Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Malware overload [Solved]

Started by grd_87_rg12 , Apr 13 2015 03:41 PM

malware virus infection fix help

This topic is locked

#1
grd_87_rg12

Posted 13 April 2015 - 03:41 PM

New Member

Member
7 posts

Hi all,

Hope everyone is well?

I recently noticed my machine was running really slowly. I started to investigate in task manager and saw that a lot of iexplore.exe processes were running - I never ever use it so that started off the alarm bells. I then ran a full scan with Windows Defender and it found LOADS of things. I removed all these and downloaded Malwarebytes and ran a full scan - it found more things. I removed them, then ran another scan with Windows Defender, another with Malwarebytes and another with Hitman Pro.

I noticed in the scans that some of the virus locations were in my users\GRD\appdata folder, in two folders called YRBpack and YTRpack so I deleted these folders.

Recent scans haven't found anything else, but I now get two popups that say RegSvr32 and give errors about .dll files not loading from the YRBpack and YTRpack folders in my users\GRD\appdata folder.

Needless to say, I've stopped using my machine for anything. I've changed all my passwords on my work computer and only use this to surf the net at the moment, as I'm terrified that my data is at high risk.

I've followed the instructions on the forums and run FRST64.exe, I've attached the results.

It would be great if anyone could offer some help on what I can do (I can do a full system wipe and reinstall if necessary, although if I can avoid it that would be preferable).

Many thanks,

Gordon

Attached Thumbnails

Attached Files

FRST.txt 485.39KB 313 downloads
Addition.txt 36.71KB 357 downloads

Edited by grd_87_rg12, 13 April 2015 - 03:42 PM.

#2
Essexboy

Posted 14 April 2015 - 08:28 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi I would consider changing windows defender as your antivirus and getting a third party version

Could you let me know what problems you are experiencing after this run

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\Run: [IRKsoft] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\GRD\AppData\Local\YTPack\EP0NRE8H.DLL
HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\Run: [YRBPack] => regsvr32.exe C:\Users\GRD\AppData\Local\YRBPack\ASMeulr216I.dll <===== ATTENTION
ShellIconOverlayIdentifiers: [0WinSecurityProvider] -> {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} => No File
Toolbar: HKU\S-1-5-21-809373587-3448285753-2040023688-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
S1 anphousq; \??\C:\WINDOWS\system32\drivers\anphousq.sys [X]
S1 dgttofxi; \??\C:\WINDOWS\system32\drivers\dgttofxi.sys [X]
S1 dsxwtoec; \??\C:\WINDOWS\system32\drivers\dsxwtoec.sys [X]
S1 gcpsuqsx; \??\C:\WINDOWS\system32\drivers\gcpsuqsx.sys [X]
S1 hlgyqhfb; \??\C:\WINDOWS\system32\drivers\hlgyqhfb.sys [X]
S1 iztrvekw; \??\C:\WINDOWS\system32\drivers\iztrvekw.sys [X]
S1 jxglvpjy; \??\C:\WINDOWS\system32\drivers\jxglvpjy.sys [X]
S1 kfalbiko; \??\C:\WINDOWS\system32\drivers\kfalbiko.sys [X]
S1 kimqjtog; \??\C:\WINDOWS\system32\drivers\kimqjtog.sys [X]
S1 kscvxbjo; \??\C:\WINDOWS\system32\drivers\kscvxbjo.sys [X]
S1 lmqljarz; \??\C:\WINDOWS\system32\drivers\lmqljarz.sys [X]
S1 mqjfeooh; \??\C:\WINDOWS\system32\drivers\mqjfeooh.sys [X]
S1 nhswftjt; \??\C:\WINDOWS\system32\drivers\nhswftjt.sys [X]
S1 nnwgozhm; \??\C:\WINDOWS\system32\drivers\nnwgozhm.sys [X]
S1 nszeeiak; \??\C:\WINDOWS\system32\drivers\nszeeiak.sys [X]
S1 obnbwmhr; \??\C:\WINDOWS\system32\drivers\obnbwmhr.sys [X]
S1 paieaoeq; \??\C:\WINDOWS\system32\drivers\paieaoeq.sys [X]
S1 pbtrtzlg; \??\C:\WINDOWS\system32\drivers\pbtrtzlg.sys [X]
S1 phrqwixk; \??\C:\WINDOWS\system32\drivers\phrqwixk.sys [X]
S1 resquumc; \??\C:\WINDOWS\system32\drivers\resquumc.sys [X]
S1 snpzsaxx; \??\C:\WINDOWS\system32\drivers\snpzsaxx.sys [X]
S1 tliymesl; \??\C:\WINDOWS\system32\drivers\tliymesl.sys [X]
S1 umcgdxcm; \??\C:\WINDOWS\system32\drivers\umcgdxcm.sys [X]
S1 urnrmynb; \??\C:\WINDOWS\system32\drivers\urnrmynb.sys [X]
S1 utgmyhas; \??\C:\WINDOWS\system32\drivers\utgmyhas.sys [X]
S1 uzwewgvo; \??\C:\WINDOWS\system32\drivers\uzwewgvo.sys [X]
S1 vhkxlalh; \??\C:\WINDOWS\system32\drivers\vhkxlalh.sys [X]
C:\WINDOWS\system32\drivers\anphousq.sys
C:\WINDOWS\system32\drivers\dgttofxi.sys
C:\WINDOWS\system32\drivers\dsxwtoec.sys
C:\WINDOWS\system32\drivers\gcpsuqsx.sys
C:\WINDOWS\system32\drivers\hlgyqhfb.sys
C:\WINDOWS\system32\drivers\iztrvekw.sys
C:\WINDOWS\system32\drivers\jxglvpjy.sys
C:\WINDOWS\system32\drivers\kfalbiko.sys
C:\WINDOWS\system32\drivers\kimqjtog.sys
C:\WINDOWS\system32\drivers\kscvxbjo.sys
C:\WINDOWS\system32\drivers\lmqljarz.sys
C:\WINDOWS\system32\drivers\mqjfeooh.sys
C:\WINDOWS\system32\drivers\nhswftjt.sys
C:\WINDOWS\system32\drivers\nnwgozhm.sys
C:\WINDOWS\system32\drivers\nszeeiak.sys
C:\WINDOWS\system32\drivers\obnbwmhr.sys
C:\WINDOWS\system32\drivers\paieaoeq.sys
C:\WINDOWS\system32\drivers\pbtrtzlg.sys
C:\WINDOWS\system32\drivers\phrqwixk.sys
C:\WINDOWS\system32\drivers\resquumc.sys
C:\WINDOWS\system32\drivers\snpzsaxx.sys
C:\WINDOWS\system32\drivers\tliymesl.sys
C:\WINDOWS\system32\drivers\umcgdxcm.sys
C:\WINDOWS\system32\drivers\urnrmynb.sys
C:\WINDOWS\system32\drivers\utgmyhas.sys
C:\WINDOWS\system32\drivers\uzwewgvo.sys
C:\WINDOWS\system32\drivers\vhkxlalh.sys
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
When it offers to download the virus database allow that as well
Click the "Scan" button to start scan

AswMBR%20scan.JPG

On completion of the scan click save log, save it to your desktop and post in your next reply

#3
grd_87_rg12

Posted 14 April 2015 - 01:20 PM

New Member

Topic Starter
Member
7 posts

Hi Essexboy,

Really appreciate the help, so mega thank you. Since I noticed the problems, I'm now running Malwarebytes premium (I'm on the free trial at the moment). Is this worthwhile? I have the Home Premium as well as the Anti-Exploit protection too. Are these acceptable or can you suggest any better alternatives?

Since restarting, I've not had the RegSvrMgr32 popups. One thing I have noticed is that in the appdata folder, when I open Chrome a file called "etilqs_0hnb84ULiZbFSGb" appears. Not sure what it is, but it disappears when I close Chrome.

