Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Virus, Malware Bad problem

5K views 67 replies 2 participants last post by  JSntgRvr 
#1 ·
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: AMD Athlon(tm) II X4 630 Processor, AMD64 Family 16 Model 5 Stepping 2
Processor Count: 4
RAM: 5887 Mb
Graphics Card: NVIDIA GeForce 9100, 256 Mb
Hard Drives: C: Total - 942583 MB, Free - 817431 MB; D: Total - 11182 MB, Free - 1337 MB;
Motherboard: PEGATRON CORPORATION, VIOLET6
Antivirus: Microsoft Security Essentials, Updated and Enabled


It has almost a week and no response from you guys. I need assistance please. My computer is not acting right.
Even when I F8 there are two loaded that are blank. please help.


Thank you in advance.
 
#4 ·
Sorry for the delay, and welcome :)

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.
 
#6 ·
Please download the attached file and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.
 

Attachments

#7 ·
In addition:

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Download AdwCleaner from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Please download Malwarebytes Anti-Malware to your desktop
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    1. Enable free trial of Malwarebytes Anti-Malware Premium
    2. Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

The log is available throughout History ->Application logs. Please post it contents in your next reply.
 
#11 ·
# AdwCleaner v4.203 - Logfile created 04/05/2015 at 10:34:15
# Updated 30/04/2015 by Xplode
# Database : 2015-05-02.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Cindy - CINDY-HOME
# Running from : C:\Users\Cindy\Desktop\adwcleaner_4.203.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found : C:\Program Files\Uninstaller
Folder Found : C:\ProgramData\ParetoLogic
Folder Found : C:\Users\Cindy\AppData\Roaming\Solvusoft
Folder Found : C:\Users\Cindys's\AppData\Roaming\ParetoLogic

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Found : HKCU\Software\Reimage
Key Found : [x64] HKCU\Software\Reimage
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Key Found : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\SOFTWARE\ParetoLogic
Key Found : HKLM\SOFTWARE\Viewpoint
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17728

-\\ Google Chrome v42.0.2311.135

[C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [2804 bytes] - [18/03/2015 18:40:32]
AdwCleaner[R1].txt - [2890 bytes] - [21/03/2015 07:24:29]
AdwCleaner[R2].txt - [2715 bytes] - [21/03/2015 07:34:02]
AdwCleaner[R3].txt - [3633 bytes] - [09/04/2015 12:45:45]
AdwCleaner[R4].txt - [3193 bytes] - [04/05/2015 10:34:15]
AdwCleaner[S0].txt - [2995 bytes] - [18/03/2015 18:43:17]
AdwCleaner[S1].txt - [3098 bytes] - [21/03/2015 07:30:08]
AdwCleaner[S2].txt - [3841 bytes] - [09/04/2015 12:54:08]

########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [3429 bytes] ##########
 
#14 ·
did that and cleaned it. Now what do you want me to do?What started this all was downloading Blender and getting a PUBENV virus or trojan. I removed it but it left my system screwed up. and when I searched on the internet if said PUBENV.DLL (Spy.770) was a virus or trojan.

My computer is still slow and when I do a chkdsk it states it can not repair and when it loads drivers there are blank spots.


ran MalwareBytes and it showed nothing.
 
#15 ·
Please download ListChkDskResult by SleepyDude and save it to your desktop.
  • Right-click on
    icon and select
    Run as Administrator to start the tool.
  • A message about checking Windows Event Log will pop-up. Click OK.
  • Wait patiently until a notepad window will open. This won't take long.
  • The displayed logfile will be also saved to your desktop as ListChkDskResult.txt.
Please include the content of this file in your next reply.
 
#17 ·
My computer is still slow and when I do a chkdsk it states it can not repair and when it loads drivers there are blank spots.
These reports were from April. No recent report was written. Lets try in the Recovery Environment. No reports will be written. Check the results on screen.

Enter the System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  • Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html


    To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt

    Once in the Command Prompt:
  • Type in the following and press Enter.
    .
    bcdedit | find "osdevice"​
  • Note the osdevice partition letter, then type.

    CHKDSK X: /R​
  • Where X is the osdevice letter, and press Enter
  • The tool will start to run.

Upon finished, type exit and press Enter. Restart the computer

Let us know if that helps.
 
#22 ·
Okay thought I was in the clear finally Loaded Gimp for 64 bit windows seven and still ran into errors so I uninstalled it and totally removed all of . The error I got was _gp_params_destroy could not be located in dynamic link library. I found some info stating it was a virus? not sure. I need gimp but cant get it to install with out creating problems or becoming infected. After installing it my windows explorer stopped working when I went into start search and tried searching for a folder an error came up stating it had restart. No one knows how to solve my problem can you please help me.
 
#23 ·
Open an Administrator Command prompt. (Click on the Orb, type CMD and press CRTL+SHIFT+ENTER simultaneously)

At the prompt type the following and press Enter:

SFC /ScanNow

Let me know he outcome.

  • Download aswMBR.exe ( 511KB ) to your desktop.
  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • Click the "Fix" in case of infection

  • Click Save log button and Save the aswMBR.log to the desktop
  • Post content of that log here for me

In addition, aswMBR will produce a copy of the boot sector, MBR.dat, on your desktop. Upload that file here.
 
#24 ·
it is not letting attach CBS log states I do not have permission which I do. it did state windows resource protection could not fix some files because of corruption. I posted the other that you were looking for. But did not do the fix because it stated my partion would un usable.
 
#26 ·
Please remove Symantec Endpoint Protection. Running two antivirus and Firewalls will make your computer slow and unstable.

Once done, re-scan with FRST and post ts reports.

Open an Administrator Command prompt. At the prompt copy and paste the following and press Enter:

findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >"%userprofile%\Desktop\sfcdetails.txt"

Once done Type Exit and press Enter to return to Windows.It should produce a log on your desktop, sfcdetails.txt. Please post it on your next reply
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top