|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#16
|
||||
|
||||
Hello BSTAR,
Copy the below code to Notepad; Save As fixlist.txt to your Desktop. Code:
start HKEY_LOCAL_MACHINE\Software\PIP c:\windows\SysWow64\RENF26A.tmp end NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST64 and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system to restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply. Note: If the tool warns you about an outdated version please download and run the updated version. ================================================== ====== Please scan your machine with ESET OnlineScan
How is the machine running now and any issues ? Please let me know. |
#17
|
|||
|
|||
Fixlog
Fix result of Farbar Recovery Scan Tool (x64) Version:05-06-2016 02
Ran by Skynet (2016-06-09 13:01:56) Run:2 Running from C:\Users\Skynet\Desktop Loaded Profiles: Skynet (Available Profiles: Skynet & So Fresh & Mcx1-SKYNET-PC & Guest) Boot Mode: Normal ============================================== fixlist content: ***************** start HKEY_LOCAL_MACHINE\Software\PIP c:\windows\SysWow64\RENF26A.tmp end ***************** HKEY_LOCAL_MACHINE\Software\PIP => Error: No automatic fix found for this entry. c:\windows\SysWow64\RENF26A.tmp => moved successfully ==== End of Fixlog 13:01:56 ==== |
#18
|
||||
|
||||
Hi,
Step1: Please download AdwCleaner by Xplode onto your desktop.
Please download Junkware Removal Tool to your desktop.
|
#19
|
|||
|
|||
ESET OnlineScan (NOT COMPLETED)
Hello olgun52,
I was not able to complete an ESET OnlineScan. First, I think the program has been updated so your instructions are not exact. Secondly, I ran a scan which nearly completed but I got a blue screen of death. The scan did not find any infections up to that point. These are the details Windows 7 showed me after a reboot. Quote:
Last edited by BSTAR; June 10th, 2016 at 08:42 PM. |
#20
|
||||
|
||||
Please skip that step
Run adwcleaner and Junkware removal tool. |
#21
|
|||
|
|||
AdwCleaner[C1]
# AdwCleaner v5.119 - Logfile created 12/06/2016 at 22:22:37
# Updated 30/05/2016 by Xplode # Database : 2016-06-12.1 [Server] # Operating system : Windows 7 Home Premium Service Pack 1 (X64) # Username : Skynet - SKYNET-PC # Running from : C:\Users\Skynet\Desktop\AdwCleaner.exe # Option : Clean # Support : http://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder Deleted : C:\Program Files (x86)\iMesh Applications [-] Folder Deleted : C:\Users\Skynet\AppData\Local\Popcorn Time [-] Folder Deleted : C:\Users\So Fresh\AppData\Local\Hola [-] Folder Deleted : C:\Users\So Fresh\AppData\Local\Popcorn Time [-] Folder Deleted : C:\Users\So Fresh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time ***** [ Files ] ***** [-] File Deleted : C:\END ***** [ DLLs ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2} [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} [-] Key Deleted : HKCU\Software\APN PIP [-] Key Deleted : HKCU\Software\Conduit [-] Key Deleted : HKCU\Software\YahooPartnerToolbar [-] Key Deleted : HKLM\SOFTWARE\PIP [-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain] [#] Value Deleted : HKU\S-1-5-21-2229191350-1810342362-1993344431-1001\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain] ***** [ Web browsers ] ***** [-] [C:\Users\Skynet\AppData\Roaming\Mozilla\Firefox\Pr ofiles\o2l3kqvi.default\prefs.js] Deleted : user_pref("extensions.facemoods.aflt", "_#ddrnw"); [-] [C:\Users\Skynet\AppData\Roaming\Mozilla\Firefox\Pr ofiles\o2l3kqvi.default\prefs.js] Deleted : user_pref("extensions.facemoods.firstRun", false); [-] [C:\Users\Skynet\AppData\Roaming\Mozilla\Firefox\Pr ofiles\o2l3kqvi.default\prefs.js] Deleted : user_pref("extensions.facemoods.lastActv", "11"); [-] [C:\Users\Skynet\AppData\Roaming\Mozilla\Firefox\Pr ofiles\o2l3kqvi.default\prefs.js] Deleted : user_pref("extensions.wrc.SearchRules.ask.com.styl e", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...] [-] [C:\Users\Skynet\AppData\Roaming\Mozilla\Firefox\Pr ofiles\o2l3kqvi.default\prefs.js] Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url" , "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*"); [-] [C:\Users\So Fresh\AppData\Roaming\Mozilla\Firefox\Profiles\0cg 9d6fv.default\prefs.js] Deleted : user_pref("extensions.DivXWebPlayer@divx.com.insta ll-event-fired", true); [-] [C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Pro files\z1f05hv4.default\prefs.js] Deleted : user_pref("extensions.wrc.SearchRules.ask.com.styl e", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...] [-] [C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Pro files\z1f05hv4.default\prefs.js] Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url" , "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*"); ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [3773 bytes] - [12/06/2016 22:22:37] C:\AdwCleaner\AdwCleaner[S1].txt - [3929 bytes] - [12/06/2016 22:17:34] ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3919 bytes] ########## |
#22
