Would be in need of major assistance plz

[MikeNmike]

Hum dont know where to start...here are my pc spec :

Operating System-    Windows 10 Home 64-bit

CPU -    AMD Ryzen 7 1700    Summit Ridge 14nm Technology

RAM-     16.0GB Dual-Channel Unknown @ 1596MHz (16-18-18-53)

Motherboard-     ASUSTeK COMPUTER INC. PRIME X370-PRO (AM4)    34 °C

Graphics -   4095MB NVIDIA GeForce GTX 970 (MSI)    28 °C
Storage
    111GB ADATA SP550 (SSD)    34 °C
    1863GB Seagate ST2000DX002-2DV164 (SATA)    33 °C
    931GB Western Digital WDC WD10EZEX-07M2NA0 (SATA)    33 °C

ok first im french canadian so sorry in advance for my bad english sometime lol

second my pc AND internet are sluggish like its really a pain...

ok first im putting a couples of line from my router log because i think i get ddos ... like Teardrop Attack, so here goes:

log 1 to 27

 

log 27 to 56

 

Is this normal? ??

is this a cause of my slow pc/internet?

 

second...here i will post 2 screen of my MBTS showing well youll see:

 

i also made a LOGBOOK of my event error and etc...but since its really my first time posting this kind of stuff here im not sure if i can just post it strait or if there is personal info i should not...will be waiting to hear from you ...

 

thx ,

a real sad 40 yo daddy...

 

Mike

 

 

Edited January 17, 2018 by MikeNmike
stuff at wrong place in text

[kevinf80]

Kello MikeNmike and welcome to Malwarebytes,

Run the following and post the two produced logs....

Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status...   Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Thank you, Kevin...

[MikeNmike]

@Ron

thank you very much for your helping hand im very gratefull ,

 

here are your logs

 FRST.txt

 

Addition.txt

 

 

[kevinf80]

Thanks for those logs MikeNmike, continue....

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix" NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Open Malwarebytes Anti-Malware.   On the Settings tab > Protection Scroll to and make sure the following are selected: Scan for Rootkits Scan within Archives   Scroll further to Potential Threat Protection make sure the following are set as follows: Potentially Unwanted Programs (PUP`s) set as :- Always detect PUP`s (recommended) Potentially Unwanted Modifications (PUM`s) set as :- Alwaysdetect PUM`s (recommended)   Click on the Scan make sure Threat Scan is selected, A Threat Scan will begin. When the scan is complete if anything is found make sure that the first checkbox at the top is checked (that will automatically check all detected items), then click on the Quarantine Selected Tab If asked to restart your computer to complete the removal, please do so When complete click on Export Summary after deletion (bottom-left corner) and select Copy to Clipboard. Wait for the prompt to restart the computer to appear, then click on Yes. After the restart once you are back at your desktop, open MBAM once more to retrieve the log. To get the log from Malwarebytes do the following:   Click on the Reports tab > from main interface. Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options: Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply   Use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply… Next, Download AdwCleaner by Malwarebytes onto your Desktop. Or from this Mirror   Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Next, Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop Ensure to get the correct version for your system.... https://www.microsoft.com/en-gb/download/malicious-software-removal-tool-details.aspx Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window In the "Scan Type" window, select Quick Scan Perform a scan and Click Finish when the scan is done. Retrieve the MSRT log as follows, and post it in your next reply: 1) Select the Windows key and R key together to open the "Run" function 2) Type or Copy/Paste the following command to the "Run Function box" and Press Enter: notepad c:\windows\debug\mrt.log The log will include log details for each time MSRT has run, we only need the most recent log by date and time.... Let me see those logs in your reply, also tell me if there any remaining issues or concerns.... Thank you, Kevin....

fixlist.txt

[MikeNmike]

here i should have done all thing right

Fixlog.txtMB

hyper Scan.txt

AdwCleaner[S5].txt

mrt.log

AdwCleaner[C2].txt

 

Oh and in my first the router log i put in am i being DDOS ? 

 

thx again

[kevinf80]

It looked very much like a Denial of Service (DOS) attack... What is happening with your system now, any odd or erratic behavior, same for your browser..

Edited January 17, 2018 by kevinf80

[MikeNmike]

well hard to say since a couples of days it is very stable  because i manage to re-install asus ai suite 3 in... but if i could show you my PC event log its un immaginable i swear.

Say would it be possible to talk LIVE in person just a couple minutes im french canadian and i could explain better my prob and am affraid to post confidential thing if i ppost here, plus i would be more than happy to give a donation for the help you are giving me but i could more easely explain and maybe even show in private to you.

 

i think i have a permission error or invalid because i rebooted so many times and tried so many stuff.

So please tell me i can talk to you for a glimpse of time my good man, im 40 not a kid so i really am serious and mature 

 

thx 

mike

 

@kevinf80

 

Edited January 17, 2018 by MikeNmike

[kevinf80]

I only work via logs here at Malwarebytes forum, I do not use Team viewer or other such software.. If you want to discuss your situation maybe you should contact a local Computer repair shop or similar... If you want to continue do the following:

Reset your router, instructons available at the following link: http://setuprouter.com/networking/how-to-reset-your-router/ Follow those instructions very carefully. Next, Download and unzip DNSJumper to your Desktop, the tool is portable no installation necessary. Tool can be downloaded here: http://www.sordum.org/downloads/?dns-jumper   Right click on Dnsjumper.exe and select "Run as Administrator" to start the tool, For XP just double click to run. From the left hand pane select "Flush DNS" From the main interface select the dropdown under "Choose a DNS Server" From the list select either "Google Public DNS" or "Open DNS" From the left hand pane select "Apply DNS" When done re-boot your system.... Next, Download Portable Windows Repair (all in one) from one of the following: www.tweaking.com/files/setups/tweaking.com_windows_repair_aio.zip http://www.majorgeeks.com/mg/getmirror/tweaking_com_windows_repair_portable,1.html https://www.bleepingcomputer.com/download/windows-repair-all-in-one/ Unzip the contents into a newly created folder on your desktop. Boot your system to Safe mode, instructions here: https://support.microsoft.com/en-gb/help/12376/windows-10-start-your-pc-in-safe-mode Open the Tweaking.com folder, run the tool by right click on Repair_Windows (icon with red briefcase) select "Run as Administrator" From the main GUI do the following: Select Tab 5 to make Registry backup, use the recommended option... When complete select "Repairs" tab, from there select "Open Repairs" tab.. From that window select the default option and checkmarck "Select All" box. When ready select "Start Repairs" tab.... When complete re-boot your system, see if there is any improvement... Logs are saved to the Tweaking.com folder on your Desktop, the one to post is _Windows_Repair_Log.txt Thanks, Kevin..

 

[MikeNmike]

ok will continu right away thx

[MikeNmike]

• here is the log 
• _Windows_Repair_Log.txt

is there a way i can send you a private message or something...i would send you the one i have that is killing me...i will try and send u a pm

[kevinf80]

Hello MikeNmike,

Can you zip up the log from Tweaking and attach to your next reply, I cannot open the log in reply #10

[MikeNmike]

48 minutes ago, MikeNmike said:

• here is the log @kevinf80
• _Windows_Repair_Log.zip

is there a way i can send you a private message or something...i would send you the one i have that is killing me...i will try and send u a pm 

-------nvm this last part about the pm even tho its sent...anyhow lol

@kevinf80

Edited January 17, 2018 by MikeNmike

[kevinf80]

Has Tweaking.com tool made any difference to your system or do you still have issues/concerns...? Please download VEW by Vino Rosso from HERE and save it to your Desktop. Double-click VEW.exe. to start, Vista and Windows 7/8/10 users Right Click and select "Run as Administrator" Under 'Select log to query...check the boxes for both Application and System. Under 'Select type to list... select both Error and Critical. Click the radio button for 'Number of events...Type 15 in the 1 to 20 box. Then click the Run button. Notepad will open with the output log. It will take a couple of minutes to generate the log, please be patient. Please post the Output log in your next reply.

[MikeNmike]

@kevinf80 here you go sorry for the wait was busy man ,

VEW.txt

 

let me know what next buddy

 

Mike

[kevinf80]

What exactly is happening with your computer now, is there erratic behavior, are there unexpected shutdowns or crashes...

[MikeNmike]

@kevinf80

well it crashed about 45 minutes ago by itself while i was talking on ts with buddy...and still slow internet slowlines i dont think i have...because its really the pc by itself thats slow like i click to open a app or right click to open the little menu and randomly it can be or instant or take 15-20 seconds to open as for my last crash i will try to give u the entry for it in a minutes or so

[MikeNmike]

VEW.txt

also when my pc crash (and it started doing this only a little while ago) its supposed to be a BSOD but the screen is in a frozen state and the image is all streached or censoreded up and i have to push power to make my pc stop and push o start it again

 

also i seem to have too many user in my pc or place with access is restricted could you show me how i can delete all profile on my pc and like only keep one and give it full ADMIN acces to my pc , because cant fint it but i get an error from my pc saying it cant overwrite something , that my profile dont have acces but at my last format i did something to permissioon and then again censored up thing :\

oh here found it ----->

 The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user REAPER\jclev SID (S-1-5-21-2166863868-2162972767-3577252014-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

 

and heres the full thing

 

found it.txt

 

[kevinf80]

I cannot open the file "found it.txt" can you zip that file up and resend...

The following is all accounts I see listed from FRST logs, which ones do you want to remove.. Four (4) are currently disabled. Only "jclev" account is active with Admin status..

Quote

Administrator (S-1-5-21-2166863868-2162972767-3577252014-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2166863868-2162972767-3577252014-503 - Limited - Disabled)
Guest (S-1-5-21-2166863868-2162972767-3577252014-501 - Limited - Disabled)
jclev (S-1-5-21-2166863868-2162972767-3577252014-1001 - Administrator - Enabled) => C:\Users\jclev
WDAGUtilityAccount (S-1-5-21-2166863868-2162972767-3577252014-504 - Limited - Disabled)

Regarding the crashes, or frozen screen problem. looking at your event logs it seems to suggest there maybe more than one issue. The main one being a possible power management problem..

Can you check if the following folder is present, C:\Windows\minidump if it is, copy that folder, save to your Desktop, from there zip up and attach to your reply...

[MikeNmike]

3 hours ago, MikeNmike said:

here is the file ---> VEW.7z

My main account is jclev, but in error sometimes i find that my main does not have all access to all my drives or folder im not sur so if possible i would like , if you could guide me how to :

1. to create a new admin profile (JCLevac) and give him FULL ACCESS to ALL in my pc and delete all the rest , because it was my main profile name its my real name (Jean-Claude Levac) but dont know why in my last years of reboot it got change prob by virus or whatever.

 

2. if its not possible to do #1 then to delete all exept jclev but give him (me) full access to all since it seem to be missing some place

 

Mike

 

Oups forgot the minidump folder...yes its there but it's empty???

is it normal?

Quote

 

@kevinf80

 

Edited January 19, 2018 by MikeNmike
Missing stuff

[MikeNmike]

and for the power management i have a brand new : Thermaltake Thoughpower RGB 650W 80 plus gold certified full modular

Part number : TPG-0650F-R

Would there be a way to test the watt  (electricity ) of my pc , or test my power supply to see if its ok or defective because with my pc i think 650w is enough , no?

 

my pc specs : 

Operating System
 Windows 10 Home 64-bit
CPU
 AMD Ryzen 7 1700 27 °C
 Summit Ridge 14nm Technology
RAM
 16.0GB Dual-Channel Ripjaws VF4-3200C16D-16GVKB @ 1330MHz (16-19-19-44)
Motherboard
 ASUSTeK COMPUTER INC. PRIME X370-PRO (AM4) 34 °C
Graphics
 LG TV (1920x1080@60Hz)
 4095MB NVIDIA GeForce GTX 970 (MSI) 29 °C
Storage
 111GB ADATA SP550 (SSD) 34 °C
 1863GB Seagate ST2000DX002-2DV164 (SATA) 32 °C
 931GB Western Digital WDC WD10EZEX-07M2NA0 (SATA) 32 °C
Optical Drives
 No optical disk drives detected
Audio
 Logitech G35 Gaming Headset
Mouse
        Logitech G502
Keyboard
        Logitech G810
Cooling
        Xigmatek Scylla 120  HB114

Fan
        5 fans all 120mm (6 counting the cooling system one)

[kevinf80]

Create Admin account  https://support.microsoft.com/en-gb/help/4026923/windows-create-a-local-user-or-administrator-account-in-windows-10

Remove local accounts https://answers.microsoft.com/en-us/windows/forum/windows_10-security/how-to-delete-local-user-accounts-on-windows-10/336bde42-5c49-41c3-a7e9-ebba0b7531bb

Quote

and for the power management i have a brand new : Thermaltake Thoughpower RGB 650W 80 plus gold certified full modular

Is that a new upgrade from a previously installed Power Supply Unit..?

Your system freezes/crashing do not seem to be malware/infection related, your event log is listing power issues, hence I ask about the PSU you have installed..

[MikeNmike]

POWER SUPPLY BOUGHT :21 August 2017 brand new for 124.99 cad , almost at the same time i bought my ryzen 1700 , my motherboard and my ram...think i bought the power supply 1 month after my setup.

oh and to set permission to mthe future new profile could you help me because i seem to get error saying "jclev" is missing some but not good enough to know where i miss them 

oh here found it ----->

 The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user REAPER\jclev SID (S-1-5-21-2166863868-2162972767-3577252014-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

 

Quote

 

7 hours ago, MikeNmike said:

 

 

Edited January 19, 2018 by MikeNmike

[kevinf80]

I`ve got two registry fixes for CLSID`s you mention,  Make sure to boot and open to this account: "jclev"

Next,

Make a fresh restore point, use the instructions at the following link:

https://www.windowscentral.com/how-use-system-restore-windows-10

If a fresh restore point is not completed do not progress....

Next,

I`ve attached two zip files, they can be identified by the name, its the CLSD .zip Unzip both files to your Desktop, they will now be .reg files. Right click on each file in turn and select "Run as Administrator" agree any alerts or merges... Repeat for second file then reboot your system..... The permissions should be corrected.....

Next,

Back to the crash/freeze issue, is that still happening..?

 

 

{D63B10C5-BB46-4990-A94F-E40B9D520160}.zip

{9CA88EE3-ACB7-47c8-AFC4-AB702511C276}.zip

[MikeNmike]

@kevinf80

 

ok tired of my pc shitty behavior ,

 

1. could you tell me the best way to format my pc from scratch ,

2.  to assign my 3 hard drives properly (1 ssd 120g, hdd 1t, 1 hybrid hdd 2t ) to me and only me as user and admin

3. and the proper way to install my drivers (where to get them / do i need thing i might not be aware) BUT MOSTY  THE order in witch to in stall the witch is the first second etc

 

thx man im just tired of not being able to use my pc 

 

ah also i have a usb boot for my windows if if you think thats what i will need (telling you so u save time explaining how to do one) just not sure how to use it

 

[kevinf80]

Hello again MikeNmike,

This is a Malware/Infection removal forum, I personally do not do the service you ask for... Malwarebytes does have a General Windows PC help at the following link:

https://forums.malwarebytes.com/forum/6-general-windows-pc-help/

Or maybe try here: https://support.microsoft.com/en-gb/help/4000735/windows-10-reinstall

I just do not have the time for what you ask, i work other malware/infection removal forums. I also have private contracts to honor..

Thank you,

Kevin,