Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
 
Topic Tools
  #16  
Old June 8th, 2016, 10:43 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,066
Hello BSTAR,

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

Code:
start
HKEY_LOCAL_MACHINE\Software\PIP 
c:\windows\SysWow64\RENF26A.tmp
end
Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system to restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.
================================================== ======
Please scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
================================================== =======================
How is the machine running now and any issues ? Please let me know.
Reply With Quote
  #17  
Old June 9th, 2016, 06:14 PM
BSTAR BSTAR is offline
Senior Member
 
Join Date: Aug 2005
Posts: 181
Fixlog

Fix result of Farbar Recovery Scan Tool (x64) Version:05-06-2016 02
Ran by Skynet (2016-06-09 13:01:56) Run:2
Running from C:\Users\Skynet\Desktop
Loaded Profiles: Skynet (Available Profiles: Skynet & So Fresh & Mcx1-SKYNET-PC & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
HKEY_LOCAL_MACHINE\Software\PIP
c:\windows\SysWow64\RENF26A.tmp
end
*****************

HKEY_LOCAL_MACHINE\Software\PIP => Error: No automatic fix found for this entry.
c:\windows\SysWow64\RENF26A.tmp => moved successfully

==== End of Fixlog 13:01:56 ====
Reply With Quote
  #18  
Old June 9th, 2016, 08:27 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,066
Hi,

Step1:

Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
Step2:

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Reply With Quote
  #19  
Old June 10th, 2016, 08:37 PM
BSTAR BSTAR is offline
Senior Member
 
Join Date: Aug 2005
Posts: 181
ESET OnlineScan (NOT COMPLETED)

Hello olgun52,

I was not able to complete an ESET OnlineScan. First, I think the program has been updated so your instructions are not exact. Secondly, I ran a scan which nearly completed but I got a blue screen of death. The scan did not find any infections up to that point.

These are the details Windows 7 showed me after a reboot.

Quote:
Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.768.3
Locale ID: 4105

Additional information about the problem:
BCCode: 101
BCP1: 0000000000000061
BCP2: 0000000000000000
BCP3: FFFFF880009E9180
BCP4: 0000000000000001
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\061016-29515-01.dmp
C:\Users\Skynet\AppData\Local\Temp\WER-149667-0.sysdata.xml

Read our privacy statement online:
http://go.microsoft.com/fwlink/?link...8&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt
Should try to complete the scan or skip that step?

Last edited by BSTAR; June 10th, 2016 at 08:42 PM.
Reply With Quote
  #20  
Old June 10th, 2016, 11:58 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,066
Please skip that step
Run adwcleaner and Junkware removal tool.
Reply With Quote
  #21  
Old June 13th, 2016, 03:39 AM
BSTAR BSTAR is offline
Senior Member
 
Join Date: Aug 2005
Posts: 181
AdwCleaner[C1]

# AdwCleaner v5.119 - Logfile created 12/06/2016 at 22:22:37
# Updated 30/05/2016 by Xplode
# Database : 2016-06-12.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Skynet - SKYNET-PC
# Running from : C:\Users\Skynet\Desktop\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\iMesh Applications
[-] Folder Deleted : C:\Users\Skynet\AppData\Local\Popcorn Time
[-] Folder Deleted : C:\Users\So Fresh\AppData\Local\Hola
[-] Folder Deleted : C:\Users\So Fresh\AppData\Local\Popcorn Time
[-] Folder Deleted : C:\Users\So Fresh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time

***** [ Files ] *****

[-] File Deleted : C:\END

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKCU\Software\APN PIP
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\YahooPartnerToolbar
[-] Key Deleted : HKLM\SOFTWARE\PIP
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
[#] Value Deleted : HKU\S-1-5-21-2229191350-1810342362-1993344431-1001\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]

***** [ Web browsers ] *****

[-] [C:\Users\Skynet\AppData\Roaming\Mozilla\Firefox\Pr ofiles\o2l3kqvi.default\prefs.js] Deleted : user_pref("extensions.facemoods.aflt", "_#ddrnw");
[-] [C:\Users\Skynet\AppData\Roaming\Mozilla\Firefox\Pr ofiles\o2l3kqvi.default\prefs.js] Deleted : user_pref("extensions.facemoods.firstRun", false);
[-] [C:\Users\Skynet\AppData\Roaming\Mozilla\Firefox\Pr ofiles\o2l3kqvi.default\prefs.js] Deleted : user_pref("extensions.facemoods.lastActv", "11");
[-] [C:\Users\Skynet\AppData\Roaming\Mozilla\Firefox\Pr ofiles\o2l3kqvi.default\prefs.js] Deleted : user_pref("extensions.wrc.SearchRules.ask.com.styl e", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
[-] [C:\Users\Skynet\AppData\Roaming\Mozilla\Firefox\Pr ofiles\o2l3kqvi.default\prefs.js] Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url" , "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
[-] [C:\Users\So Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\0cg 9d6fv.default\prefs.js] Deleted : user_pref("extensions.DivXWebPlayer@divx.com.insta ll-event-fired", true);
[-] [C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Pro files\z1f05hv4.default\prefs.js] Deleted : user_pref("extensions.wrc.SearchRules.ask.com.styl e", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
[-] [C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Pro files\z1f05hv4.default\prefs.js] Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url" , "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [3773 bytes] - [12/06/2016 22:22:37]
C:\AdwCleaner\AdwCleaner[S1].txt - [3929 bytes] - [12/06/2016 22:17:34]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3919 bytes] ##########
Reply With Quote
  #22  
Old June 13th, 2016, 03:50 AM
BSTAR BSTAR is offline
Senior Member
 
Join Date: Aug 2005
Posts: 181
Jrt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Home Premium x64
Ran by Skynet (Administrator) on 12/06/2016 at 22:40:55.36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~




File System: 21

Successfully deleted: C:\Users\Skynet\AppData\Local\{2F0866CB-DE16-4778-8199-E9970712FEB4} (Empty Folder)
Successfully deleted: C:\Users\Skynet\AppData\Local\{437D3A84-D0FB-453C-9FD1-3B377D313962} (Empty Folder)
Successfully deleted: C:\Users\Skynet\AppData\Local\{E716F5B8-2CE4-48D5-B342-067F64EC9935} (Empty Folder)
Successfully deleted: C:\Users\Skynet\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\Skynet\AppData\Roaming\Mozilla\Firefox\Pr ofiles\o2l3kqvi.default\user.js (File)
Successfully deleted: C:\Users\Skynet\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\3D6TP4XQ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Skynet\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\644BWF3N (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Skynet\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\65V6D54J (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Skynet\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\8RC3F4HP (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Skynet\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\9FZ4PPY7 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Skynet\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\ASL2LIHR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Skynet\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\Y0FRYZK5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Skynet\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\ZNW96TKR (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\3D6TP4XQ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\644BWF3N (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\65V6D54J (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\8RC3F4HP (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\9FZ4PPY7 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\ASL2LIHR (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0FRYZK5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZNW96TKR (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~
Scan was completed on 12/06/2016 at 22:44:22.80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~
Reply With Quote
  #23  
Old June 14th, 2016, 01:42 AM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,066
Good job.

How is the PC running now and any issue ?
Reply With Quote
  #24  
Old June 14th, 2016, 03:28 PM
BSTAR BSTAR is offline
Senior Member
 
Join Date: Aug 2005
Posts: 181
Hello olgun52!

It is running quite well. Were there a lot of infections before?


I noticed you are the only person helping right now. This forum used to be more active. Thank you very much for taking your time to help!
Reply With Quote
  #25  
Old June 14th, 2016, 05:58 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,066
''Were there a lot of infections before?''
yes there were

Unfortunatly only person. This case is distressing.

''This forum used to be more active''
you are right of course.

================================================
Run HitmanPro:

Please download HitmanPro 32-Bit version // 64-Bit version.
  • Launch the program by double clicking on the icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).
  • Click on the next button. You must agree with the terms of EULA.
  • Check the box beside "No, I only want to perform a one-time scan to check this computer".
  • Click on the next button.
  • The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.
  • When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => delete <= IMPORTANT!
  • Click on the next button.
  • Click on the "Export scan results to XML file".
  • Save that file to your desktop and zip and attach it in your next reply.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
Very slow laptop, virus or malware Peter Mac Malware Removal 6 June 19th, 2019 04:32 PM
old mac book slow want to rule out malware marliz Malware Removal 2 July 29th, 2016 07:38 PM
Something eating up RAM, want to rule out Malware. mobious_1 Malware Removal 48 September 16th, 2013 08:12 AM
Seeking assistance to delete malware - Laptop very slow - HJT Log attached kiwifella Malware Removal 1 September 5th, 2010 03:13 AM
pc very slow, possible malware? Dragomago Malware Removal 13 April 4th, 2008 12:47 PM


All times are GMT +1. The time now is 04:55 PM.