: [QuickTime Task] => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
HKLM\...\Run: [Memeo Instant Backup] => C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
HKLM\...\Run: [seagate Dashboard] => C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
HKLM\...\Run: [iTunesHelper] => "C:\Program Files\iTunes\iTunesHelper.exe"
HKLM-x32\...\Winlogon: [userinit]  [X]
HKLM-x32\...\Winlogon: [shell] Explorer.exe [ ] ()
HKU\Scott\...\Run: [swg] => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\Scott\...\Run: [msnmsgr] => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
HKU\Scott\...\Policies\Explorer: [NoFolderOptions] 0
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL => C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL File Not Found

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdobeActiveFileMonitor5.0; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [102400 2006-09-14] ()
S2 AdobeARMservice; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [63960 2012-07-27] (Adobe Systems Incorporated)
S2 AgereModemAudio; C:\Windows\system32\agrsmsvc.exe [12800 2008-07-22] (Agere Systems)
S2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55184 2012-08-11] (Apple Inc.)
S2 EPSON_EB_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE [143872 2007-12-16] (SEIKO EPSON CORPORATION)
S2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-10] (SEIKO EPSON CORPORATION)
S3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [43904 2009-02-18] (Microsoft Corporation)
S3 idsvc; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [879448 2009-02-18] (Microsoft Corporation)
S2 LVPrcSrv; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [154136 2009-10-06] (Logitech Inc.)
S2 nmservice; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [642856 2008-12-12] (Cisco Systems, Inc.)
S3 odserv; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [440696 2011-07-20] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
S3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [753504 2010-03-18] (Microsoft Corporation)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [X]
S2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [X]
S2 DisplayLinkService; "C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe" [X]
S2 ETService; C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [X]
S2 FlipShare Service; "C:\Program Files\Flip Video\FlipShare\FlipShareService.exe" [X]
S2 FlipShareServer; "C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe" [X]
S3 GameConsoleService; "C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe" [X]
S3 GoogleDesktopManager-051210-111108; "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [X]
S2 gupdate1ca009a15941a12; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 gusvc; "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]
S3 iPod Service; "C:\Program Files\iPod\bin\iPodService.exe" [X]
S2 LinksysUpdater; "C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe" -s "C:\Program Files\Linksys\Linksys Updater\conf\wrapper.conf"
S2 MemeoBackgroundService; C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe [X]
S2 RichVideo; "C:\Program Files\CyberLink\Shared files\RichVideo.exe" [X]
S2 SeagateDashboardService; C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [X]
S2 Secunia PSI Agent; "C:\Program Files\Secunia\PSI\PSIA.exe" --start-service [X]
S2 Secunia Update Agent; "C:\Program Files\Secunia\PSI\sua.exe" --start-service [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AmdK7; C:\Windows\system32\drivers\amdk7.sys [41472 2008-01-20] (Microsoft Corporation)
S3 AVerFx2hbtv; C:\Windows\System32\drivers\AVerFx2hbtv.sys [436480 2009-06-30] (AVerMedia TECHNOLOGIES, Inc.)
S3 A_USBETHMP; C:\Windows\System32\Drivers\usbethmp.sys [14342 2007-07-05] (Intellon Corporation)
S4 Crusoe; C:\Windows\system32\drivers\crusoe.sys [40960 2008-01-20] (Microsoft Corporation)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [41984 2007-01-24] (Samsung Electronics Co., Ltd.)
S3 E1G60; C:\Windows\System32\DRIVERS\E1G60I32.sys [118784 2008-01-20] (Intel Corporation)
S2 int15; C:\Windows\system32\drivers\int15.sys [15392 2008-06-11] (Acer, Inc.)
S3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHDA.sys [2152344 2008-07-23] (Realtek Semiconductor Corp.)
S3 lvpopflt; C:\Windows\System32\DRIVERS\lvpopflt.sys [114712 2009-10-07] (Logitech Inc.)
S3 LVPr2Mon; C:\Windows\System32\Drivers\LVPr2Mon.sys [25752 2009-10-06] ()
S3 LVRS; C:\Windows\System32\DRIVERS\lvrs.sys [266008 2009-10-07] (Logitech Inc.)
S3 LVUVC; C:\Windows\System32\DRIVERS\lvuvc.sys [6756632 2009-10-07] (Logitech Inc.)
S4 ntrigdigi; C:\Windows\system32\drivers\ntrigdigi.sys [20608 2006-11-01] (N-trig Innovative Technologies)
S3 NVENETFD; C:\Windows\System32\DRIVERS\nvmfdx32.sys [292712 2010-08-12] (NVIDIA Corporation)
S3 NVNET; C:\Windows\System32\DRIVERS\nvmfdx32.sys [292712 2010-08-12] (NVIDIA Corporation)
S0 nvstor32; C:\Windows\System32\DRIVERS\nvstor32.sys [140832 2008-01-25] (NVIDIA Corporation)
S0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [20640 2009-12-06] (Sonic Solutions)
S3 RemoteControl-USBLAN; C:\Windows\System32\DRIVERS\rcblan.sys [39704 2007-01-24] (Belcarra Technologies)
S0 tclondrv; C:\Windows\System32\DRIVERS\tclondrv.sys [28776 2012-02-24] (TuneClone Software)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [44032 2012-07-09] (Apple, Inc.)
S3 WLRAWSp50x86; C:\Windows\System32\Drivers\WLRAWSp50x86.sys [27032 2008-12-03] (WiLife, Inc.)
S3 DisplayLinkUsbPort; system32\DRIVERS\DisplayLinkUsbPort.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 sxuptp; system32\DRIVERS\sxuptp.sys [X]
S3 WLRAWMPR50x86; System32\Drivers\WLRAWMPR50x86.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-28 16:21 - 2015-01-28 17:13 - 00000000 ____D () C:\FRST

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-14 17:28 - 2009-06-30 07:53 - 00000000 ____D () C:\users\Scott

==================== Known DLLs (Whitelisted) ================

C:\Windows\SysWOW64\clbcatq.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\ole32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\advapi32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\COMDLG32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\gdi32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\IERTUTIL.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\IMAGEHLP.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\IMM32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\kernel32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\LPK.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\MSCTF.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\MSVCRT.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\NORMALIZ.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\NSI.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\OLEAUT32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\rpcrt4.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\Setupapi.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\SHELL32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\SHLWAPI.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\URLMON.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\user32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\USP10.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\WININET.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\WLDAP32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\WS2_32.dll IS MISSING <==== ATTENTION!

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe
[2009-10-20 09:33] - [2009-04-10 22:28] - 0314368 ____A (Microsoft Corporation) 898E7C06A350D4A1A64A9EA264D55452

C:\Windows\System32\wininit.exe
[2008-01-20 18:33] - [2008-01-20 18:33] - 0096768 ____A (Microsoft Corporation) 101BA3EA053480BB5D957EF37C06B5ED

C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\explorer.exe
[2009-10-20 09:33] - [2009-04-10 22:27] - 2926592 ____A (Microsoft Corporation) D07D4C3038F3578FFCE1C0237F2A1253

C:\Windows\SysWOW64\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe
[2008-01-20 18:33] - [2008-01-20 18:33] - 0021504 ____A (Microsoft Corporation) 3794B461C45882E06856F282EEF025AF

C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe
[2009-10-20 09:33] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\System32\User32.dll
[2009-10-20 09:33] - [2009-04-10 22:28] - 0627712 ____A (Microsoft Corporation) 75510147B94598407666F4802797C75A

C:\Windows\SysWOW64\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\userinit.exe
[2008-01-20 18:34] - [2008-01-20 18:34] - 0025088 ____A (Microsoft Corporation) 0E135526E9785D085BCD9AEDE6FBCBF9

C:\Windows\SysWOW64\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\rpcss.dll
[2009-10-20 09:33] - [2009-04-10 22:28] - 0550400 ____A (Microsoft Corporation) 3B5B4D53FEC14F7476CA29A20CC31AC9

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys
[2009-10-20 09:33] - [2009-04-10 22:32] - 0226280 ____A (Microsoft Corporation) 147281C01FCB1DF9252DE2A10D5E7093

==================== Restore Points  =========================

==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 3988.59 MB
Available physical RAM: 3290.17 MB
Total Pagefile: 3988.59 MB
Available Pagefile: 3313.11 MB
Total Virtual: 131072 MB
Available Virtual: 131071.89 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:139.05 GB) (Free:13.86 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (HITMANPRO) (Removable) (Total:1.86 GB) (Free:1.85 GB) FAT32
Drive f: () (Fixed) (Total:59.28 GB) (Free:3.22 GB) NTFS
Drive g: (PQSERVICE) (Fixed) (Total:10 GB) (Free:3.03 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.5 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.04 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 59.6 GB) (Disk ID: FEF36CD7)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=59.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 149.1 GB) (Disk ID: 66F2E07A)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=139 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 1.9 GB) (Disk ID: 2450A429)
Partition 1: (Active) - (Size=1.9 GB) - (Type=0B)

LastRegBack: 2012-10-22 05:40

==================== End Of Log ============================

Link to post
Share on other sites

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll be working with you.
 
     
    
Before we start please read and note the following:

  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything unexpected happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 
 
 
 
ATTENTION!:=====> THE OPERATING SYSTEM IS A X86 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X64 SYSTEM DISK.

 

 

How did your run recovery on this PC?

Link to post
Share on other sites

I just rebooted my computer, and the ransomware screen didn't come up, so I downloaded hitman pro and did a scan, it found a bunch of problems and I deleted and rebooted. Then the computer seemed fine so I ran my Panda Security full scan and left the computer for a while.  When I just came back to check, the ransonware screen was back.  I loaded FRST.exe onto a USB and just tried to run it but it says "the subsystem needed to support the image type is not present".

help please.

Link to post
Share on other sites

Very good. Now we're one step closer solving your problem :)
 
 
 
Download attached fixlist.txt and save it to your USB flashdrive as fixlist.txt
 
>>  Boot into Recovery Environment
 
 
Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....

  •    Press the Fix button once and wait.
  •    FRST will process fixlist.txt
  •    When finished, it will produce a log fixlog.txt on your USB flashdrive.

>>  Exit out of Recovery Environment and post me the log please.
 
 
 
Try to boot Windows normally...

fixlist.txt

Link to post
Share on other sites

51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware
 
Please re-run 51a46ae42d560-malwarebytes_anti_malware. Malwarebytes' Anti-Malware.

  • First of all, select update.
  • Once updated, click the Settings tab, in the left panel choose Detection & Protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the newest Scan Log.
  • At the bottom click Export and choose Text file.

Save the file to your desktop and upload your next reply.

Link to post
Share on other sites

It seems to be working fine now, thank you so much.  I will make a donation, what is customary?

 

Thank you! Any amount is appreciated, people donate what they think it is affordable for them.

 

 

Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself :)

 

 

Recommended reading:

 

 

icon_exclaim.gifMUST READ - security tips:

icon_exclaim.gifMUST READ - general maintenance:

The Importance of Software Updating:

 

 

In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.

 

Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.

Recommended additional software:

 

 

icon_arrow.gifTFC - to clean unneeded temporary files.

icon_arrow.gifMalwarebytes' Anti-Malware - to scan your system from time to time in search for malware.

icon_arrow.gifMalwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.

icon_arrow.gifMcShield - to prevent infections spread by removable media.

icon_arrow.gifUnchecky - to prevent from installing additional foistware, implemented in legitimate installations.

icon_arrow.gifAdblock - to surf the web without annoying ads! 

 

 

Post-cleanup procedures:

 

 

Download DelFix by Xplode and save it to your desktop.

  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report. You do not need to attach it.

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix

Tool deletes old system restore points and create a fresh system restore point after cleaning. 

 

 

 

My help is free for everybody.

If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation: 

btn_donateCC_LG.gif

 

Thank you!

 

 

Stay safe,

TwinHeadedEagle   :)

Link to post
Share on other sites

  • 2 weeks later...

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.