1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

In Progress Scans freezing, files corrupting...help!

Discussion in 'Virus & Other Malware Removal' started by Phicot, Jan 11, 2016.

Thread Status:
Not open for further replies.
Advertisement
  1. Phicot

    Phicot Thread Starter

    Joined:
    Jan 11, 2016
    Messages:
    5
    Windows 10
    Dell Inspiron N7110 laptop
    64-bit operating system

    I had some malware issues a while back when I was using McAfee, so I cleaned up the computer and switched to MalwareBytes. Because a pdf I recently worked on became corrupted while working in Adobe Acrobat Reader DC, I started to look for new problems.

    At first I thought it was a compatibility issue, since MalwareBytes isn't compatible with Windows 10? That error message was "failed to start the update" and therefore unable to start the scan. After another day, I couldn't even open the program anymore, so I went through all of their Chameleon steps to try to open it and scan my computer, but none worked. So I removed it from my computer. Then I did scans by Windows Defender (already on my computer), Bitdefender (new to me), and PC Cleaner Plus (new to me), all of which found zero viruses or malware (PC Cleaner did find 377 registry or system errors and 2,455 junk files).

    However, Carbonite started backing up an unusual number of files (which happened last time I had malware). I then tried to run both Hijack This and Avast's scanner aswMBR for logs to post here, and they both froze during the scan. Hijack This said it couldn't analyze because there was no Internet connection, and the connection was fine. I'll paste below the results of each scan.

    I appreciate any help you can give me! Thanks.

    aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
    Run date: 2016-01-11 00:06:46
    -----------------------------
    00:06:46.183 OS Version: Windows x64 6.2.9200
    00:06:46.183 Number of processors: 4 586 0x2A07
    00:06:46.183 ComputerName: LAPTOP UserName: JSA
    00:07:06.207 Initialize success
    00:07:06.722 VM: initialized successfully
    00:07:06.722 VM: Intel CPU supported
    00:07:12.467 VM: disk I/O iaStor.sys
    00:13:34.758 AVAST engine defs: 16011001
    00:14:33.458 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    00:14:33.458 Disk 0 Vendor: ST950032 D005 Size: 476940MB BusType: 3
    00:14:33.786 Disk 0 MBR read successfully
    00:14:33.801 Disk 0 MBR scan
    00:14:33.848 Disk 0 Windows VISTA default MBR code
    00:14:33.848 Disk 0 Partition 1 00 DE Dell Utility 101 MB offset 63
    00:14:33.864 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 20000 MB offset 212992
    00:14:33.911 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 456835 MB offset 41172992
    00:14:34.254 Disk 0 scanning C:\WINDOWS\system32\drivers
    00:15:23.367 Service scanning
    00:17:32.020 Modules scanning
    00:17:32.035 Disk 0 trace - called modules:
    00:17:32.082 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    00:17:32.082 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe0016eb9f060]
    00:17:32.082 3 CLASSPNP.SYS[fffff80186787d95] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xffffe0016d27e050]
    00:17:33.473 AVAST engine scan C:\WINDOWS
    00:17:38.208 AVAST engine scan C:\WINDOWS\system32
    00:24:34.154 AVAST engine scan C:\WINDOWS\system32\drivers
    00:25:40.651 AVAST engine scan C:\Users\JSA
    00:59:46.431 Disk 0 MBR has been saved successfully to "C:\Users\JSA\Desktop\MBR.dat"
    00:59:46.463 The log file has been saved successfully to "C:\Users\JSA\Desktop\aswMBR.txt"


    aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
    Run date: 2016-01-11 13:07:18
    -----------------------------
    13:07:18.618 OS Version: Windows x64 6.2.9200
    13:07:18.618 Number of processors: 4 586 0x2A07
    13:07:18.618 ComputerName: LAPTOP UserName: JSA
    13:07:19.555 Initialize success
    13:07:19.555 VM: initialized successfully
    13:07:19.555 VM: Intel CPU supported
    13:07:21.255 VM: disk I/O iaStor.sys
    13:07:49.711 AVAST engine defs: 16011001
    13:08:26.336 Disk 0 MBR fix error
    13:09:37.703 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    13:09:37.718 Disk 0 Vendor: ST950032 D005 Size: 476940MB BusType: 3
    13:09:37.859 Disk 0 MBR read successfully
    13:09:37.859 Disk 0 MBR scan
    13:09:37.922 Disk 0 Windows VISTA default MBR code
    13:09:37.922 Disk 0 Partition 1 00 DE Dell Utility 101 MB offset 63
    13:09:37.937 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 20000 MB offset 212992
    13:09:37.969 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 456835 MB offset 41172992
    13:09:38.156 Disk 0 scanning C:\WINDOWS\system32\drivers
    13:10:03.908 Service scanning
    13:10:58.564 Modules scanning
    13:10:58.579 Disk 0 trace - called modules:
    13:10:58.611 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    13:10:58.626 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe000f80be060]
    13:10:58.642 3 CLASSPNP.SYS[fffff801551d7d95] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xffffe000f4e7e050]
    13:10:59.865 AVAST engine scan C:\WINDOWS
    13:11:04.394 AVAST engine scan C:\WINDOWS\system32
    13:16:59.477 AVAST engine scan C:\WINDOWS\system32\drivers
    13:17:31.783 AVAST engine scan C:\Users\JSA
    13:37:08.537 Disk 0 MBR has been saved successfully to "C:\Users\JSA\Desktop\MBR.dat"
    13:37:08.647 The log file has been saved successfully to "C:\Users\JSA\Desktop\aswMBR.txt"

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:18:06 PM, on 1/9/2016
    Platform: Unknown Windows (WinNT 6.02.1008)
    MSIE: Internet Explorer v11.0 (11.00.10586.0020)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\JSA\Downloads\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tcm.com/watchtcm/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - (no file)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll
    O2 - BHO: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll
    O3 - Toolbar: Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll
    O4 - HKLM\..\Run: [FLxHCIm64] "C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe"
    O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [Amazon Music] "C:\Users\JSA\AppData\Local\Amazon Music\Amazon Music Helper.exe"
    O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_5B9CA856402FBC85FBB9DC2495714148] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
    O4 - HKCU\..\Run: [OneDrive] "C:\Users\JSA\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
    O4 - HKCU\..\Run: [HP ENVY 5530 series (NET)] "C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN46D210DY05XT:NW" -scfn "HP ENVY 5530 series (NET)" -AutoStart 1
    O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\JSA\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files (x86)\Digital Line Detect\DLG.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
    O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: *.dell.com
    O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
    O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
    O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
    O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
    O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
    O23 - Service: Dell Data Vault (DellDataVault) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVault.exe
    O23 - Service: Dell Data Vault Wizard (DellDataVaultWiz) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
    O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
    O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
    O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing)
    O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
    O23 - Service: Norton Identity Safe (NCO) - Symantec Corporation - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Dell DataSafe Online (NOBU) - Dell, Inc. - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
    O23 - Service: ChiconyOSDService (OSDSvc) - Chicony - C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
    O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
    O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
    O23 - Service: Dell SupportAssist Agent (SupportAssistAgent) - Dell Inc. - C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
    O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
    O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 14558 bytes
     
  2. Curie

    Curie Malware Specialist

    Joined:
    Jun 18, 2015
    Messages:
    481
    Hello Phicot.

    I am Marie Curie and will gladly help you with any malware-related problems.

    Please familiarize yourself with the following ground rules before you start.
    • Read my instructions thoroughly, carry out each step in the given order.
    • Do not make any changes to your system, or run any tools other than those I provided. Do not delete, fix, uninstall, or install anything unless I tell you to.
    • If you are unsure about anything or if you encounter any problems, please stop and inform me about it.
    • Stick with me until I tell you that your computer is clean. Absence of symptoms does not mean that your computer is free of malware.
    • Back up important files before we start.

    Your thread is a week old, so please confirm if you still need help or got help somewhere else in the meantime.
     
  3. Phicot

    Phicot Thread Starter

    Joined:
    Jan 11, 2016
    Messages:
    5
    Thank you, Marie! I'm so glad to hear from you. Yes, I still need help. The only progress I've made is getting Windows 10 to update again, but Edge and the Start button still don't work. And while I can run quick scans with Windows Defender, it always locks up on a full scan. At this point, I think there are multiple problems happening. I appreciate your help!
     
  4. Curie

    Curie Malware Specialist

    Joined:
    Jun 18, 2015
    Messages:
    481
    Hi Phicot.

    Please run the following diagnostic scans so I can ascertain the state of your computer.

    STEP 1

    [​IMG] Farbar Recovery Scan Tool (FRST) Scan
    • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
    • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
    • Double-Click FRST.exe or FRST64.exe to run the programme.
    • Click Yes to the disclaimer.
    • Ensure the Addition.txt box is checked.
    • Click the Scan button and let the programme run.
    • Upon completion, click OK, then OK on the Addition.txt pop up screen.
    • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Attach both logs in your next reply.

    STEP 2
    [​IMG] aswMBR
    • Please download aswMBR and save the file to your Desktop.
    • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
    • Right-Click aswMBR.exe and select [​IMG] Run as administrator to run the programme.
    • Click Yes when prompted to download avast! virus definitions. Wait until AVAST engine defs: ### appears.
    • If you are prompted to enable the use of "Virtualization Technology", click Yes.
    • Click the AV Scan: drop down box and click C:\.
    • Click Scan.
    • Upon completion, you will see Scan finished successfully. Click Save log. Save the log to your Desktop.
    • Re-enable your anti-virus software.
    • Attach the log in your next reply.
    Note: Do NOT click Fix or FixMBR.
    Note: A file (MBR.dat) will be created on your Desktop. Do NOT click or delete it.

    ======================================================
    STEP 3
    [​IMG] Logs
    In your next reply please include the following logs.
    • FRST.txt
    • Addition.txt
    • aswMBR log
     
  5. Phicot

    Phicot Thread Starter

    Joined:
    Jan 11, 2016
    Messages:
    5
    Here you go! FRST scan went fine. But I ran the aswMBR scan twice because it kept freezing. The first time it froze the computer after six hours of scanning so I had to restart, the second scan froze after about one hour. So the file is from the first scan after about three hours. It wasn't responding, so I told it to save a log, which prompted it to keep scanning, but I didn't manage to save another log before it froze. Thanks for your help, Madame Curie!
     

    Attached Files:

  6. Curie

    Curie Malware Specialist

    Joined:
    Jun 18, 2015
    Messages:
    481
    STEP 1
    [​IMG] VirusTotal Upload
    • Please go to VirusTotal.com.
    • Click Choose File and locate the following file:
      • C:\Users\JSA\Documents\Julie's paper (1).exe
    • Click Scan it!.
    • If you receive the following notification: File already analysed click Reanalyse.
    • Once the file has been analyzed, copy the page URL at the top of the window and paste in your next reply.
    STEP 2
    Potentially Unwanted Programmes

    I found a few potentially unwanted programs on your system. These programs are not malicious, but they might be on your computer without your consent. Some of them are known to deliver ads, bundle additional software, or have questionable privacy policies.
    Please tell me for each of the following programs if you want to keep them:
    • Wildtangent Games
    • Bing Search Provider
     
  7. Phicot

    Phicot Thread Starter

    Joined:
    Jan 11, 2016
    Messages:
    5
  8. Curie

    Curie Malware Specialist

    Joined:
    Jun 18, 2015
    Messages:
    481
    Ah, that explains it. It's quite an odd name for a program.

    STEP 1
    [​IMG] Uninstall Software
    • Press the Windows Key [​IMG] + r on your keyboard at the same time. Type appwiz.cpl and click OK.
    • Search for the following programmes, right-click and click Uninstall.
      • Wildtangent Games
    • Follow the prompts.
    • Note: If you are offered the choice to install additional software, ensure you decline.
    • Reboot if necessary.

    STEP 2
    [​IMG] Farbar Recovery Scan Tool (FRST) Script
    • Press the Windows Key [​IMG] + r on your keyboard at the same time. Type Notepad and click OK.
    • Copy the entire contents of the codebox below and paste into the Notepad document.
      Code:
      start
      CreateRestorePoint:
      FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2012-10-12] ()
      C:\Program Files (x86)\WildTangent Games
      
      SearchScopes: HKLM -> DefaultScope {5C8B6222-D345-4D88-B096-72ACCEB1B2C3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
      SearchScopes: HKLM -> {5C8B6222-D345-4D88-B096-72ACCEB1B2C3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
      SearchScopes: HKLM-x32 -> DefaultScope {5C8B6222-D345-4D88-B096-72ACCEB1B2C3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
      SearchScopes: HKLM-x32 -> {5C8B6222-D345-4D88-B096-72ACCEB1B2C3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
      
      HKLM-x32\...\Run: [] => [X]
      HKU\S-1-5-21-1566404142-3332369531-3436073985-1000\...\MountPoints2: {deb9c550-c807-11e4-b977-4ceb420f818c} - "E:\AutoRun.exe" {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A02B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
      ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
      BHO-x32: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> No File
      BHO: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> No File
      CHR Plugin: (Widevine Content Decryption Module) - C:\Users\JSA\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll => No File
      EmptyTemp:
      end
    • Click File, Save As and type fixlist.txt as the File Name.
    • Important: The file must be saved in the same location as FRST64.exe.
    NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.
    • Double-Click FRST64.exe to run the programme.
    • Click Fix.
    • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.

    ======================================================

    STEP 3
    [​IMG] Logs
    In your next reply please include the following logs.
    • Did you successfully uninstall Wildtangent Games?
    • Fixlog.txt
     
  9. Phicot

    Phicot Thread Starter

    Joined:
    Jan 11, 2016
    Messages:
    5
    Thanks, Marie! I did uninstall Wildtangent Games--thanks for spotting that. On the other issues, I ran into a time crunch so I had to hire someone to fix those. So far, so good. I appreciate your expertise!
     
  10. Curie

    Curie Malware Specialist

    Joined:
    Jun 18, 2015
    Messages:
    481
    Hi Phicot. Does that mean you don't require any help anymore?
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Scans freezing files
  1. HollyG
    Replies:
    14
    Views:
    1,200
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1164021

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice