Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

computer infected


MahS
 Share

Recommended Posts

Hello,

My computer is infected by some malware that is blocking my access to internet and also is not allowing malwarebytes and farbar recovery scan tool to run in it.
I already used adwcleaner and it is no longer finding anything.
I have kaspersky total security in my pc and nothing is showing up in the scans.
And also I tried to use malwarebytes chameleon, but this happens:

MBAM-Chameleon ver. 3.1.29.0

Press any key to continue
Intalling Driver...
Protected Path: C:\Users\Mah S\Desktop\Chameleon\Windows\
... Done!
Trying  to start Malwarebytes  Anti-Malware, please wait...
... Done!
Updating MBAM...

 

 

 

Response from update:
Failed to start the update.

Killing known malicious processes, please wait...

 

Mbam-killer Timout set to 1800 seconds.
Mbam-killer is scaning  - Press C to cancel...
3380: C:\ProgramData\System32\SafeGuard64.dll
206518: HKLM\SOFTWARE\WOW6432NODE\MYCROSOFT\WINDOWS\CURRENTVERSION\RUN|mpck_en_...
207607: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\XBOX|ImagePath
294436: HKLM\SOFTWARE\WOW6432NODE\MYCROSOFT\INTERNET EXPLORER\SEARCHSCOPES|Defa..
Mbam-killer scan is complete .
Mbam-killer is exiting.

Trying to start a scan - Please wait...

Failed to start the scan
Removing    protection driver...
...Done!
Press any key to continue


What can I do to clean my computer?

Link to post
Share on other sites

Hello MahS and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system, continue as follows please:

Download RKill from here: http://www.bleepingcomputer.com/download/rkill/

There are three buttons to choose from with different names on, select the first one and save it to your desktop.
 
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7/8/10, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
  • If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
  • If the tool does not run from any of the links provided, please let me know.


Next,

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/
 
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8/8.1/10, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes select "Report",in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference. log will open.
  • Close the program > Don't Fix anything!


Let me see those logs in your reply..

Thank you,

Kevin..
Link to post
Share on other sites

Double-click RogueKiller.exe to run again. (Vista/7/8/10 right-click and select Run as Administrator)

When "initializing/pre-scan” completes press the Scan button, this may take a few minutes to complete.

When the scan completes open the Processes tab and locate the following detections:

[VT.Trojan:Win32/Posehost.A] XBLive.exe(2504) -- C:\Users\Mah Sebinelli\AppData\Roaming\XBox\XBLive.exe[x] -> Encontrado

Make sure those entries are Checkmarked (ticked) also ensure that all other entries are not Checkmarked


Open the Registry tab and locate the following detections:

[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : -> Encontrado
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 201.82.0.52 201.82.0.64 ([X][X]) -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 201.82.0.52 201.82.0.64 ([X][X]) -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{25E26A43-21BB-4955-986A-83C225D030D6} | DhcpNameServer : 201.82.0.52 201.82.0.64 ([X][X]) -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{68C1F9F3-43D3-4940-9277-A3AD48FFE5C5} | DhcpNameServer : 201.82.0.52 201.82.0.64 ([X][X]) -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BDC165E5-319F-45A9-A2D0-8E73D0F8F0B4} | DhcpNameServer : 201.82.0.52 201.82.0.64 ([X][X]) -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D78C5430-7391-4FF8-8409-DB43D47B6334} | DhcpNameServer : 201.82.0.52 201.82.0.64 ([X][X]) -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DC1B5135-A511-4CC9-B4AF-313F39F56973} | DhcpNameServer : 201.82.0.52 201.82.0.64 ([X][X]) -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{25E26A43-21BB-4955-986A-83C225D030D6} | DhcpNameServer : 201.82.0.52 201.82.0.64 ([X][X]) -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{68C1F9F3-43D3-4940-9277-A3AD48FFE5C5} | DhcpNameServer : 201.82.0.52 201.82.0.64 ([X][X]) -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{BDC165E5-319F-45A9-A2D0-8E73D0F8F0B4} | DhcpNameServer : 201.82.0.52 201.82.0.64 ([X][X]) -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D78C5430-7391-4FF8-8409-DB43D47B6334} | DhcpNameServer : 201.82.0.52 201.82.0.64 ([X][X]) -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{DC1B5135-A511-4CC9-B4AF-313F39F56973} | DhcpNameServer : 201.82.0.52 201.82.0.64 ([X][X]) -> Encontrado


Make sure those entries are Checkmarked (ticked) also ensure that all other entries are not Checkmarked

Open the Tasks tab and locate the following detections:

[Suspicious.Path] \svchost -- C:\Users\Mah Sebinelli\AppData\Local\Temp\2NL644M9Q\2NL644M9Q.exe -> Encontrado
[Suspicious.Path] \UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 -- C:\Windows\TEMP\DeleteFolderTask.exe -> Encontrado


Make sure those entries are Checkmarked (ticked) also ensure that all other entries are not Checkmarked

Open the Files tab and locate the following detections:

[Hidden.ADS][Stream] C:\Windows\System32:7E6DA988_Uni.gbp -> Encontrado
[Hidden.ADS][Stream] C:\Windows\System32:D087ADE2_Uni.gbp -> Encontrado
[Hj.Name][Arquivo] C:\Users\Mah Sebinelli\AppData\Local\Temp\Rar$EXa0.199\Chameleon\Windows\rundll32.exe -> Encontrado
[Hj.Name][Arquivo] C:\Users\Mah Sebinelli\AppData\Local\Temp\Rar$EXa0.199\Chameleon\Windows\svchost.exe -> Encontrado
[Hj.Name][Arquivo] C:\Users\Mah Sebinelli\AppData\Local\Temp\Rar$EXa0.199\Chameleon\Windows\winlogon.exe -> Encontrado
[Tr.Generic][Arquivo] C:\ProgramData\System32\SafeGuard64.dll -> Encontrado
[PUP][Pasta] C:\ProgramData\{883B8AEB-8992-48EA-868D-33C65435DFA9} -> Encontrado
[PUP][Pasta] C:\ProgramData\{AA6BF06E-316C-487A-9BC2-5F06A43C56B1} -> Encontrado
[PUP][Pasta] C:\ProgramData\{C7C1B5DB-5639-4D3E-8FC2-D168C5FA4273} -> Encontrado
[Hj.Name][Arquivo] C:\$Recycle.Bin\S-1-5-21-757395413-1150569187-3012842994-1001\$R8HE4VT\Windows\rundll32.exe -> Encontrado
[Hj.Name][Arquivo] C:\$Recycle.Bin\S-1-5-21-757395413-1150569187-3012842994-1001\$R8HE4VT\Windows\svchost.exe -> Encontrado
[Hj.Name][Arquivo] C:\$Recycle.Bin\S-1-5-21-757395413-1150569187-3012842994-1001\$R8HE4VT\Windows\winlogon.exe -> Encontrado


Make sure those entries are Checkmarked (ticked) also ensure that all other entries are not Checkmarked

Hit the Delete button, when complete select "Report" in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference.
 
Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

  • Double-click to run it. When the tool opens click Yes to disclaimer.
    (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt)  Please attach those logs to your reply.


Let me see those logs in your reply,

Thank you,

Kevin

Link to post
Share on other sites

Double-click RogueKiller.exe to run again. (Vista/7/8/10 right-click and select Run as Administrator)

When "initializing/pre-scan” completes press the Scan button, this may take a few minutes to complete.

When the scan completes open the Processes tab and locate the following detections:

[VT.Trojan:Win32/Posehost.A] XBLive.exe(2504) -- C:\Users\Mah Sebinelli\AppData\Roaming\XBox\XBLive.exe[x] -> Encontrado

Make sure those entries are Checkmarked (ticked) also ensure that all other entries are not Checkmarked


Open the Registry tab and locate the following detections:

[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : -> Encontrado
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 201.82.0.52 201.82.0.64 ([X][X]) -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 201.82.0.52 201.82.0.64 ([X][X]) -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{25E26A43-21BB-4955-986A-83C225D030D6} | DhcpNameServer : 201.82.0.52 201.82.0.64 ([X][X]) -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{68C1F9F3-43D3-4940-9277-A3AD48FFE5C5} | DhcpNameServer : 201.82.0.52 201.82.0.64 ([X][X]) -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BDC165E5-319F-45A9-A2D0-8E73D0F8F0B4} | DhcpNameServer : 201.82.0.52 201.82.0.64 ([X][X]) -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D78C5430-7391-4FF8-8409-DB43D47B6334} | DhcpNameServer : 201.82.0.52 201.82.0.64 ([X][X]) -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DC1B5135-A511-4CC9-B4AF-313F39F56973} | DhcpNameServer : 201.82.0.52 201.82.0.64 ([X][X]) -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{25E26A43-21BB-4955-986A-83C225D030D6} | DhcpNameServer : 201.82.0.52 201.82.0.64 ([X][X]) -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{68C1F9F3-43D3-4940-9277-A3AD48FFE5C5} | DhcpNameServer : 201.82.0.52 201.82.0.64 ([X][X]) -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{BDC165E5-319F-45A9-A2D0-8E73D0F8F0B4} | DhcpNameServer : 201.82.0.52 201.82.0.64 ([X][X]) -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D78C5430-7391-4FF8-8409-DB43D47B6334} | DhcpNameServer : 201.82.0.52 201.82.0.64 ([X][X]) -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{DC1B5135-A511-4CC9-B4AF-313F39F56973} | DhcpNameServer : 201.82.0.52 201.82.0.64 ([X][X]) -> Encontrado


Make sure those entries are Checkmarked (ticked) also ensure that all other entries are not Checkmarked

Open the Tasks tab and locate the following detections:

[Suspicious.Path] \svchost -- C:\Users\Mah Sebinelli\AppData\Local\Temp\2NL644M9Q\2NL644M9Q.exe -> Encontrado
[Suspicious.Path] \UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 -- C:\Windows\TEMP\DeleteFolderTask.exe -> Encontrado


Make sure those entries are Checkmarked (ticked) also ensure that all other entries are not Checkmarked

Open the Files tab and locate the following detections:

[Hidden.ADS][Stream] C:\Windows\System32:7E6DA988_Uni.gbp -> Encontrado
[Hidden.ADS][Stream] C:\Windows\System32:D087ADE2_Uni.gbp -> Encontrado
[Hj.Name][Arquivo] C:\Users\Mah Sebinelli\AppData\Local\Temp\Rar$EXa0.199\Chameleon\Windows\rundll32.exe -> Encontrado
[Hj.Name][Arquivo] C:\Users\Mah Sebinelli\AppData\Local\Temp\Rar$EXa0.199\Chameleon\Windows\svchost.exe -> Encontrado
[Hj.Name][Arquivo] C:\Users\Mah Sebinelli\AppData\Local\Temp\Rar$EXa0.199\Chameleon\Windows\winlogon.exe -> Encontrado
[Tr.Generic][Arquivo] C:\ProgramData\System32\SafeGuard64.dll -> Encontrado
[PUP][Pasta] C:\ProgramData\{883B8AEB-8992-48EA-868D-33C65435DFA9} -> Encontrado
[PUP][Pasta] C:\ProgramData\{AA6BF06E-316C-487A-9BC2-5F06A43C56B1} -> Encontrado
[PUP][Pasta] C:\ProgramData\{C7C1B5DB-5639-4D3E-8FC2-D168C5FA4273} -> Encontrado
[Hj.Name][Arquivo] C:\$Recycle.Bin\S-1-5-21-757395413-1150569187-3012842994-1001\$R8HE4VT\Windows\rundll32.exe -> Encontrado
[Hj.Name][Arquivo] C:\$Recycle.Bin\S-1-5-21-757395413-1150569187-3012842994-1001\$R8HE4VT\Windows\svchost.exe -> Encontrado
[Hj.Name][Arquivo] C:\$Recycle.Bin\S-1-5-21-757395413-1150569187-3012842994-1001\$R8HE4VT\Windows\winlogon.exe -> Encontrado


Make sure those entries are Checkmarked (ticked) also ensure that all other entries are not Checkmarked

Hit the Delete button, when complete select "Report" in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference.
 
Next,
 
Please open Malwarebytes Anti-Malware.
 
  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete Apply Actions to any found entries.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:
 
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

 

  • Double-click to run it. When the tool opens click Yes to disclaimer.
    (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt)  Please attach those logs to your reply.

 


Let me see those logs in your reply,

Thank you,

Kevin

Link to post
Share on other sites

Thanks for those logs, continue as follows:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Download AdwCleaner by Xplode onto your Desktop.
 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Please download Junkware Removal Tool to your desktop.
 
  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....


Let me see those logs in your reply, also give an update on any remaining issues or concerns...

Thank you,

Kevin...

 

 

Fixlist.txt

Link to post
Share on other sites

Hi, Kevin!

I'm sending the logs...
When I was running the second one -  fixlist - appeared a blue screen saying that had ocurred na error and that my computer was going to be restarted.
But I was there for almost an hour and nothing was happening. So I used the power button :(
Nothing is getting this Xbox malware away and I don't even know what this Xbox thing is hahaha
Thank you, Kevin

AdwCleaner[C3].txt

Fixlog.txt

JRT.txt

SophosVirusRemovalTool.log

Link to post
Share on other sites

Thanks for those logs, run the following:

user posted imageScan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.

Click there Run ESET Online Scanner.

If using Internet Explorer:

  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.

If using Mozilla Firefox or Google Chrome:
  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.


To perform the scan:
 
  • Select "Enable detection of potentially unwanted applications"
  • Make sure that Remove found threats is Checked.
  • Scan archives is checked.
  • In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
  • Under “Enable Stealth Technology select “Change” select any extra drives in that window.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.



Please include this logfile in your next reply.

Don't forget to re-enable protection software!

Thank you,

Kevin

Link to post
Share on other sites

Hello, Kevin

I'm attaching the logfile.
Appeared several files in the scan I had taken from my computer because it was from na former user. He had installed two cracked software - photoshop and office.
I
already had uninstalled and deleted all the files related to both of them.

Thank you,

MahS

log.txt

Link to post
Share on other sites

Possibly system settings have been altered, run the following:

Download Portable Windows Repair (all in one) from one of the following:

http://www.tweaking.com/content/page/windows_repair_all_in_one.html
http://www.majorgeeks.com/Tweaking.com_-_Windows_Repair_Portable_d7222.html
http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/

Unzip the contents into a newly created folder on your desktop.

Open the folder, run the tool by right click on Repair_Windows (icon with red briefcase) select "Run as Administrator"


user posted image

From the main GUI do the following:


Select Tab 5 and Create System Restore Point


user posted image

Select Repairs tab => Click the Open repairs tab


user posted image

The repairs window will open, Check the boxes as indicated, also the "Restart" option, then select Start...


user posted image

DON'T use the computer while each scan is in progress.

Post the log, to access select "settings" tab > "open log folder" tab, log will be named _Windows_Repair_Log


user posted image


Let me see that log...
 
Try to install Chrome when complete....

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.