|
|||
|
|||
Jrt
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.6 (04.25.2016) Operating System: Windows 7 Home Premium x64 Ran by Skynet (Administrator) on 12/06/2016 at 22:40:55.36 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~ File System: 21 Successfully deleted: C:\Users\Skynet\AppData\Local\{2F0866CB-DE16-4778-8199-E9970712FEB4} (Empty Folder) Successfully deleted: C:\Users\Skynet\AppData\Local\{437D3A84-D0FB-453C-9FD1-3B377D313962} (Empty Folder) Successfully deleted: C:\Users\Skynet\AppData\Local\{E716F5B8-2CE4-48D5-B342-067F64EC9935} (Empty Folder) Successfully deleted: C:\Users\Skynet\AppData\Local\crashrpt (Folder) Successfully deleted: C:\Users\Skynet\AppData\Roaming\Mozilla\Firefox\Pr ofiles\o2l3kqvi.default\user.js (File) Successfully deleted: C:\Users\Skynet\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\3D6TP4XQ (Temporary Internet Files Folder) Successfully deleted: C:\Users\Skynet\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\644BWF3N (Temporary Internet Files Folder) Successfully deleted: C:\Users\Skynet\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\65V6D54J (Temporary Internet Files Folder) Successfully deleted: C:\Users\Skynet\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\8RC3F4HP (Temporary Internet Files Folder) Successfully deleted: C:\Users\Skynet\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\9FZ4PPY7 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Skynet\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\ASL2LIHR (Temporary Internet Files Folder) Successfully deleted: C:\Users\Skynet\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\Y0FRYZK5 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Skynet\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\ZNW96TKR (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\3D6TP4XQ (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\644BWF3N (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\65V6D54J (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\8RC3F4HP (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\9FZ4PPY7 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\ASL2LIHR (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0FRYZK5 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZNW96TKR (Temporary Internet Files Folder) Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~ Scan was completed on 12/06/2016 at 22:44:22.80 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~ |
#23
|
||||
|
||||
Good job.
How is the PC running now and any issue ? |
#24
|
|||
|
|||
Hello olgun52!
It is running quite well. Were there a lot of infections before? I noticed you are the only person helping right now. This forum used to be more active. Thank you very much for taking your time to help! |
#25
|
||||
|
||||
''Were there a lot of infections before?''
yes there were Unfortunatly only person. This case is distressing. ''This forum used to be more active'' you are right of course. ================================================ Run HitmanPro: Please download HitmanPro 32-Bit version // 64-Bit version.
|
Bookmarks |
«
Previous Topic
|
Next Topic
»
Topic Tools | |
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
Very slow laptop, virus or malware | Peter Mac | Malware Removal | 6 | June 19th, 2019 04:32 PM |
old mac book slow want to rule out malware | marliz | Malware Removal | 2 | July 29th, 2016 07:38 PM |
Something eating up RAM, want to rule out Malware. | mobious_1 | Malware Removal | 48 | September 16th, 2013 08:12 AM |
Seeking assistance to delete malware - Laptop very slow - HJT Log attached | kiwifella | Malware Removal | 1 | September 5th, 2010 03:13 AM |
pc very slow, possible malware? | Dragomago | Malware Removal | 13 | April 4th, 2008 12:47 PM |
All times are GMT +1. The time now is 04:55 PM.