1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Can I get a final diagnosis?

Discussion in 'Virus & Other Malware Removal' started by Cmm97Security, May 19, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. Cmm97Security

    Cmm97Security Thread Starter

    Joined:
    May 19, 2015
    Messages:
    10
    So I had a virus on my computer for a bit and it decided to attack one day, it was about 20 days ago, I used multiple anti-viruses and other software of the kind. (Including: MalwareBytes, Unhackme and hitmanpro), all other malware was easy to destroy but this one virus was quite difficult to destroyed it is the: Netengine.exe I removed it 2 times with unhackme and when I decided, today, to do another scan(I just scan at random times for no reason)
    I found that: Netengine.exe was back and I removed it with unhackme
    And Malware bytes found 4 other things inside of the temp files.
    To the light of the fact I didn't clean my temp files I found this forum and downloaded the following: () and Started theses up.
    Logs for all of the things is below the security check was done after ALL that.

    Now the current anti viruses I have are... well the default windows defender and Malwarebytes, at one point I got AVG but it's crap and was destroyed in one attack I think(Or was just corrupted by an update it tried to do to itself).

    But I have A WHOLE LOT of anti-viruses wares, also including a key to boot up the PC if it can no longer boot itself up.
    All the softwares are on my computer and on an USB Key I decided to call "The Destroyer"... cuz it sounds cool(And cheesy!) and I can get rid of most viruses with it.

    So what I'm asking currently is: If I can get a little diagnosis on if my computer safe atm based on the current logs provided.(Excluding Java I am updating it now) If you need more info feel free to ask!(Since it's for mah safety!)
    (I will now also provide the Logs of earlier attacks on my computer)



    This is the log for the Security Check: (To the light of the Out-of date message I will now update my JAVA.)

    Results of screen317's Security Check version 1.002
    x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Windows Defender
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Java 7 Update 55
    Java version 32-bit out of Date!
    Adobe Flash Player 17.0.0.169
    Adobe Reader XI
    Google Chrome (42.0.2311.135)
    Google Chrome (42.0.2311.152)
    ````````Process Check: objlist.exe by Laurent````````
    Windows Defender MSMpEng.exe
    Malwarebytes Anti-Malware mbam.exe
    Christopher Desktop fighting viruses SecurityCheck.exe
    Windows Defender MpCmdRun.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````



    This is the log for Malwarebytes 4 detections:
    Code:
    Malwarebytes Anti-Malware
    www.malwarebytes.org
    
    Scan Date: 2015-05-19
    Scan Time: 5:25:39 AM
    Logfile: 
    Administrator: Yes
    
    Version: 2.01.6.1022
    Malware Database: v2015.05.19.01
    Rootkit Database: v2015.05.16.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled
    
    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: Christopher
    
    Scan Type: Custom Scan
    Result: Cancelled
    Objects Scanned: 880215
    Time Elapsed: 10 hr, 1 min, 48 sec
    
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled
    
    Processes: 0
    (No malicious items detected)
    
    Modules: 0
    (No malicious items detected)
    
    Registry Keys: 0
    (No malicious items detected)
    
    Registry Values: 0
    (No malicious items detected)
    
    Registry Data: 0
    (No malicious items detected)
    
    Folders: 0
    (No malicious items detected)
    
    Files: 4
    PUP.Optional.Tuto4PC.A, C:\Users\Christopher\AppData\Local\Temp\setup_gmsd_ca.exe, Quarantined, [324b197c404a2e08376d3b2145c1bc44], 
    PUP.Optional.Goobzo.SIDA, C:\Users\Christopher\AppData\Local\Temp\tu17p84.exe, Quarantined, [97e60095eaa030062e6eb9a37294be42], 
    PUP.Optional.Somoto.SID.A, C:\Users\Christopher\AppData\Local\Temp\nswCC94.tmp, Quarantined, [5c21d2c3503a0c2a9de746168e782ed2], 
    PUP.Optional.Goobzo.SIDA, C:\Users\Christopher\AppData\Local\Temp\Install_15840\ins_smk.exe, Quarantined, [0974c8cd6e1c7cba742878e47b8b817f], 
    
    Physical Sectors: 0
    (No malicious items detected)
    
    
    (end)
    
    THIS IS THE JUNKWARE REMOVAL LOG
    Code:
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.7.4 (05.19.2015:1)
    OS: Windows 8.1 x64
    Ran by Christopher on 2015-05-19 at 15:33:24.02
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    
    
    
    ~~~ Services
    
    
    
    ~~~ Tasks
    
    Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-1121267219-1145382535-3596252993-1001
    Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-1121267219-1145382535-3596252993-1004
    Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-1121267219-1145382535-3596252993-500
    
    
    
    ~~~ Registry Values
    
    
    
    ~~~ Registry Keys
    
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\APN PIP
    
    
    
    ~~~ Files
    
    Successfully deleted: [File] C:\end
    Successfully deleted: [File] C:\Users\Christopher\appdata\local\google\chrome\user data\default\local storage\http_lyrics.wikia.com_0.localstorage
    Successfully deleted: [File] C:\Users\Christopher\appdata\local\google\chrome\user data\default\local storage\http_lyrics.wikia.com_0.localstorage-journal
    Successfully deleted: [File] C:\Users\Christopher\appdata\local\google\chrome\user data\default\local storage\http_st.chatango.com_0.localstorage
    Successfully deleted: [File] C:\Users\Christopher\appdata\local\google\chrome\user data\default\local storage\http_st.chatango.com_0.localstorage-journal
    Successfully deleted: [File] C:\Users\Christopher\appdata\local\google\chrome\user data\default\local storage\http_static.audienceinsights.net_0.localstorage
    Successfully deleted: [File] C:\Users\Christopher\appdata\local\google\chrome\user data\default\local storage\http_static.audienceinsights.net_0.localstorage-journal
    Successfully deleted: [File] C:\Users\Christopher\appdata\local\google\chrome\user data\default\local storage\http_www.ask.com_0.localstorage
    Successfully deleted: [File] C:\Users\Christopher\appdata\local\google\chrome\user data\default\local storage\http_www.ask.com_0.localstorage-journal
    Successfully deleted: [File] C:\Users\Christopher\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage
    Successfully deleted: [File] C:\Users\Christopher\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal
    Successfully deleted: [File] C:\Users\Christopher\appdata\local\google\chrome\user data\default\local storage\https_static.olark.com_0.localstorage
    Successfully deleted: [File] C:\Users\Christopher\appdata\local\google\chrome\user data\default\local storage\https_static.olark.com_0.localstorage-journal
    
    
    
    ~~~ Folders
    
    Successfully deleted: [Folder] C:\WINDOWS\syswow64\ai_recyclebin
    
    
    
    ~~~ Chrome
    
    Successfully deleted: [Folder] C:\Users\Christopher\appdata\local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm
    
    
    
    
    
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 2015-05-19 at 15:40:35.73
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    OLDER LOGS ABOUT THE TIME I GOT ATTACKED ABOUT A MONTH AGO:

    MALWAREBYTES: (REMOVED UNNECESSARY INFO)
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 2015-04-22
    Scan Time: 3:38:33 AM
    Logfile:
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.04.22.01
    Rootkit Database: v2015.04.21.01
    License: Free

    Scan Type: Custom Scan
    Result: Completed
    Objects Scanned: 1664320
    Time Elapsed: 15 hr, 38 min, 34 sec

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 5
    RiskWare.Tool.CK, C:\Program Files (x86)\Ubisoft\Heroes of the Pacific\cracktro.exe, Quarantined, [ee4ced8278123df97bc0245e4fb18e72],
    PUP.Optional.CrossRider, C:\Users\Christopher\AppData\Local\Microsoft\Windows\INetCache\IE\0F2431SK\setup[1].exe, Quarantined, [0c2e4926c7c32313bf3c12d0ae5347b9],
    PUP.Optional.Somoto.A, C:\Users\Christopher\AppData\Local\Temp\appshat_generic.exe, Quarantined, [1822f7786e1cdb5b4c230d1752aea65a],
    PUP.Optional.BreakingNewsAlert.A, C:\Users\Christopher\AppData\Local\Temp\Setup.exe, Quarantined, [300a2a453654fe38e719db8e6f9127d9],
    PUP.Optional.Somoto, C:\Users\Christopher\AppData\Local\Temp\bitool.dll, Quarantined, [c07af57ac3c70036bf88cd9e936f32ce],

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 2015-04-21
    Scan Time: 1:51:33 PM
    Logfile:
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.04.21.05
    Rootkit Database: v2015.04.20.01
    License: Free

    Scan Type: Custom Scan
    Result: Completed
    Objects Scanned: 556325
    Time Elapsed: 10 min, 52 sec

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 4
    PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo, Delete-on-Reboot, [2217640b1377c6709d335256ac579d63],
    PUP.Optional.Goobzo, c:\program files\common files\goobzo\gbupdateplus, Quarantined, [2217640b1377c6709d335256ac579d63],
    PUP.Optional.GamesDesktop.A, c:\users\christopher\appdata\local\gmsd_ca_404, Quarantined, [31088de2a6e4979fc438773cbb48a858],
    PUP.Optional.GamesDesktop.A, c:\program files (x86)\gmsd_ca_404, Quarantined, [e851640b6d1d0e2815e8a50e0102af51],

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)

    (end)
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 2015-04-21
    Scan Time: 1:33:16 PM
    Logfile:
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.04.21.05
    Rootkit Database: v2015.04.20.01
    License: Free

    Scan Type: Custom Scan
    Result: Completed
    Objects Scanned: 552926
    Time Elapsed: 3 min, 52 sec

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 10
    PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\25286, Quarantined, [0f2aaac51674dd592b2e9d6739cb4bb5],
    PUP.Optional.AppLid.A, HKLM\SOFTWARE\WOW6432NODE\App Lid, Quarantined, [96a35718f7933204214cd900719241bf],
    PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [e75239361a70e0565d47467ad72c3ac6],
    PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\25286, Quarantined, [95a4224dc7c346f07adfd034030108f8],
    PUP.Optional.Tuto4Pc.A, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS, Quarantined, [a39656196921f343b83cbd93de27f20e],
    PUP.Optional.SearchModule.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SMUPDPLUS, Quarantined, [80b989e6256537ffd0883499fc0725db],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-1121267219-1145382535-3596252993-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [4ced442b0981dd598677d366ce37a55b],
    PUP.Optional.MultiIE.A, HKU\S-1-5-21-1121267219-1145382535-3596252993-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE, Quarantined, [2d0cdd92652594a2884d53ef4bba12ee],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-1121267219-1145382535-3596252993-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\25286, Quarantined, [70c91b54048648eec8f6538e14ef3cc4],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-1121267219-1145382535-3596252993-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Lid, Quarantined, [70c92748494172c41f51578206fdf60a],

    Registry Values: 2
    PUP.Optional.Tuto4Pc.A, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS|HostGUID, 96A2792B-7020-4941-937D-C6959D57E272, Quarantined, [a39656196921f343b83cbd93de27f20e]
    PUP.Optional.SearchModule.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SMUPDPLUS|ImagePath, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smu.exe /service, Quarantined, [80b989e6256537ffd0883499fc0725db]

    Registry Data: 0
    (No malicious items detected)

    Folders: 6
    PUP.Optional.BrowserHelper.A, C:\Users\Christopher\AppData\Local\BrowserHelper, Quarantined, [3ffa185794f65ed841ebbb07689b0ef2],
    PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo, Delete-on-Reboot, [43f6d897e3a753e3329e3f69986b31cf],
    PUP.Optional.Goobzo, c:\program files\common files\goobzo\gbupdateplus, Quarantined, [43f6d897e3a753e3329e3f69986b31cf],
    PUP.Optional.GamesDesktop.A, c:\users\christopher\appdata\local\gmsd_ca_404, Quarantined, [8bae7af536542b0b20dc63506e9504fc],
    PUP.Optional.GamesDesktop.A, c:\program files (x86)\gmsd_ca_404, Quarantined, [d66395da127890a616e7149fd132b44c],
    PUP.Optional.SearchModulePlus.A, C:\ProgramData\SearchModulePlus, Quarantined, [a198f37cdfab9a9c44ce9b25986b36ca],