Here's my Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-04-2015

Ran by GRD at 2015-04-14 18:53:32 Run:1

Running from C:\Users\GRD\Desktop

Loaded Profiles: GRD & (Available profiles: GRD)

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

CreateRestorePoint:

HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\Run: [IRKsoft] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\GRD\AppData\Local\YTPack\EP0NRE8H.DLL

HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\Run: [YRBPack] => regsvr32.exe C:\Users\GRD\AppData\Local\YRBPack\ASMeulr216I.dll <===== ATTENTION

ShellIconOverlayIdentifiers: [0WinSecurityProvider] -> {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} => No File

Toolbar: HKU\S-1-5-21-809373587-3448285753-2040023688-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

S1 anphousq; \??\C:\WINDOWS\system32\drivers\anphousq.sys [X]

S1 dgttofxi; \??\C:\WINDOWS\system32\drivers\dgttofxi.sys [X]

S1 dsxwtoec; \??\C:\WINDOWS\system32\drivers\dsxwtoec.sys [X]

S1 gcpsuqsx; \??\C:\WINDOWS\system32\drivers\gcpsuqsx.sys [X]

S1 hlgyqhfb; \??\C:\WINDOWS\system32\drivers\hlgyqhfb.sys [X]

S1 iztrvekw; \??\C:\WINDOWS\system32\drivers\iztrvekw.sys [X]

S1 jxglvpjy; \??\C:\WINDOWS\system32\drivers\jxglvpjy.sys [X]

S1 kfalbiko; \??\C:\WINDOWS\system32\drivers\kfalbiko.sys [X]

S1 kimqjtog; \??\C:\WINDOWS\system32\drivers\kimqjtog.sys [X]

S1 kscvxbjo; \??\C:\WINDOWS\system32\drivers\kscvxbjo.sys [X]

S1 lmqljarz; \??\C:\WINDOWS\system32\drivers\lmqljarz.sys [X]

S1 mqjfeooh; \??\C:\WINDOWS\system32\drivers\mqjfeooh.sys [X]

S1 nhswftjt; \??\C:\WINDOWS\system32\drivers\nhswftjt.sys [X]

S1 nnwgozhm; \??\C:\WINDOWS\system32\drivers\nnwgozhm.sys [X]

S1 nszeeiak; \??\C:\WINDOWS\system32\drivers\nszeeiak.sys [X]

S1 obnbwmhr; \??\C:\WINDOWS\system32\drivers\obnbwmhr.sys [X]

S1 paieaoeq; \??\C:\WINDOWS\system32\drivers\paieaoeq.sys [X]

S1 pbtrtzlg; \??\C:\WINDOWS\system32\drivers\pbtrtzlg.sys [X]

S1 phrqwixk; \??\C:\WINDOWS\system32\drivers\phrqwixk.sys [X]

S1 resquumc; \??\C:\WINDOWS\system32\drivers\resquumc.sys [X]

S1 snpzsaxx; \??\C:\WINDOWS\system32\drivers\snpzsaxx.sys [X]

S1 tliymesl; \??\C:\WINDOWS\system32\drivers\tliymesl.sys [X]

S1 umcgdxcm; \??\C:\WINDOWS\system32\drivers\umcgdxcm.sys [X]

S1 urnrmynb; \??\C:\WINDOWS\system32\drivers\urnrmynb.sys [X]

S1 utgmyhas; \??\C:\WINDOWS\system32\drivers\utgmyhas.sys [X]

S1 uzwewgvo; \??\C:\WINDOWS\system32\drivers\uzwewgvo.sys [X]

S1 vhkxlalh; \??\C:\WINDOWS\system32\drivers\vhkxlalh.sys [X]

C:\WINDOWS\system32\drivers\anphousq.sys

C:\WINDOWS\system32\drivers\dgttofxi.sys

C:\WINDOWS\system32\drivers\dsxwtoec.sys

C:\WINDOWS\system32\drivers\gcpsuqsx.sys

C:\WINDOWS\system32\drivers\hlgyqhfb.sys

C:\WINDOWS\system32\drivers\iztrvekw.sys

C:\WINDOWS\system32\drivers\jxglvpjy.sys

C:\WINDOWS\system32\drivers\kfalbiko.sys

C:\WINDOWS\system32\drivers\kimqjtog.sys

C:\WINDOWS\system32\drivers\kscvxbjo.sys

C:\WINDOWS\system32\drivers\lmqljarz.sys

C:\WINDOWS\system32\drivers\mqjfeooh.sys

C:\WINDOWS\system32\drivers\nhswftjt.sys

C:\WINDOWS\system32\drivers\nnwgozhm.sys

C:\WINDOWS\system32\drivers\nszeeiak.sys

C:\WINDOWS\system32\drivers\obnbwmhr.sys

C:\WINDOWS\system32\drivers\paieaoeq.sys

C:\WINDOWS\system32\drivers\pbtrtzlg.sys

C:\WINDOWS\system32\drivers\phrqwixk.sys

C:\WINDOWS\system32\drivers\resquumc.sys

C:\WINDOWS\system32\drivers\snpzsaxx.sys

C:\WINDOWS\system32\drivers\tliymesl.sys

C:\WINDOWS\system32\drivers\umcgdxcm.sys

C:\WINDOWS\system32\drivers\urnrmynb.sys

C:\WINDOWS\system32\drivers\utgmyhas.sys

C:\WINDOWS\system32\drivers\uzwewgvo.sys

C:\WINDOWS\system32\drivers\vhkxlalh.sys

Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

RemoveProxy:

CMD: netsh advfirewall reset

CMD: netsh advfirewall set allprofiles state ON

CMD: ipconfig /flushdns

CMD: netsh winsock reset catalog

CMD: netsh int ip reset c:\resetlog.txt

CMD: ipconfig /release

CMD: ipconfig /renew

CMD: netsh int ipv4 reset

CMD: netsh int ipv6 reset

EmptyTemp:

CMD: bitsadmin /reset /allusers

*****************

Error: (0) Failed to create a restore point.

HKU\S-1-5-21-809373587-3448285753-2040023688-1001\Software\Microsoft\Windows\CurrentVersion\Run\\IRKsoft => value deleted successfully.

HKU\S-1-5-21-809373587-3448285753-2040023688-1001\Software\Microsoft\Windows\CurrentVersion\Run\\YRBPack => value deleted successfully.

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\0WinSecurityProvider" => Key deleted successfully.

HKCR\CLSID\{F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} => Key not found.

HKU\S-1-5-21-809373587-3448285753-2040023688-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.

HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.

anphousq => Service deleted successfully.

dgttofxi => Service deleted successfully.

dsxwtoec => Service deleted successfully.

gcpsuqsx => Service deleted successfully.

hlgyqhfb => Service deleted successfully.

iztrvekw => Service deleted successfully.

jxglvpjy => Service deleted successfully.

kfalbiko => Service deleted successfully.

kimqjtog => Service deleted successfully.

kscvxbjo => Service deleted successfully.

lmqljarz => Service deleted successfully.

mqjfeooh => Service deleted successfully.

nhswftjt => Service deleted successfully.

nnwgozhm => Service deleted successfully.

nszeeiak => Service deleted successfully.

obnbwmhr => Service deleted successfully.

paieaoeq => Service deleted successfully.

pbtrtzlg => Service deleted successfully.

phrqwixk => Service deleted successfully.

resquumc => Service deleted successfully.

snpzsaxx => Service deleted successfully.

tliymesl => Service deleted successfully.

umcgdxcm => Service deleted successfully.

urnrmynb => Service deleted successfully.

utgmyhas => Service deleted successfully.

uzwewgvo => Service deleted successfully.

vhkxlalh => Service deleted successfully.

"C:\WINDOWS\system32\drivers\anphousq.sys" => File/Directory not found.

"C:\WINDOWS\system32\drivers\dgttofxi.sys" => File/Directory not found.

"C:\WINDOWS\system32\drivers\dsxwtoec.sys" => File/Directory not found.

"C:\WINDOWS\system32\drivers\gcpsuqsx.sys" => File/Directory not found.

"C:\WINDOWS\system32\drivers\hlgyqhfb.sys" => File/Directory not found.

"C:\WINDOWS\system32\drivers\iztrvekw.sys" => File/Directory not found.

"C:\WINDOWS\system32\drivers\jxglvpjy.sys" => File/Directory not found.

"C:\WINDOWS\system32\drivers\kfalbiko.sys" => File/Directory not found.

"C:\WINDOWS\system32\drivers\kimqjtog.sys" => File/Directory not found.

"C:\WINDOWS\system32\drivers\kscvxbjo.sys" => File/Directory not found.

"C:\WINDOWS\system32\drivers\lmqljarz.sys" => File/Directory not found.

"C:\WINDOWS\system32\drivers\mqjfeooh.sys" => File/Directory not found.

"C:\WINDOWS\system32\drivers\nhswftjt.sys" => File/Directory not found.

"C:\WINDOWS\system32\drivers\nnwgozhm.sys" => File/Directory not found.

"C:\WINDOWS\system32\drivers\nszeeiak.sys" => File/Directory not found.

"C:\WINDOWS\system32\drivers\obnbwmhr.sys" => File/Directory not found.

"C:\WINDOWS\system32\drivers\paieaoeq.sys" => File/Directory not found.

"C:\WINDOWS\system32\drivers\pbtrtzlg.sys" => File/Directory not found.

"C:\WINDOWS\system32\drivers\phrqwixk.sys" => File/Directory not found.

"C:\WINDOWS\system32\drivers\resquumc.sys" => File/Directory not found.

"C:\WINDOWS\system32\drivers\snpzsaxx.sys" => File/Directory not found.

"C:\WINDOWS\system32\drivers\tliymesl.sys" => File/Directory not found.

"C:\WINDOWS\system32\drivers\umcgdxcm.sys" => File/Directory not found.

"C:\WINDOWS\system32\drivers\urnrmynb.sys" => File/Directory not found.

"C:\WINDOWS\system32\drivers\utgmyhas.sys" => File/Directory not found.

"C:\WINDOWS\system32\drivers\uzwewgvo.sys" => File/Directory not found.

"C:\WINDOWS\system32\drivers\vhkxlalh.sys" => File/Directory not found.

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

========= End of Reg: =========

========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

========= End of Reg: =========

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.

HKU\S-1-5-21-809373587-3448285753-2040023688-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.

HKU\S-1-5-21-809373587-3448285753-2040023688-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.

HKU\S-1-5-21-809373587-3448285753-2040023688-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.

========= End of RemoveProxy: =========

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state ON =========

Ok.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.

You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= netsh int ip reset c:\resetlog.txt =========

Resetting Global, OK!

Resetting Interface, OK!

Resetting Neighbor, OK!

Resetting Path, OK!

Resetting , failed.

Access is denied.

Resetting , OK!

Restart the computer to complete this action.

========= End of CMD: =========

========= ipconfig /release =========

Windows IP Configuration

No operation can be performed on Local Area Connection* 11 while it has its media disconnected.

No operation can be performed on Ethernet while it has its media disconnected.

Wireless LAN adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Wireless LAN adapter WiFi:

Connection-specific DNS Suffix . :

Link-local IPv6 Address . . . . . : fe80::754a:bf2e:197:f05a%4

Default Gateway . . . . . . . . . :

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Tunnel adapter isatap.{7E65F14E-1C2E-45E2-A8D2-B8EB23393408}:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Tunnel adapter Local Area Connection* 2:

Connection-specific DNS Suffix . :

IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:248f:134f:3f57:fff7

Link-local IPv6 Address . . . . . : fe80::248f:134f:3f57:fff7%6

Default Gateway . . . . . . . . . : ::

========= End of CMD: =========

========= ipconfig /renew =========

Windows IP Configuration

No operation can be performed on Local Area Connection* 11 while it has its media disconnected.

No operation can be performed on Ethernet while it has its media disconnected.

Wireless LAN adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Wireless LAN adapter WiFi:

Connection-specific DNS Suffix . :

Link-local IPv6 Address . . . . . : fe80::754a:bf2e:197:f05a%4

IPv4 Address. . . . . . . . . . . : 192.168.0.8

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Tunnel adapter isatap.{7E65F14E-1C2E-45E2-A8D2-B8EB23393408}:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Tunnel adapter Local Area Connection* 2:

Connection-specific DNS Suffix . :

IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:248f:134f:3f57:fff7

Link-local IPv6 Address . . . . . : fe80::248f:134f:3f57:fff7%6

Default Gateway . . . . . . . . . : ::

========= End of CMD: =========

========= netsh int ipv4 reset =========

Resetting Interface, OK!

Resetting , failed.

Access is denied.

Restart the computer to complete this action.

========= End of CMD: =========

========= netsh int ipv6 reset =========

Resetting Interface, OK!

Resetting Neighbor, OK!

Resetting Path, OK!

Resetting , failed.

Access is denied.

Resetting , OK!

Restart the computer to complete this action.

========= End of CMD: =========

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.7.9600 ]

BITS administration utility.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {0DCF1E2B-E1B2-48B7-AA57-6BEEABF74AA4}.

Unable to cancel {3BCC97E5-D77B-48C6-B0A3-E7CF18B6E51B}.

0 out of 2 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 2.4 GB temporary data.

The system needed a reboot.

==== End of Fixlog 19:03:00 ====

and here's the aswMBR log:

Run date: 2015-04-14 19:29:14

-----------------------------

19:29:14.265 OS Version: Windows x64 6.2.9200

19:29:14.265 Number of processors: 4 586 0x403

19:29:14.265 ComputerName: BLACKTOWER UserName: GRD

19:29:17.230 Initialize success

19:29:17.387 VM: initialized successfully

19:29:17.387 VM: Amd CPU supported

19:30:17.170 The log file has been saved successfully to "C:\Users\GRD\Desktop\aswMBR.txt"

19:30:23.314 AVAST engine defs: 15041400

19:30:37.068 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1

19:30:37.084 Disk 0 Vendor: ST1000DX001-1CM162 CC43 Size: 953869MB BusType: 3

19:30:37.084 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0

19:30:37.084 Disk 1 Vendor: ST500DM002-1BD142 KC45 Size: 476940MB BusType: 3

19:30:37.209 Disk 1 MBR read successfully

19:30:37.224 Disk 1 MBR scan

19:30:37.318 Disk 1 Windows 7 default MBR code

19:30:37.334 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476938 MB offset 2048

19:30:37.396 Disk 1 scanning C:\WINDOWS\system32\drivers

19:30:59.599 Service scanning

19:31:50.688 Modules scanning

19:31:50.703 Disk 1 trace - called modules:

19:31:50.719 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys hal.dll PCIIDEX.SYS atapi.sys

19:31:50.735 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xffffe0010c92a060]

19:31:50.735 3 CLASSPNP.SYS[fffff801f714e170] -> nt!IofCallDriver -> [0xffffe0010bf67750]

19:31:50.735 5 ACPI.sys[fffff801f6371c21] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xffffe0010bf6b060]

19:32:02.200 AVAST engine scan C:\WINDOWS

19:32:16.420 AVAST engine scan C:\WINDOWS\system32

19:38:09.923 AVAST engine scan C:\WINDOWS\system32\drivers

19:38:46.691 AVAST engine scan C:\Users\GRD

20:11:18.476 AVAST engine scan C:\ProgramData

20:17:49.245 Disk 1 statistics 4592948/0/0 @ 2.06 MB/s

20:17:49.250 Scan finished successfully

20:19:30.116 Disk 1 MBR has been saved successfully to "C:\Users\GRD\Desktop\MBR.dat"

20:19:30.148 The log file has been saved successfully to "C:\Users\GRD\Desktop\aswMBR.txt"

Again, really really appreciate your help here.

#4
Essexboy

Posted 14 April 2015 - 01:34 PM

GeekU Moderator

Retired Staff
69,964 posts

Malwarebytes is an anti malware product and is mainly targeted at the grey area between adware and virus, it is good for the task but is best used as a standalone adware/Trojan cleaner

From the MBAM site

Malwarebytes Anti-Malware is not meant to be a replacement for antivirus software. Malwarebytes Anti-Malware is a complementary but essential program which detects and removes zero-day malware and "Malware in the Wild".
This includes malicious programs and files, such as virus droppers, worms, trojans, rootkits, dialers, spyware, and rogue applications that many antivirus programs do not detect or cannot fully remove. That being said, there are many infections that Malwarebytes Anti-Malware does not detect or remove which any antivirus software will, such as file infectors.
It is important to note that Malwarebytes Anti-Malware works well and should run alongside antivirus software without conflicts. In some rare instances, exclusions may need to be set for your specific antivirus product to achieve the best possible system performance.

The etilqs folder is where Chrome stores its temporary data during operation

Are you experiencing any problems at all ?

With regards to security set up here is one that I suggested the other day http://www.geekstogo...-program/page-2
Post 26 near the bottom of the page

#5
grd_87_rg12

Posted 14 April 2015 - 01:53 PM

New Member

Topic Starter
Member
7 posts

Looks like everything is running nicely now, thank you so much! I'll get Avast! installed and follow that guide... I had thought MWB in addition to Windows Defender might be ok.

Do you reckon it's safe to use passwords and online banking again?

#6
Essexboy

Posted 14 April 2015 - 02:00 PM

GeekU Moderator

Retired Staff
69,964 posts

Yes you should be OK now as I removed all the bad drivers and reset your network

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown

: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

Malwarebytes.

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:

#7
grd_87_rg12

Posted 14 April 2015 - 03:05 PM

New Member

Topic Starter
Member
7 posts

I can't thank you enough Will let you know if I have any more hiccups! :spoton:

#8
Essexboy

Posted 15 April 2015 - 07:41 AM

GeekU Moderator

Retired Staff
69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Back to Virus, Spyware, Malware Removal · Next Unread Topic →

Also tagged with one or more of these keywords: malware, virus, infection, fix, help

Security → Virus, Spyware, Malware Removal → Having Powersheel.exe Issues ... Need fixlist.txt Started by raj0171 , 19 Mar 2024 Virus, HELP, Malwarebytes	5 replies 2,663 views	DR M 06 Apr 2024
Hardware → Hardware, Components and Peripherals → Recover the hard drive Started by Andrew Board , 16 Jan 2024 data recovery, hard drive, help and 1 more...	2 replies 663 views	phillpower2 16 Jan 2024
Security → Virus, Spyware, Malware Removal → HP desktop - google.com is in Norwegian [Solved] Started by wayneman50 , 23 Jul 2023 internet, google, virus and 1 more... 1 2 3	Hot 41 replies 24,227 views	wayneman50 17 Aug 2023
Security → Virus, Spyware, Malware Removal → Possible Malware infection - help request [Solved] Started by Maffu , 07 May 2023 malware, advapi and 1 more... 1 2 3 4	Hot 51 replies 12,684 views	DR M 26 Jun 2023
Security → Virus, Spyware, Malware Removal → Help getting started checking laptop for malware [Solved] Started by triedeverything , 12 Apr 2023 help, malware, spyware 1 2	Hot 19 replies 5,752 views	DR M 16 Apr 2023