Go Back   Cyber Tech Help Support Forums > Software > Malware Removal
Reload this Page Panda viewer
Register FAQ Calendar Search Today's Active Topics Mark Forums Read

Notices

Reply
Page 2 of 2 1 2
 
Topic Tools
  #16  
Old April 15th, 2018, 11:29 PM
luzchurch luzchurch is offline
Senior Member
  
Join Date: Nov 2004
Posts: 324
I tried FRST again. It goes through the process normally but the process encounters a problem when I try the Fix button. How do I proceed?
Reply With Quote


  #17  
Old April 16th, 2018, 04:56 PM
luzchurch luzchurch is offline
Senior Member
  
Join Date: Nov 2004
Posts: 324
This morning I tried again and it did finish the test. Here is the log file:

Fix result of Farbar Recovery Scan Tool (x86) Version: 15.04.2018
Ran by owner (16-04-2018 11:33:31) Run:4
Running from C:\Documents and Settings\owner\My Documents\Downloads
Loaded Profiles: owner & (Available Profiles: owner & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-507921405-1284227242-1417001333-1003\...\Run: [*rrzwvnyvrr<*>] => "C:\Documents and Settings\owner\Local Settings\Application Data\f003ad\9595f3.bat" <==== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-507921405-1284227242-1417001333-1003\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\.0\Reader\AdobeCollabSync.exe [746376 2014-05-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-507921405-1284227242-1417001333-1003\...\MountPoints2: H - H:\LaunchU3.exe -a
HKU\S-1-5-21-507921405-1284227242-1417001333-1003\...\MountPoints2: {01048412-a396-11e2-999b-001d72aca64d} - H:\LaunchU3.exe -a
HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796\...\Run: [*rrzwvnyvrr<*>] => "C:\Documents and Settings\owner\Local Settings\Application Data\f003ad\9595f3.bat" <==== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [746376 2014-05-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796\...\MountPoints2: H - H:\LaunchU3.exe -a
HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796\...\MountPoints2: {01048412-a396-11e2-999b-001d72aca64d} - H:\LaunchU3.exe -a
HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609\...\Run: [*rrzwvnyvrr<*>] => "C:\Documents and Settings\owner\Local Settings\Application Data\f003ad\9595f3.bat" <==== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [746376 2014-05-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609\...\MountPoints2: H - H:\LaunchU3.exe -a
HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609\...\MountPoints2: {01048412-a396-11e2-999b-001d72aca64d} - H:\LaunchU3.exe -a
URLSearchHook: [S-1-5-21-507921405-1284227242-1417001333-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063621187] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-21-507921405-1284227242-1417001333-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063652656] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\S-1-5-21-507921405-1284227242-1417001333-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-507921405-1284227242-1417001333-1003 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-05-14] (Oracle Corporation)
FF ProfilePath: C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\l0eutqyb.default-1494803957500 [not found] <==== ATTENTION
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{004B49B7-11B9-5058-AA22-08DD0A3ADC4B}\InprocServer32 -> {1874A415-9468-D082-4334-05E985889A47} => No File
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{DD0822AA-3A0A-4BDC-B749-4B00B9115850}\InprocServer32 -> {55F8EFAD-9468-D082-FB7F-89A485889A47} => No File
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{004B49B7-11B9-5058-AA22-08DD0A3ADC4B}\InprocServer32 -> {1874A415-9468-D082-4334-05E985889A47} => No File
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{DD0822AA-3A0A-4BDC-B749-4B00B9115850}\InprocServer32 -> {55F8EFAD-9468-D082-FB7F-89A485889A47} => No File
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{004B49B7-11B9-5058-AA22-08DD0A3ADC4B}\InprocServer32 -> {1874A415-9468-D082-4334-05E985889A47} => No File
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{DD0822AA-3A0A-4BDC-B749-4B00B9115850}\InprocServer32 -> {55F8EFAD-9468-D082-FB7F-89A485889A47} => No File
2018-04-09 17:24 - 2018-04-09 17:24 - 000503208 _____ (Piriform Ltd) C:\Documents and Settings\owner\Local Settings\Temp\ccupdate.exe
2018-04-09 09:49 - 2016-03-09 01:00 - 000718336 _____ (Microsoft Corporation) C:\Documents and Settings\owner\Local Settings\Temp\dllnt_dump.dll
2018-04-07 07:00 - 2018-04-07 06:59 - 000457016 _____ () C:\Documents and Settings\owner\Local Settings\Temp\DoubleClick.exe
2018-04-07 06:59 - 2018-04-07 07:00 - 002158592 _____ () C:\Documents and Settings\owner\Local Settings\Temp\installer_mi.exe
2018-04-07 06:58 - 2018-04-07 06:59 - 000860523 _____ ( ) C:\Documents and Settings\owner\Local Settings\Temp\setup.exe
2015-08-14 08:29 - 2015-07-29 16:08 - 000681097 _____ (SQLite Development Team) C:\Documents and Settings\owner\Local Settings\Temp\sqlite3.dll
2018-04-07 07:00 - 2018-04-07 07:00 - 004450288 _____ ( ) C:\Documents and Settings\owner\Local Settings\Temp\SystemHealer.exe
2018-04-07 06:59 - 2018-04-07 06:59 - 000457016 _____ () C:\Documents and Settings\owner\Local Settings\Temp\zdj.exe
C:\Documents and Settings\owner\Local Settings\Temp\dllnt_dump.dll
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMPDCCB2FA [306]
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063528750\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063637687\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063539718\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638125\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063528750\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063637687\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063539718\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638125\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-21-507921405-1284227242-1417001333-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
HKU\S-1-5-21-507921405-1284227242-1417001333-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063621187\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-21-507921405-1284227242-1417001333-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063652656\Control Panel\Desktop\\Wallpaper -> (None)
HKLM\...\regfile\shell\open\command: C:\WINDOWS\REGEDIT.EXE /M "%L" <==== ATTENTION
HKLM\...\batfile\shell\open\command: C:\WINDOWS\system32\CMD.EXE /C Call "%L" %* <==== ATTENTION
HKLM\...\cmdfile\shell\open\command: C:\WINDOWS\system32\CMD.EXE /C Call "%L" %* <==== ATTENTION
2018-04-07 07:36 - 2018-04-09 15:39 - 003072054 _____ C:\Documents and Settings\owner\.bmp
2018-04-07 07:36 - 2018-04-09 15:39 - 000000000 _____ C:\Documents and Settings\owner\mp
2018-04-07 07:04 - 2018-04-07 07:49 - 003072054 _____ C:\Documents and Settings\owner\Local Settings\Application Data\.bmp
2018-04-07 07:04 - 2018-04-07 07:49 - 000000000 _____ C:\Documents and Settings\owner\Local Settings\Application Data\mp
C:\Documents and Settings\owner\Local Settings\Application Data\.bmp
C:\Documents and Settings\owner\Local Settings\Application Data\mp
2018-03-30 16:38 - 2018-03-30 16:38 - 000276578 _____ C:\Documents and Settings\owner\My Documents\hamsanada.bmp
2018-03-30 16:33 - 2018-03-30 16:33 - 000115390 _____ C:\Documents and Settings\owner\My Documents\skandamanorama.bmp
1618-10-21 21:05 - 1618-10-21 21:05 - 000096256 ____N (Microsoft Corporation) C:\Program Files\NYqasgsZY.exe
CMD: ipconfig /flushdns
EMPTYTEMP:
*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-507921405-1284227242-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Run \\*rrzwvnyvrr<*>" => not found
"HKU\S-1-5-21-507921405-1284227242-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Run \\Adobe Reader Synchronizer" => not found
HKU\S-1-5-21-507921405-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\MountPoints2\H => not found
HKU\S-1-5-21-507921405-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\MountPoints2\{01048412-a396-11e2-999b-001d72aca64d} => not found
HKLM\Software\Classes\CLSID\{01048412-a396-11e2-999b-001d72aca64d} => not found
HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796\...\Run: [*rrzwvnyvrr<*>] => "C:\Documents and Settings\owner\Local Settings\Application Data\f003ad\9595f3.bat" <==== ATTENTION (Value Name with invalid characters) => Error: No automatic fix found for this entry.
HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [746376 2014-05-08] (Adobe Systems Incorporated) => Error: No automatic fix found for this entry.
HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796\...\MountPoints2: H - H:\LaunchU3.exe -a => Error: No automatic fix found for this entry.
HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796\...\MountPoints2: {01048412-a396-11e2-999b-001d72aca64d} - H:\LaunchU3.exe -a => Error: No automatic fix found for this entry.
HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609\...\Run: [*rrzwvnyvrr<*>] => "C:\Documents and Settings\owner\Local Settings\Application Data\f003ad\9595f3.bat" <==== ATTENTION (Value Name with invalid characters) => Error: No automatic fix found for this entry.
HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [746376 2014-05-08] (Adobe Systems Incorporated) => Error: No automatic fix found for this entry.
HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609\...\MountPoints2: H - H:\LaunchU3.exe -a => Error: No automatic fix found for this entry.
HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609\...\MountPoints2: {01048412-a396-11e2-999b-001d72aca64d} - H:\LaunchU3.exe -a => Error: No automatic fix found for this entry.
URLSearchHook: [S-1-5-21-507921405-1284227242-1417001333-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063621187] ATTENTION => Default URLSearchHook is missing => Error: No automatic fix found for this entry.
URLSearchHook: [S-1-5-21-507921405-1284227242-1417001333-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063652656] ATTENTION => Default URLSearchHook is missing => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-507921405-1284227242-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => not found
HKU\S-1-5-21-507921405-1284227242-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} => not found
HKLM\Software\Classes\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => not found
SearchScopes: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = => Error: No automatic fix found for this entry.
SearchScopes: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = => Error: No automatic fix found for this entry.
SearchScopes: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = => Error: No automatic fix found for this entry.
SearchScopes: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => not found
HKLM\Software\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => not found
HKLM\Software\MozillaPlugins\Adobe Reader => not found
"C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll" => not found
HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmj mplflapaojjnihcjkigck => not found
HKLM\SOFTWARE\Google\Chrome\Extensions\gomekmidlod glbbmalcneegieacbdmki => not found
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{004B49B7-11B9-5058-AA22-08DD0A3ADC4B}\InprocServer32 -> {1874A415-9468-D082-4334-05E985889A47} => No File => Error: No automatic fix found for this entry.
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796_Classes\CLSID\{DD0822AA-3A0A-4BDC-B749-4B00B9115850}\InprocServer32 -> {55F8EFAD-9468-D082-FB7F-89A485889A47} => No File => Error: No automatic fix found for this entry.
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{004B49B7-11B9-5058-AA22-08DD0A3ADC4B}\InprocServer32 -> {1874A415-9468-D082-4334-05E985889A47} => No File => Error: No automatic fix found for this entry.
CustomCLSID: HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609_Classes\CLSID\{DD0822AA-3A0A-4BDC-B749-4B00B9115850}\InprocServer32 -> {55F8EFAD-9468-D082-FB7F-89A485889A47} => No File => Error: No automatic fix found for this entry.
HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{004B49B7-11B9-5058-AA22-08DD0A3ADC4B} => not found
HKU\S-1-5-21-507921405-1284227242-1417001333-1003_Classes\CLSID\{DD0822AA-3A0A-4BDC-B749-4B00B9115850} => not found
"C:\Documents and Settings\owner\Local Settings\Temp\ccupdate.exe" => not found
"C:\Documents and Settings\owner\Local Settings\Temp\dllnt_dump.dll" => not found
"C:\Documents and Settings\owner\Local Settings\Temp\DoubleClick.exe" => not found
"C:\Documents and Settings\owner\Local Settings\Temp\installer_mi.exe" => not found
"C:\Documents and Settings\owner\Local Settings\Temp\setup.exe" => not found
"C:\Documents and Settings\owner\Local Settings\Temp\sqlite3.dll" => not found
"C:\Documents and Settings\owner\Local Settings\Temp\SystemHealer.exe" => not found
"C:\Documents and Settings\owner\Local Settings\Temp\zdj.exe" => not found
"C:\Documents and Settings\owner\Local Settings\Temp\dllnt_dump.dll" => not found
"AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMPDCCB2FA [306]" => "AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMPDCCB2FA [306]" ADS not found.
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063528750\Control Panel\Desktop\\Wallpaper -> (None) => Error: No automatic fix found for this entry.
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063637687\Control Panel\Desktop\\Wallpaper -> (None) => Error: No automatic fix found for this entry.
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063539718\Control Panel\Desktop\\Wallpaper -> (None) => Error: No automatic fix found for this entry.
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638125\Control Panel\Desktop\\Wallpaper -> (None) => Error: No automatic fix found for this entry.
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063528750\Control Panel\Desktop\\Wallpaper -> (None) => Error: No automatic fix found for this entry.
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063637687\Control Panel\Desktop\\Wallpaper -> (None) => Error: No automatic fix found for this entry.
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063539718\Control Panel\Desktop\\Wallpaper -> (None) => Error: No automatic fix found for this entry.
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638125\Control Panel\Desktop\\Wallpaper -> (None) => Error: No automatic fix found for this entry.
HKU\S-1-5-21-507921405-1284227242-1417001333-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp => Error: No automatic fix found for this entry.
HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063543796\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp => Error: No automatic fix found for this entry.
HKU\S-1-5-21-507921405-1284227242-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063638609\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp => Error: No automatic fix found for this entry.
HKU\S-1-5-21-507921405-1284227242-1417001333-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063621187\Control Panel\Desktop\\Wallpaper -> (None) => Error: No automatic fix found for this entry.
HKU\S-1-5-21-507921405-1284227242-1417001333-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04122018063652656\Control Panel\Desktop\\Wallpaper -> (None) => Error: No automatic fix found for this entry.
HKLM\Software\Classes\regfile\shell\open\command\\ Default => value restored successfully
HKLM\Software\Classes\batfile\shell\open\command\\ Default => value restored successfully
HKLM\Software\Classes\cmdfile\shell\open\command\\ Default => value restored successfully
"C:\Documents and Settings\owner\.bmp" => not found
"C:\Documents and Settings\owner\mp" => not found
"C:\Documents and Settings\owner\Local Settings\Application Data\.bmp" => not found
"C:\Documents and Settings\owner\Local Settings\Application Data\mp" => not found
"C:\Documents and Settings\owner\Local Settings\Application Data\.bmp" => not found
"C:\Documents and Settings\owner\Local Settings\Application Data\mp" => not found
"C:\Documents and Settings\owner\My Documents\hamsanada.bmp" => not found
"C:\Documents and Settings\owner\My Documents\skandamanorama.bmp" => not found
"C:\Program Files\NYqasgsZY.exe" => not found

========= ipconfig /flushdns =========



Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 9773 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 0 B
Java, Flash, Steam htmlcache => 1066 B
Windows/system/dllcache/drivers => 15216 B
Edge => 0 B
Chrome => 0 B
Firefox => 91825611 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Documents and Settings => 0 B
Default User => 0 B
All Users => 0 B
systemprofile => 0 B
LocalService => 424 B
NetworkService => 648154 B
owner => 74746139 B
Administrator => 66228 B

RecycleBin => 220898 B
EmptyTemp: => 159.8 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 11:40:03 ====
Reply With Quote
  #18  
Old April 16th, 2018, 07:19 PM
olgun52's Avatar
olgun52 olgun52 is online now
Malware Removal Team
  
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 1,868
Okay.

Please now do this following.

Step1:
Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
Step2:
Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.

If asked to restart the computer, please do so immediately.
Reply With Quote
  #19  
Old April 19th, 2018, 03:43 PM
luzchurch luzchurch is offline
Senior Member
  
Join Date: Nov 2004
Posts: 324
I ran into problems here. The malwarebytes program worked OK and but found no infected files. As such no report was generated.
When I tried to run the adware cleaner, it asked for some missing dll file which I found in my laptop and pasted it in the same folder. Then this message appeared in the dialog box:
The procedure entry point_except_handler4_common could not be located in the dynamic link library mvcrt.dll
Any suggestions? Thanks.
Reply With Quote
  #20  
Old April 20th, 2018, 11:03 AM
olgun52's Avatar
olgun52 olgun52 is online now
Malware Removal Team
  
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 1,868
Quote:
Originally Posted by luzchurch View Post
I ran into problems here. The malwarebytes program worked OK and but found no infected files. As such no report was generated.
When I tried to run the adware cleaner, it asked for some missing dll file which I found in my laptop and pasted it in the same folder. Then this message appeared in the dialog box:
The procedure entry point_except_handler4_common could not be located in the dynamic link library mvcrt.dll
Any suggestions? Thanks.
The main reason for these errors are:Software problem. Runtime components of Visual C++ Libraries are missing.

Your platform: Microsoft Windows XP Professional Service Pack 3 (X86)

Your operating system is now very long time, not supported by windows.

I would suggest you try the steps provided below and see if it helps. Check if the issue gets fixed.


Please download and install. Make operations as administrator.

Microsoft Visual C++ 2008 Redistributable Package (x86)

https://www.microsoft.com/en-us/down...ylang=en&id=29
Reply With Quote
  #21  
Old April 23rd, 2018, 03:35 PM
luzchurch luzchurch is offline
Senior Member
  
Join Date: Nov 2004
Posts: 324
I did download the Visual C program but it did not make any difference. I still get the same message.
But I found out something. The tiff or bmp files, that got corrupted with the Panda viewer designation, can be saved as jpg files and the problem disappears. Myabe this will give you a clue as to the problem. Thanks.
Reply With Quote
  #22  
Old April 23rd, 2018, 08:11 PM
olgun52's Avatar
olgun52 olgun52 is online now
Malware Removal Team
  
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 1,868
Thanks.

Please do this;

Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.
------------------------------------------------------------------


Run RogueKiller

IMPORTANT: Please remove any usb or external drives from the computer before you run this scan!

Close all running programs.

Download RogueKiller to your desktop
  • close all running programs
  • for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
  • when the pre-scan is finished, click on Scan
  • click on Report and copy/paste the content in your next post
  • NOTE: DO NOT attempt to remove anything that the scan detects –everything that is reported is not necessarily bad
If the program is blocked, continue to try it several times. If it still doesn’t work, (it could happen), rename it to winlogon.exe.

Please post the contents of the RKreport.txt in your next reply.
Reply With Quote
  #23  
Old April 23rd, 2018, 11:15 PM
luzchurch luzchurch is offline
Senior Member
  
Join Date: Nov 2004
Posts: 324
After downloading the Rootkit program and starting it I got the following message.
Registry value "appinit_dlls" has been found , which may be caused by rootkit activity.
Note: Press "No" button if you are not sure.If the tool crashes or terminates unexpectedly
during a system scan , restart the tool and press "yes" should the message appear again.
Do you want to remove this value and and restart this tool?
Please let me know how to proceed. Thanks.
Reply With Quote
  #24  
Old April 24th, 2018, 06:50 PM
olgun52's Avatar
olgun52 olgun52 is online now
Malware Removal Team
  
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 1,868
It may be due to your operating system. Please try running the RogueKiller software.

Thanks.
Reply With Quote
  #25  
Old Yesterday, 11:34 PM
luzchurch luzchurch is offline
Senior Member
  
Join Date: Nov 2004
Posts: 324
I managed to run the mbr rootkit program. It did not detect any malware and thus no log was generated.
I tried to run Roguekiller but it crashed partway. I am trying it again right now. Will post results if successful. Thanks.
Reply With Quote
Reply
Page 2 of 2 1 2

Bookmarks

« Previous Topic | Next Topic »
Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump




All times are GMT +1. The time now is 07:49 PM.

Forum Archive RSS Cyber Tech Help Forums RSS