    Files: 2
    PUP.Optional.BrowserHelper.A, C:\Users\Christopher\AppData\Local\BrowserHelper\BrowserHelperBk.txt, Quarantined, [3ffa185794f65ed841ebbb07689b0ef2],
    PUP.Optional.BrowserHelper.A, C:\Users\Christopher\AppData\Local\BrowserHelper\BrowserHelper.txt, Quarantined, [3ffa185794f65ed841ebbb07689b0ef2],

    Physical Sectors: 0
    (No malicious items detected)

    (end)
    ACTUALLY MOST OF THESES CONSIST OF THE SAME RESULTS, I JUST POSTED IT SO YOU CAN SEE WHAT ATTACKED MY SYSTEM AND SEE IF IT WAS SNEAKIER THEN IT LOOKED.
     
  2. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Hi Cmm97Security,
    Have you ever had Symantec/Norton on there as an antivirus?
    Download the Symantec removal tool from here and run it: ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe
    -----------------------------------------------------------
    REBOOT (RESTART) Your Machine
    ---------------------------------------------
    Run A Scan With SystemLook
    Please download SystemLook from the download mirror and save it to your Desktop.
    Download Mirror #1 (64-bit)
    • Double-click SystemLook_x64.exe to run it. OK the User Account Control.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :dir
      C:\Program Files (x86)\Mozilla Firefox\defaults\pref
      C:\Program Files (x86)\Mozilla Firefox\browser\defaults\preferences
      :filefind
      *Netengine*
      :folderfind
      *Netengine*
      :regfind
      Netengine
      
    • Click the Look button to start the scan.
      Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The results log can also be found on your Desktop, entitled SystemLook.txt

    I don't have a Win8.1 machine handy so the detail of my instructions could be slightly off.
    Please don't download, remove or install anything new while we work, until we are done.
    Thanks,

    askey127
     
  3. Cmm97Security

    Cmm97Security Thread Starter

    Joined:
    May 19, 2015
    Messages:
    10
    Doing that right now (Already ran symtech removal tool and am about to restart the PC although I did notice in your code you wanted me to type included Firefox, which I do not believe I have installed on this PC, I do have IE, Google Chrome(The regular one) and Opera. I will try with this code(it's basically asking the program to check for the preferences of the browser as I can see, right?).

     
  4. Cmm97Security

    Cmm97Security Thread Starter

    Joined:
    May 19, 2015
    Messages:
    10
    OKay I've just done that! Log below!
    I also ran an other detecting tool which is: REGRUN which is part of the UNHACKME program
    This is what it found:
    AVGWDSVC.EXE (I know not dangerous just AVG -_-')
    PVMJPG30.DLL (I do not believe this is a threat)
    TABDEC.DLL (This one is the closest to being a threat, but it seems to be safe, it just, like AVG decided that it should be kept un-modifiable.)
    All of which whom are inaccessible due to the fact the folder's permissions were changed so I cannot, even logged on as an admin(which I am 24/7), change the permissions too. Just wanted to know if it was a big deal. I do not think it is but hey You're the expert! ;p

    OH and just to know is there an AVG removal tool? Because I think it got corrupted in an attacked and kinda died. (Which is not surprising, since it's complete garbage.)

    Also other thing before the report:
    If you need to know if there was an extension or any modifications done to my google chrome(I already fixed chrome from the attack I had about 20-30 days ago--re-installed it) Everything seems to be safe with Chrome it works as it should.
    With Opera it seems to be the same, but I don't think the viruses/malwares targeted the OPERA browser And works as it should.
    IE was cleaned with pretty much everything anti-malware/virus/etc.. I had on my computer And works as it should. (I don't use it much but I tried using it for a bit to see if it worked alright)


    SystemLook 04.09.10 by jpshortstuff
    Log created at 21:49 on 20/05/2015 by Christopher
    Administrator - Elevation successful

    ========== dir ==========

    C:\Program Files (x86)\Mozilla Firefox\defaults\pref - Unable to find folder. (DAH!)

    C:\Program Files (x86)\Mozilla Firefox\browser\defaults\preferences - Unable to find folder.

    ========== filefind ==========

    Searching for "*Netengine*"
    No files found.

    ========== folderfind ==========

    Searching for "*Netengine*"
    No folders found.

    ========== regfind ==========

    Searching for "Netengine"
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths]
    "url4"="C:\ProgramData\NetEngine\bin"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95318E34-0F33-49D5-A2C0-AEC05F031E58}]
    "Path"="\NetEngine"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NetEngine]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\netengine_RASAPI32]


    I SEE SO time to get to destroying some REGISTRY ;D
    (Plz copy paste the answer about destroying the Registry *******ss, or can I just go and manually destroy them? :eek:)
     
    Last edited: May 21, 2015
  5. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Cmm97Security,
    The AVG Remover is here:
    http://download.avg.com/filedir/util/AVG_Remover_en.exe
    I would run it, Reboot, then proceed:
    ---------------------------------------------
    Download the OTL Scanner
    Please download OTL.exe by OldTimer and save it to your desktop.
    ----------------------------------------------
    Perform a Custom Fix with OTL
    Right click OTL on your desktop, and choose "Run as administrator" to open it.
    • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
      Code:
      :Commands
      [CREATERESTOREPOINT]
      
      :Reg
      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths]
      "url4"=-
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95318E34-0F33-49D5-A2C0-AEC05F031E58}]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NetEngine]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\netengine_RASAPI3 2]
      
      :Files
      ipconfig /flushdns /c
      
      :Commands
      [emptyjava]
      [emptyflash] 
      [EMPTYTEMP]
      
    • Then click the Run Fix button at the top. DO NOT CLICK Run Scan
    • Let the program run unhindered, and click to allow the Reboot when it is done.
      When the computer Reboots, and you start your usual account, a Notepad text file will appear.
    • That is the FIX log file. Copy the contents of that file and post it in your next reply.
      It will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log
    ----------------------------------------------
    After posting the Resulting log, Please Rescan as follows:
    Open OTL again and click the Quick Scan button. Post the new log it produces, OTL.txt, in a separate reply.

    askey127
     
  6. Cmm97Security

    Cmm97Security Thread Starter

    Joined:
    May 19, 2015
    Messages:
    10
    THE AVG recovery tool is broken but it's no big deal I'll remove it later.
    I fixed it here's the Log:

    All processes killed
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point
    ========== REGISTRY ==========
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths\\url4 deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95318E34-0F33-49D5-A2C0-AEC05F031E58}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95318E34-0F33-49D5-A2C0-AEC05F031E58}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NetEngine\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\netengine_RASAPI3 2\ not found.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Christopher\Desktop\fighting viruses\cmd.bat deleted successfully.
    C:\Users\Christopher\Desktop\fighting viruses\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYJAVA]

    User: .NET v2.0

    User: .NET v2.0 Classic

    User: All Users

    User: Christopher
    ->Java cache emptied: 0 bytes

    User: Classic .NET AppPool

    User: Default

    User: Default User

    User: Default.migrated

    User: DefaultAppPool

    User: pat_m_000
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: .NET v2.0

    User: .NET v2.0 Classic

    User: All Users

    User: Christopher
    ->Flash cache emptied: 730 bytes

    User: Classic .NET AppPool

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Default.migrated

    User: DefaultAppPool

    User: pat_m_000
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYTEMP]

    User: .NET v2.0
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: .NET v2.0 Classic
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Christopher
    ->Temp folder emptied: 44190115 bytes
    ->Temporary Internet Files folder emptied: 20264857 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 439146042 bytes
    ->Flash cache emptied: 0 bytes

    User: Classic .NET AppPool
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default.migrated

    User: DefaultAppPool
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: pat_m_000
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 196215 bytes
    RecycleBin emptied: 116688123 bytes

    Total Files Cleaned = 592.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 05212015_131244

    Files\Folders moved on Reboot...
    C:\Users\Christopher\AppData\Local\Temp\JavaDeployReg.log moved successfully.
    C:\Users\Christopher\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
    Last edited: May 21, 2015
  7. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Any time you are able.
     
  8. Cmm97Security

    Cmm97Security Thread Starter

    Joined:
    May 19, 2015
    Messages:
    10
    Here's the OTL log from the quick scan!
     

