[armangido]

its a trial premium version

[Advertisements]

Ok, Thanks for the info..

You have 2 versions of Malwarebytes (MBAM) installed (not good). I am going to have you uninstall both versions then run the clean tool designed specifically for MBAM. We will then reinstall the newest version.

Since I already have you in the Control Panel > Programs and Features uninstalling those 2 versions of MBAM I am adding a few programs to the list for you to uninstall:

Programs to uninstall:

amuleC (Version: 1.0.2 - amuleC)
amuleC (Version: 1.0.1 - amuleC)
Malwarebytes Anti-Malware versione 2.2.1.1043
Malwarebytes version 3.0.6.1469
WinSnare (Version: 4.2.3 - WinSnare)

Did you intentionally in stall the following?

Аrdamаx Kеylogger 4.6.2 (HKLM-x32\...\Аrdamаx Kеylogger 4.6.2) (Version: - )
Аrdamаx Kеylogger 4.6.2 (HKU\S-1-5-21-505062654-1326284760-2324680239-1000\...\Аrdamаx Kеylogger 4.6.2) (Version: - )

If not, I would uninstall them.

After you uninstall the above programs, please do as follows:

Please download MBAM-clean and save it to your desktop.

• Right-click on mbam-clean.exe icon and select Run as Administrator to start the tool.
• It will ask you to reboot the machine - please do so.
• Run the cleaner again, re-boot when complete. <<<---do not miss this step
• Next:
  
  Download/Scan with Malwarebytes
  
• Download Malwarebytes Anti-Malware by clicking here.
• Start the program and select Update
• Once it has updated select Settings > Detection and Protection
• Tick Scan for rootkits
  
  
• Go back to the Dashboard and select Scan Now
  
  
• If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.
  
  
  
  
• On completion of the scan (or after the reboot), start MBAM.
• Click History, then Application Logs, then check the Select box by the first Scan Log in the list and then click on the log to highlight it.
• Click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.
  

[DonnaB]

Ok, Thanks for the info..

You have 2 versions of Malwarebytes (MBAM) installed (not good). I am going to have you uninstall both versions then run the clean tool designed specifically for MBAM. We will then reinstall the newest version.

Since I already have you in the Control Panel > Programs and Features uninstalling those 2 versions of MBAM I am adding a few programs to the list for you to uninstall:

Programs to uninstall:

amuleC (Version: 1.0.2 - amuleC)
amuleC (Version: 1.0.1 - amuleC)
Malwarebytes Anti-Malware versione 2.2.1.1043
Malwarebytes version 3.0.6.1469
WinSnare (Version: 4.2.3 - WinSnare)

Did you intentionally in stall the following?

Аrdamаx Kеylogger 4.6.2 (HKLM-x32\...\Аrdamаx Kеylogger 4.6.2) (Version: - )
Аrdamаx Kеylogger 4.6.2 (HKU\S-1-5-21-505062654-1326284760-2324680239-1000\...\Аrdamаx Kеylogger 4.6.2) (Version: - )

If not, I would uninstall them.

After you uninstall the above programs, please do as follows:

Please download MBAM-clean and save it to your desktop.

• Right-click on mbam-clean.exe icon and select Run as Administrator to start the tool.
• It will ask you to reboot the machine - please do so.
• Run the cleaner again, re-boot when complete. <<<---do not miss this step
• Next:
  
  Download/Scan with Malwarebytes
  
• Download Malwarebytes Anti-Malware by clicking here.
• Start the program and select Update
• Once it has updated select Settings > Detection and Protection
• Tick Scan for rootkits
  
  
• Go back to the Dashboard and select Scan Now
  
  
• If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.
  
  
  
  
• On completion of the scan (or after the reboot), start MBAM.
• Click History, then Application Logs, then check the Select box by the first Scan Log in the list and then click on the log to highlight it.
• Click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.
  

[armangido]

Yea, Thanks for the info!

[DonnaB]

You're welcome. As soon as the above is completed, we still have some work to do here to clean up residual files and the like..

I'll check back in to see how you are doing after work today.

[armangido]

Hey DonnaB im thinking like trying install new window copy and remove all and replace with new copy of windows its ok for me when i tried the installing Windows 7 its says Windows cannot continue because windows needs file im trying to install Windows 7 Gamer Edition its not corrupted i tried installing from other pc it work but on my pc it says Windows cannot continue blah blah

[armangido]

its a modified version of Windows but i guarantee Safe no Viruses

[armangido]

i want to include a installion of a Malwarebytes directly when the windows installed so that new copy new life heh here the screenshot http://imgur.com/a/uqu3V

[DonnaB]

Well this is a surprise to come home to. After all that work that we/I put into it. Your system was/is not as infected as you think. Sure, you have some programs installed that I wouldn't let touch my system and we have a few files that need to be removed, but all you have to do is uninstall them, remove whatever residual files are left behind, learn safe computing practices and you're on your way to being a happy surfing once again.

Where are you at with this? Did you reinstall? If not, did you follow my instructions that I posted here?

So fill me in here on what I missed out on, please. Which site did you get the Win 7 Gamer edition from?

[armangido]

Yea i reinstall malwarebytes ill send the malwarebytes log later the win 7 gamer it was included on the cd when i brought win 7 all version there was included windows modded version for gamer free of virus its Called Win 7 Gamer Edition by Undeadcrows, yea ill try

[DonnaB]

Yes. Please paste the MBAM log into a post so I can see what it found.

Where did you purchase your Win 7 All in one edition cd/dvd? Not trying to be nosy, just looking out for my best interests... you!

[armangido]

ahh its okay to ask question besides you help me its from A Computer Shop there i saw the cd i purchased it wait i will switch from my pc

[armangido]

BTW Donna i have 2 Anti Virus I have Avast and Malwarebytes should i uninstall the Avast?

[armangido]

This is the viruses all its not a scan

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/29/17
Scan Time: 6:28 AM
Logfile: scan.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.103
Update Package Version: 1.0.1832
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Arman-pc\Arman

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 351453
Time Elapsed: 26 min, 44 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 5
Rootkit.Fileless.MTGen, HKU\S-1-5-21-505062654-1326284760-2324680239-1000_Classes\47aa53\SHELL\OPEN\COMMAND, No Action By User, [1298], [261828],1.0.1832
Adware.Elex, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Apps_Cfg, No Action By User, [2], [377830],1.0.1832
PUP.Optional.ChromeHelper, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\GoogleChromeUpService, No Action By User, [8814], [383226],1.0.1832
Adware.Ghokswa, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\iedvutils, No Action By User, [314], [385272],1.0.1832
Adware.Elex, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WinSnare, No Action By User, [2], [378445],1.0.1832

Registry Value: 2
Rootkit.Fileless.MTGen, HKU\S-1-5-21-505062654-1326284760-2324680239-1000_Classes\47aa53\SHELL\OPEN\COMMAND|, No Action By User, [1298], [261828],1.0.1832
Adware.Ghokswa, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{235F859F-651A-48C5-A381-9C28BAD9E198}, No Action By User, [314], [391309],1.0.1832

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 2
Adware.Elex, C:\USERS\ARMAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\AMULEC, No Action By User, [2], [378430],1.0.1832
Adware.Elex, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\AMULEC, No Action By User, [2], [378430],1.0.1832

File: 3
PUP.Optional.GameHack, C:\PROGRAM FILES (X86)\CHEAT ENGINE 6.6\STANDALONEPHASE1.DAT, No Action By User, [551], [393793],1.0.1832
Adware.Elex, C:\Users\Arman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC\aMuleC.lnk, No Action By User, [2], [378430],1.0.1832
Adware.Elex, C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC\aMuleC.lnk, No Action By User, [2], [378430],1.0.1832

Physical Sector: 0
(No malicious items detected)


(end)

 

Here is the scan log

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/29/17
Scan Time: 6:28 AM
Logfile: scan1.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.103
Update Package Version: 1.0.1832
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Arman-pc\Arman

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 351453
Time Elapsed: 26 min, 44 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 5
Rootkit.Fileless.MTGen, HKU\S-1-5-21-505062654-1326284760-2324680239-1000_Classes\47aa53\SHELL\OPEN\COMMAND, Delete-on-Reboot, [1298], [261828],1.0.1832
Adware.Elex, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Apps_Cfg, Delete-on-Reboot, [2], [377830],1.0.1832
PUP.Optional.ChromeHelper, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\GoogleChromeUpService, Delete-on-Reboot, [8814], [383226],1.0.1832
Adware.Ghokswa, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\iedvutils, Delete-on-Reboot, [314], [385272],1.0.1832
Adware.Elex, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WinSnare, Delete-on-Reboot, [2], [378445],1.0.1832

Registry Value: 2
Rootkit.Fileless.MTGen, HKU\S-1-5-21-505062654-1326284760-2324680239-1000_Classes\47aa53\SHELL\OPEN\COMMAND|, Delete-on-Reboot, [1298], [261828],1.0.1832
Adware.Ghokswa, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{235F859F-651A-48C5-A381-9C28BAD9E198}, Delete-on-Reboot, [314], [391309],1.0.1832

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 2
Adware.Elex, C:\USERS\ARMAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\AMULEC, Delete-on-Reboot, [2], [378430],1.0.1832
Adware.Elex, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\AMULEC, Delete-on-Reboot, [2], [378430],1.0.1832

File: 3
PUP.Optional.GameHack, C:\PROGRAM FILES (X86)\CHEAT ENGINE 6.6\STANDALONEPHASE1.DAT, Delete-on-Reboot, [551], [393793],1.0.1832
Adware.Elex, C:\Users\Arman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC\aMuleC.lnk, Delete-on-Reboot, [2], [378430],1.0.1832
Adware.Elex, C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC\aMuleC.lnk, Delete-on-Reboot, [2], [378430],1.0.1832

Physical Sector: 0
(No malicious items detected)


(end)

[armangido]

Sorry Donna, when i run Rootkit it took my a day to scan all drive ill try to run when i sleep ill try to scan whole drive

[DonnaB]

Keep Avast. The free version of Malwarebytes does not run in real time so will not replace your AntiVirus.

The time it takes to scan depends on the volume of files, I see that it found a rootkit. I am going to have you download and scan with Malwarebytes AntiRootkit to see if it finds anything else. Just to be on the safe side.

Malwarebytes Anti-Rootkit (MBAR)

• Please download Malwarebytes Anti-Rootkit and save the file to your Desktop <--VerY Important
• Right-Click MBAR.exe and select Run as administrator to run the installer.
• Select your Desktop as the location to extract the contents and click OK. The programme should open upon completion.
• Click Next, followed by Update. Upon update completion, click Next.
• Ensure Drivers, Sectors & System are checked and click Scan.
• Note: Do not use your computer during the scan.
• Upon completion:
  • If no infection is found, close the MBAR window.
  • If an infection is found, ensure Create Restore Point is checked and click Cleanup. Reboot when prompted.
• Two logs (mbar-log.txt and system-log.txt) will be created. Copy the contents of both logs and paste in your next reply. Both logs can be found in the MBAR folder.