Jump to content

Virus, cant download anything


Recommended Posts

I downloaded a virus and i cant download anything or open certain things, i cant even download malware bites to fix it, itll go through the installtion process then just crash, please help! 

I cant install anythign on the computer after i downloaded the virus, and i cant restore my pc ive already tried.

 

 

Link to post
Share on other sites

Hi Max :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.

  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
    This being said, I have a full time job, and I also have night classes on Mondays and Wednesdays, which means that if you reply during these two days, it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;


This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Are you able to follow the instructions in the thread below, and download and execute FRST? If so, please do it and provide me the logs asked (FRST.txt and Addition.txt).

https://forums.malwarebytes.org/topic/189257-virus-cant-download-anything/

 

Link to post
Share on other sites

16 minutes ago, Aura said:

Hi Max :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.

  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
    This being said, I have a full time job, and I also have night classes on Mondays and Wednesdays, which means that if you reply during these two days, it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;


This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Are you able to follow the instructions in the thread below, and download and execute FRST? If so, please do it and provide me the logs asked (FRST.txt and Addition.txt).

https://forums.malwarebytes.org/topic/189257-virus-cant-download-anything/

 

Here are the logs,

 

FRST.txt

Addition.txt

Link to post
Share on other sites

Thank you :)

Now, we'll run a first FRST fix. A file called Upload.zip will be created on your desktop after running it. Please upload it to the link below.

http://www.bleepingcomputer.com/submit-malware.php?channel=194

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;

After that, I would like you to follow the instructions in the thread below to perform a clean uninstall of Malwarebytes Anti-Malware. Once done, download a new installer for it and try to install it. If it works, run a scan and provide me the log. If it doesn't work, let me know.

https://forums.malwarebytes.org/topic/146017-mbam-clean-removal-process-2x/

0isDeWa.pngMalwarebytes Anti-Malware - Clean Mode

  • Download and install the free version of Malwarebytes Anti-Malware
    Note: It's your choice if you want to enable the free trial of Malwarebytes Premium or not. Enabling it will give you real-time protection from the program, as well as access to all the Premium features.
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the Update Now button;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the checkbox by Threat is checked (it means that every item detected is checked), then click on the Remove Selected button;
  • Click on Save Results after the deletion (in the bottom-right corner) and select Copy to clipboard. Paste the content in your next reply;

Your next reply should include:

  • Copy/pasted content of FRST's fixlog.txt;
  • Confirmation that you uploaded the Upload.zip file to the link provided above;
  • Copy/pasted content of Malwarebytes' clean log, if you managed to install it and run a scan with it, otherwise, let me know;

fixlist.txt

Link to post
Share on other sites

48 minutes ago, Aura said:

Thank you :)

Now, we'll run a first FRST fix. A file called Upload.zip will be created on your desktop after running it. Please upload it to the link below.

http://www.bleepingcomputer.com/submit-malware.php?channel=194

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;

 

After that, I would like you to follow the instructions in the thread below to perform a clean uninstall of Malwarebytes Anti-Malware. Once done, download a new installer for it and try to install it. If it works, run a scan and provide me the log. If it doesn't work, let me know.

https://forums.malwarebytes.org/topic/146017-mbam-clean-removal-process-2x/

0isDeWa.pngMalwarebytes Anti-Malware - Clean Mode

  • Download and install the free version of Malwarebytes Anti-Malware
    Note: It's your choice if you want to enable the free trial of Malwarebytes Premium or not. Enabling it will give you real-time protection from the program, as well as access to all the Premium features.
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the Update Now button;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the checkbox by Threat is checked (it means that every item detected is checked), then click on the Remove Selected button;
  • Click on Save Results after the deletion (in the bottom-right corner) and select Copy to clipboard. Paste the content in your next reply;

 

Your next reply should include:

  • Copy/pasted content of FRST's fixlog.txt;
  • Confirmation that you uploaded the Upload.zip file to the link provided above;
  • Copy/pasted content of Malwarebytes' clean log, if you managed to install it and run a scan with it, otherwise, let me know;

 

fixlist.txt

Ok i did the first step, but the second step did not work, it said the program stopped working everytime i used it.

I sumbmitted the file aswell.

Fix result of Farbar Recovery Scan Tool (x64) Version: 09-10-2016
Ran by Apevia Gaming PC (10-10-2016 15:52:00) Run:3
Running from C:\Users\Apevia Gaming PC\Desktop\fixpc
Loaded Profiles: Apevia Gaming PC (Available Profiles: Apevia Gaming PC)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

Zip: C:\Users\Apevia Gaming PC\AppData\Local\Temp\375cd1a95d794114bd41e255b1b1ccb8.exe;C:\Users\Apevia Gaming PC\AppData\Local\Temp\9bebc555cb96449893f198b26b60db85.dll;C:\Users\Apevia Gaming PC\AppData\Local\Temp\b0bb4087a9c0457487c3b3973a14e6a1.exe;C:\Users\Apevia Gaming PC\AppData\Roaming\svchostinst.exe

HKLM-x32\...\Winlogon: [Userinit] userinit.exe,"C:\Windows\system32\mtstocom.exe" [X]

HKU\S-1-5-21-1306856839-197005166-639716906-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/?type=435371&fr=spigot-yhp-ie
HKU\S-1-5-21-1306856839-197005166-639716906-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.aol.com/?mtmhp=hyplogusaolc00000017&tb_uuid=9CD6B412140B48D1B54B94FCFF3FBFFF
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1306856839-197005166-639716906-1000 -> {08407F7C-84DC-43AF-AD8E-2789A2821B72} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=435371&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1306856839-197005166-639716906-1000 -> {274DB3CF-97DD-4565-9241-31D8818C50BA} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-1306856839-197005166-639716906-1000 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://web.search.aol.com/redirector/sredir?sredir=843&q={SearchTerms}&s_it=comsearch-hyplogusaolc00000017>-ie&tb_uuid=9CD6B412140B48D1B54B94FCFF3FBFFF&tb_oid=05-12-2015&tb_mrud=05-12-2015

CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR HKU\S-1-5-21-1306856839-197005166-639716906-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx

S1 ESEADriver2; \??\C:\Users\APEVIA~1\AppData\Local\Temp\ESEADriver2.sys [X]

Task: {2ECD486F-B7F9-493D-8090-3C9779F43BAB} - System32\Tasks\{28D03283-DFF6-4839-BE65-BA91E2929274} => Chrome.exe hxxp://ui.skype.com/ui/0/7.18.0.111/en/abandoninstall?page=tsProgressBar
Task: {AA298C5D-607A-4C74-902E-95D87DCD0295} - System32\Tasks\Oracle => C:\Program Files (x86)\Java\java.exe [2016-05-13] ()

C:\Program Files (x86)\Java\java.exe
C:\Windows\system32\mtstocom.exe
C:\Users\Apevia Gaming PC\AppData\Roaming\svchostinst.exe

EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
================== Zip: ===================
C:\Users\Apevia Gaming PC\AppData\Local\Temp\375cd1a95d794114bd41e255b1b1ccb8.exe -> copied successfully to C:\Users\Apevia Gaming PC\Desktop\Upload.zip
C:\Users\Apevia Gaming PC\AppData\Local\Temp\9bebc555cb96449893f198b26b60db85.dll -> copied successfully to C:\Users\Apevia Gaming PC\Desktop\Upload.zip
C:\Users\Apevia Gaming PC\AppData\Local\Temp\b0bb4087a9c0457487c3b3973a14e6a1.exe -> copied successfully to C:\Users\Apevia Gaming PC\Desktop\Upload.zip
C:\Users\Apevia Gaming PC\AppData\Roaming\svchostinst.exe -> copied successfully to C:\Users\Apevia Gaming PC\Desktop\Upload.zip
=========== Zip: End ===========
HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => value restored successfully
HKU\S-1-5-21-1306856839-197005166-639716906-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-1306856839-197005166-639716906-1000\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKU\S-1-5-21-1306856839-197005166-639716906-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{08407F7C-84DC-43AF-AD8E-2789A2821B72}" => key removed successfully
HKCR\CLSID\{08407F7C-84DC-43AF-AD8E-2789A2821B72} => key not found. 
"HKU\S-1-5-21-1306856839-197005166-639716906-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{274DB3CF-97DD-4565-9241-31D8818C50BA}" => key removed successfully
HKCR\CLSID\{274DB3CF-97DD-4565-9241-31D8818C50BA} => key not found. 
"HKU\S-1-5-21-1306856839-197005166-639716906-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}" => key removed successfully
HKCR\CLSID\{443789B7-F39C-4b5c-9287-DA72D38F4FE6} => key not found. 
Chrome HomePage => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
Chrome DefaultSuggestURL => removed successfully
"HKU\S-1-5-21-1306856839-197005166-639716906-1000\SOFTWARE\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd" => key removed successfully
ESEADriver2 => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2ECD486F-B7F9-493D-8090-3C9779F43BAB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2ECD486F-B7F9-493D-8090-3C9779F43BAB}" => key removed successfully
C:\Windows\System32\Tasks\{28D03283-DFF6-4839-BE65-BA91E2929274} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{28D03283-DFF6-4839-BE65-BA91E2929274}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AA298C5D-607A-4C74-902E-95D87DCD0295}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA298C5D-607A-4C74-902E-95D87DCD0295}" => key removed successfully
C:\Windows\System32\Tasks\Oracle => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Oracle" => key removed successfully
C:\Program Files (x86)\Java\java.exe => moved successfully
C:\Windows\system32\mtstocom.exe => moved successfully
C:\Users\Apevia Gaming PC\AppData\Roaming\svchostinst.exe => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 19720006 B
Java, Flash, Steam htmlcache => 92145841 B
Windows/system/drivers => 2442756 B
Edge => 0 B
Chrome => 366186401 B
Firefox => 211242423 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 0 B
Apevia Gaming PC => 63496057 B

RecycleBin => 3000598 B
EmptyTemp: => 731.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 15:52:46 ====

 

Fixlog.txt

Link to post
Share on other sites

Alright so there might still be something preventing Malwarebytes from running. Uninstall it, then follow the instructions below.

G0tu5D9.pngEmsisoft Emergency Kit
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.

  • Download the Emsisoft Emergency Kit and execute it. From there, click on the Extract button to extract the program in the EEK folder;
  • Once the extraction is complete, Emsisoft Emergency Kit will open, and suggest you to run an online update before using the program. Click on Yes to launch it.
  • After the update, click on Malware Scan under 2. Scan and accept to let Emsisoft Emergency Kit detect PUPs (click on Yes).
  • Once the scan is complete, make sure that every item in the list is checked, and click on Quarantine selected;
    Egla2gt.png
  • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
  • After the restart, click on the Start Emsisoft Emergency Kit icon again on your desktop to open it;
  • This time, click on Logs;
  • From there, go under the Quarantine Log tab, and click on the Export button;
    IgfWDr3.png
  • Save the log on your desktop, then open it, and copy/paste its content in your next reply;

RQKuhw1.pngRogueKiller

  • Download the right version of RogueKiller for your Windows version (32 or 64-bit);
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner);
  • Let the scan complete;
    ldMR2zP.png
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the buttom left corner);
  • This will open the report in Notepad. Copy/paste its content in your next reply;

Your next reply(ies) should include:

  • Copy/pasted content of EEK's clean log;
  • Copy/pasted content of RogueKiller's scan log;

Link to post
Share on other sites

Emsisoft Emergency Kit - Version 11.9
Last update: 10/10/2016 4:47:41 PM
User account: ApeviaGamingPC\Apevia Gaming PC
Computer name: APEVIAGAMINGPC
OS version: Windows 7x64 Service Pack 1

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:	10/10/2016 4:49:00 PM

Scanned	75765
Found	0

Scan end:	10/10/2016 4:52:51 PM
Scan time:	0:03:51

2.

I saw like 2 these go red at the bottom that looked like they were going to be detected items but then disappeared? It said something like /CONTROL/...

RogueKiller V12.7.1.0 (x64) [Oct 10 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Apevia Gaming PC [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 10/10/2016 16:55:41 (Duration : 00:22:54)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\WaNetEn -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\WaNetEn -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 4 ¤¤¤
[Suspicious.Path|Suspicious.Startup][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR A6210 Genie.lnk -> Found
[Suspicious.Path|Suspicious.Startup][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Genie.lnk -> Found
[PUP][Folder] C:\Users\Apevia Gaming PC\AppData\Local\YSearchUtil -> Found
[PUM.Firefox][File] C:\Users\Apevia Gaming PC\AppData\Roaming\Mozilla\Firefox\Profiles\ezo8p4t5.default\Invalidprefs.js -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST250DM0 00-1BD141 SATA Disk Device +++++
--- User ---
[MBR] cc86959364f14bd0fe102bcec7041706
[BSP] c456d20a2e597234b0966a68dbe93251 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 238373 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

 

Link to post
Share on other sites

1 minute ago, Aura said:

Uncheck the two Red lines (Suspicious.Path|Suspicious.Startup) and then click on Remove selected, yes. Once done, give me the clean log (Open Report) please.

here you go.

RogueKiller V12.7.1.0 (x64) [Oct 10 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Apevia Gaming PC [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 10/10/2016 16:55:41 (Duration : 00:22:54)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\WaNetEn -> Deleted
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\WaNetEn -> Deleted
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Replaced (2)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Replaced (2)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 4 ¤¤¤
[Suspicious.Path|Suspicious.Startup][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR A6210 Genie.lnk -> Not selected
[Suspicious.Path|Suspicious.Startup][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Genie.lnk -> Not selected
[PUP][Folder] C:\Users\Apevia Gaming PC\AppData\Local\YSearchUtil -> Deleted
[PUP][Folder] C:\Users\Apevia Gaming PC\AppData\Local\YSearchUtil\CrashLogs -> Deleted
[PUM.Firefox][File] C:\Users\Apevia Gaming PC\AppData\Roaming\Mozilla\Firefox\Profiles\ezo8p4t5.default\Invalidprefs.js -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST250DM0 00-1BD141 SATA Disk Device +++++
--- User ---
[MBR] cc86959364f14bd0fe102bcec7041706
[BSP] c456d20a2e597234b0966a68dbe93251 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 238373 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

 

Link to post
Share on other sites

1 minute ago, Aura said:

Good. Now, you uninstalled Malwarebytes, right? Can you tell me if the C:\ProgramData\Malwarebytes and C:\Program Files (x86)\Malwarebytes Anti-Malware still exists? If so, delete them (only after having uninstalled Malwarebytes).

It says i need admin permissions ?

Link to post
Share on other sites

Is Malwarebytes Anti-Malware uninstalled? If so, we'll delete them using FRST.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Right-click on your Desktop, select New and click on Text Document. Name it fixlist (make sure it's a .txt file) and press on Enter;
  • Open the file you just created and copy/paste the content below in it, then save it (Ctrl + S);
    CloseProcesses:
    C:\ProgramData\Malwarebytes
    C:\Program Files (x86)\Malwarebytes Anti-Malware
    
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;

 

Link to post
Share on other sites

Fix result of Farbar Recovery Scan Tool (x64) Version: 10-10-2016
Ran by Apevia Gaming PC (10-10-2016 18:13:32) Run:4
Running from C:\Users\Apevia Gaming PC\Desktop\fixpc
Loaded Profiles: Apevia Gaming PC (Available Profiles: Apevia Gaming PC)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
C:\ProgramData\Malwarebytes
C:\Program Files (x86)\Malwarebytes Anti-Malware
*****************

Processes closed successfully.
C:\ProgramData\Malwarebytes => moved successfully
C:\Program Files (x86)\Malwarebytes Anti-Malware => moved successfully


The system needed a reboot.

==== End of Fixlog 18:13:33 ====

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.