    Attached Files:

    • OTL.Txt
      File size:
      148.7 KB
      Views:
      2
  9. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    OTL is not so good as a scanner with Win8 x64.
    We should really use this FRST64 scanner.
    Sorry for the extra work.
    -----------------------------------------------------------
    Download and Run the Farbar Scan Tool
    • Download FRST64 and save to your Desktop.
    • Double click Frst64.exe to launch it.
    • FRST64 will start to run.
      • When the tool opens click Yes to disclaimer.
      • Press the Scan button.
      • When finished scanning, 2 logs will open on your Desktop, FRST.txt and Addition.txt
      • Please post them in your next reply.
    If you lose track of them, they will be saved in the same location as FRST64.exe
    Feel free to use separate replies if it's more convenient.
     
  10. Cmm97Security

    Cmm97Security Thread Starter

    Joined:
    May 19, 2015
    Messages:
    10
    Pfff this alright it's to help me, btw thanks a lot for taking your time to do this!
    DOwnloading and running it now!
     
  11. Cmm97Security

    Cmm97Security Thread Starter

    Joined:
    May 19, 2015
    Messages:
    10
    Both files are in the attachments!
     

    Attached Files:

  12. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Cmm97Security,
    -----------------------------------------------
    It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like ĀµTorrent, Bearshare, Bittorrent, BitComet, Azureus, Frostwire, Vuze, Shareaza, Bitlord.
    There are NO Safe ones.
    Criminals have "planted" thousands upon thousands of infections in the shared torrent files.
    Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".
    ------------------------------------------------
    Remove Programs Using Control Panel
    Point to the upper-right corner of the screen, move the mouse pointer down, and then click Search.
    Enter "control panel" in the search box, and then click Control Panel.
    Under View by, select Large Icons, and then click Programs and features.
    Click each icon Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

    AVG 2015
    CamStudio version 2.7
    Hi-Rez Studios Authenticate and Update Service
    Inkscape 0.48.5
    Java(TM) 6 Update 45
    Unity Web Player

    Take extra care in answering questions posed by any Uninstaller.
    -----------------------------------------------------------
    REBOOT (RESTART) Your Machine
    --------------------------------------------------------
    Run A Fix With FRST
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both the program FRST64.exe and Fixlist.txt be in the same location, or the fix will not work.
    (Both on the Desktop is OK, or both in the same folder elsewhere)

    Run FRST64 and press the FIX button just once, and wait. DO NOT PRESS THE SCAN BUTTON.
    If for some reason the tool needs a restart, please make sure you let the system restart normally.
    The tool may start automatically and complete its work after the system restart. Let the tool complete its run.
    When finished, FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents in your reply.

    askey127
     

    Attached Files:

  13. Cmm97Security

    Cmm97Security Thread Starter

    Joined:
    May 19, 2015
    Messages:
    10
    Oh I see why they needed to be removed now.
    Also I forgot I didn't uninstall AVG, sorry my bad! XD

    About P2p some website offer LEGIT torrents like https://www.humblebundle.com/ where you have sometimes the only option to download using A P2P platform, aquireing said games via it is completly legal.
    ANyways I'll do this now thanks!
     
    Last edited: May 21, 2015
  14. Cmm97Security

    Cmm97Security Thread Starter

    Joined:
    May 19, 2015
    Messages:
    10
    DONE!
    Log in attachments
     

    Attached Files:

  15. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Cmm97Security,
    Whether the "torrents" are legit has nothing to do with whether your machine will get redirected and infected with adware, or worse.
    --------------------------------------------------------
    Run A Fix With FRST
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both the program FRST64.exe and Fixlist.txt be in the same location, or the fix will not work.
    (Both on the Desktop is OK, or both in the same folder elsewhere)

    Run FRST64 and press the FIX button just once, and wait. DO NOT PRESS THE SCAN BUTTON.
    If for some reason the tool needs a restart, please make sure you let the system restart normally.
    The tool may start automatically and complete its work after the system restart. Let the tool complete its run.
    When finished, FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents in your reply.

    We should be about done.
    askey127
    (BTW, if you install Inkscape again, only get it from here: )
    http://www.opensourceversion.com/photo-and-graphic-software/download-inkscape/
     

    Attached Files:

    Last edited: May 22, 2015
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1148529

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice