Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I Found Malware On The Computer After Running FRST 64 Bit Program [Clo


  • This topic is locked This topic is locked

#16
Scuttlescub48

Scuttlescub48

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3793403374-398002671-286997670-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-3793403374-398002671-286997670-500 - Administrator - Disabled)
Auntie (S-1-5-21-3793403374-398002671-286997670-1008 - Limited - Enabled) => C:\Users\Auntie
Guest (S-1-5-21-3793403374-398002671-286997670-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3793403374-398002671-286997670-1002 - Limited - Enabled)
JRat30000 (S-1-5-21-3793403374-398002671-286997670-1007 - Limited - Enabled) => C:\Users\JRat30000
Leah (S-1-5-21-3793403374-398002671-286997670-1006 - Limited - Enabled) => C:\Users\Leah
Maw Maw (S-1-5-21-3793403374-398002671-286997670-1004 - Limited - Enabled) => C:\Users\Maw Maw
Old_Warriorette_83 (S-1-5-21-3793403374-398002671-286997670-1003 - Limited - Enabled) => C:\Users\Old_Warriorette_83
Robert (S-1-5-21-3793403374-398002671-286997670-1001 - Administrator - Enabled) => C:\Users\Robert
UpdatusUser (S-1-5-21-3793403374-398002671-286997670-1005 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/01/2015 10:59:24 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.17267 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e38

Start Time: 01d06c8c4c715349

Termination Time: 94

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (03/31/2015 04:07:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program DriverManager.exe version 10.0.1.8 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: a90

Start Time: 01d06bedfb3f872c

Termination Time: 121

Application Path: C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe

Report Id: 687482f6-d7e1-11e4-b55f-0018f3280820

Error: (03/31/2015 04:03:49 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (03/31/2015 04:03:06 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: MS_SNMP_ENCAPSULATED_EVENT_PROVIDERselect * from SnmpNotificationSnmpNotification//./root/snmp/localhost

Error: (03/31/2015 04:03:06 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: select * from SnmpNotificationSnmpNotification//./root/snmp/localhost

Error: (03/31/2015 04:03:06 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: MS_SNMP_REFERENT_EVENT_PROVIDERselect * from SnmpExtendedNotificationSnmpExtendedNotification//./root/snmp/localhost

Error: (03/31/2015 04:03:06 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: select * from SnmpExtendedNotificationSnmpExtendedNotification//./root/snmp/localhost

Error: (03/31/2015 03:51:17 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: 0x8004401eC:\WINDOWS\SYSTEM32\WBEM\EN-US\AACLIENT.MFL

Error: (03/31/2015 03:50:29 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: 0x8004401eC:\WINDOWS\SYSTEM32\WBEM\AACLIENT.MOF

Error: (03/30/2015 04:10:08 PM) (Source: Windows Installer 3.1) (EventID: 4373) (User: )
Description: WindowsNot enough storage is available to process this command.


  • 0

Advertisements


#17
Scuttlescub48

Scuttlescub48

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts

System errors:
=============
Error: (04/01/2015 11:02:44 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems.

 

Error: (04/01/2015 10:04:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (04/01/2015 10:04:30 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (04/01/2015 10:03:26 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (04/01/2015 10:02:16 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (04/01/2015 09:52:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (04/01/2015 09:52:20 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (04/01/2015 09:51:18 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (04/01/2015 09:50:15 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (04/01/2015 06:35:48 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems.

 


  • 0

#18
Scuttlescub48

Scuttlescub48

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts

Microsoft Office Sessions:
=========================
Error: (04/01/2015 10:59:24 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE10.0.9200.17267e3801d06c8c4c71534994C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (03/31/2015 04:07:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: DriverManager.exe10.0.1.8a9001d06bedfb3f872c121C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe687482f6-d7e1-11e4-b55f-0018f3280820

Error: (03/31/2015 04:03:49 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description:
Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.

Error: (03/31/2015 04:03:06 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: MS_SNMP_ENCAPSULATED_EVENT_PROVIDERselect * from SnmpNotificationSnmpNotification//./root/snmp/localhost

Error: (03/31/2015 04:03:06 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: select * from SnmpNotificationSnmpNotification//./root/snmp/localhost

Error: (03/31/2015 04:03:06 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: MS_SNMP_REFERENT_EVENT_PROVIDERselect * from SnmpExtendedNotificationSnmpExtendedNotification//./root/snmp/localhost

Error: (03/31/2015 04:03:06 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: select * from SnmpExtendedNotificationSnmpExtendedNotification//./root/snmp/localhost

Error: (03/31/2015 03:51:17 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: 0x8004401eC:\WINDOWS\SYSTEM32\WBEM\EN-US\AACLIENT.MFL

Error: (03/31/2015 03:50:29 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: 0x8004401eC:\WINDOWS\SYSTEM32\WBEM\AACLIENT.MOF

Error: (03/30/2015 04:10:08 PM) (Source: Windows Installer 3.1) (EventID: 4373) (User: )
Description: WindowsNot enough storage is available to process this command.


  • 0

#19
Scuttlescub48

Scuttlescub48

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts

==================== Memory info ===========================

Processor: AMD Athlon™ 64 X2 Dual Core Processor 4200+
Percentage of memory in use: 43%
Total physical RAM: 3006.55 MB
Available physical RAM: 1708.75 MB
Total Pagefile: 6011.3 MB
Available Pagefile: 4346.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:860.52 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 02B1CF6B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#20
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Hi. My name is Brian, and I would be happy to look into your issue.
 


- General Instructions -

  • Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
  • Any fixes provided by myself are for this log file only and should not be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.


- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
 
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

- Finally Before We Start-

 
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

 

OK, let's get started.

 

Step#1 - Questions/Removals

Do you know if the following document is valid? C:\Users\Leah\Documents\jhjhtojhmiwoujhashpiuun.xps

If you don't know what it is please go ahead and delete.

 

Also, please remove Coupon Printer for Windows from Add/Remove programs.

 

What specific issues are you having that you are looking to resolve?

 

Step#2 - Review Malwarebytes Log

I see that you ran Malwarebytes. Can you please provide the log?

1. Open up the Malwarebytes program again. You can simply double click on the shortcut on your desktop that says "Malwarebytes Anti-Malware".
2. Click the History button as shown in the picture below.
3. Click Application Logs as shown in the picture below.
4. Click on the most recent Scan Log as shown in the picture below.
ApplicationLog.JPG
 
5. The Scanning History Log screen will open. Click the Export button in the lower left and choose Copy to Clipboard. Paste the info into your next post.
ScanningHistory.JPG

 

 

Step#3 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   365bytes   100 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

Step#4 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Clean"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

 

 

 

Items for your Next Post

1. Answers to Questions

2. Malwarebytes Log

3. FRST Fix Log

4. AdwCleaner log

 


  • 0

#21
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP