[zep516]

Actually I have not seen the error till now,

Some information here
https://www.howtogee...-in-windows-10/

You got JRT to run, can you get adwCleaner to run now

[Advertisements]

ok

[zep516]

ok

[Informah]

 

 

# AdwCleaner v6.047 - Logfile created 31/05/2017 at 03:36:10
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-05-30.2 [Local]
# Operating System : Windows 10 Pro  (X64)
# Username : User - INFORMAH
# Running from : C:\Users\User\Downloads\adwcleaner_6.047.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

 

***** [ Services ] *****

[-] Service deleted: OneDirveSrv
[-] Service deleted: JszipService

***** [ Folders ] *****

[-] Folder deleted: C:\Users\User\AppData\Local\SNAREA
[-] Folder deleted: C:\Users\User\AppData\Local\WANARE
[-] Folder deleted: C:\Users\User\AppData\Local\SANARE
[-] Folder deleted: C:\Users\User\AppData\Local\VNASRE
[-] Folder deleted: C:\Users\User\AppData\Local\background_fault
[-] Folder deleted: C:\Users\User\AppData\Local\Bagsarah
[-] Folder deleted: C:\Users\User\AppData\Local\NPASRE
[-] Folder deleted: C:\Users\User\AppData\Local\CWASRE
[-] Folder deleted: C:\Users\User\AppData\Local\CSHMDR
[-] Folder deleted: C:\Users\User\AppData\Local\terana
[-] Folder deleted: C:\Users\User\AppData\Roaming\WinSAPSvc
[-] Folder deleted: C:\Users\User\AppData\Roaming\SNARER
[-] Folder deleted: C:\Program Files\f09er35s
[-] Folder deleted: C:\Cosusp
[-] Folder deleted: C:\Insist
[-] Folder deleted: C:\Pipisy
[-] Folder deleted: C:\Reimward
[-] Folder deleted: C:\Terward
[-] Folder deleted: C:\Reaqapytegupy
[-] Folder deleted: C:\ProgramData\VideoMemoryDiagnostic
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YeaDesktop
[#] Folder deleted on reboot: C:\Program Files (x86)\Jirary
[-] Folder deleted: C:\Program Files (x86)\Firefox
[-] Folder deleted: C:\Users\User\AppData\Roaming\Mozilla\Firefox\naweriweentcofise
[-] Folder deleted: C:\Users\User\AppData\Roaming\Firefox
[-] Folder deleted: C:\Users\User\AppData\Local\Firefox
[-] Folder deleted: C:\UPDATE\PSGO
[-] Folder deleted: C:\Users\User\AppData\Local\SNARE
[-] Folder deleted: C:\Windows\Update\psgo
[#] Folder deleted on reboot: C:\Users\User\AppData\Local\background_fault
[#] Folder deleted on reboot: C:\Insist
[#] Folder deleted on reboot: C:\Cosusp

***** [ Files ] *****

[-] File deleted: C:\Users\User\Downloads\SysInfo.exe
[-] File deleted: C:\Windows\SysNative\log\iSafeKrnlCall.log
[-] File deleted: C:\Windows\SysNative\drivers\iSafeKrnlBoot.sys
[-] File deleted: C:\Users\Public\Documents\temp.dat
[-] File deleted: C:\Users\Public\Documents\report.dat

***** [ DLL ] *****

 

***** [ WMI ] *****

 

***** [ Shortcuts ] *****

 

***** [ Scheduled Tasks ] *****

[-] Task deleted: Qahight
[-] Task deleted: Windows-PG
[-] Task deleted: Microsoft\Windows\MemoryDiagnostic\VideoMemoryDiagnostic

***** [ Registry ] *****

[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARER
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARER
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARE
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARE
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNAREA
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNAREA
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\ANSARE
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\ANSARE
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WANARE
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WANARE
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SANARE
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SANARE
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\VNASRE
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\VNASRE
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\NPASRE
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\NPASRE
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\CWASRE
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\CWASRE
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\CSHMDR
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\CSHMDR
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\terana
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\terana
[-] Key deleted: HKLM\SOFTWARE\Classes\JZipShell.DragDropMenu
[-] Key deleted: HKLM\SOFTWARE\Classes\JZipShell.DragDropMenu.1
[-] Key deleted: HKLM\SOFTWARE\Classes\JZipShell.JZContextMenuExt
[-] Key deleted: HKLM\SOFTWARE\Classes\JZipShell.JZContextMenuExt.1
[-] Key deleted: HKLM\SOFTWARE\Classes\JZipShell.JZDropHandler
[-] Key deleted: HKLM\SOFTWARE\Classes\JZipShell.JZDropHandler.1
[-] Key deleted: HKLM\SOFTWARE\Classes\JZipShell.JzShlobj
[-] Key deleted: HKLM\SOFTWARE\Classes\JZipShell.JzShlobj.1
[-] Key deleted: HKLM\SOFTWARE\Classes\JZipShell.PropertyExt
[-] Key deleted: HKLM\SOFTWARE\Classes\JZipShell.PropertyExt.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\JZipShell.DragDropMenu
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\JZipShell.DragDropMenu.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\JZipShell.JZContextMenuExt
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\JZipShell.JZContextMenuExt.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\JZipShell.JZDropHandler
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\JZipShell.JZDropHandler.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\JZipShell.JzShlobj
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\JZipShell.JzShlobj.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\JZipShell.PropertyExt
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\JZipShell.PropertyExt.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{FF20459C-DA6E-41A7-80BC-8F4FEFD9C575}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{73F208F0-628E-4E2C-A8E5-E7A06B71AB01}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{CC8A7CCD-5D3D-4DE1-A658-63315C4CBCC4}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{764C8270-3798-46F1-8ECE-23F531AF8CEE}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF20459C-DA6E-41A7-80BC-8F4FEFD9C575}
[-] Key deleted: HKU\.DEFAULT\Software\b`nl{y
[-] Key deleted: HKU\.DEFAULT\Software\ompndb
[-] Key deleted: HKU\.DEFAULT\Software\ecb`nl
[-] Key deleted: HKU\S-1-5-21-2501153814-4213713238-597727832-1001\Software\Conduit
[-] Key deleted: HKU\S-1-5-21-2501153814-4213713238-597727832-1001\Software\Installer
[-] Key deleted: HKU\S-1-5-21-2501153814-4213713238-597727832-1001\Software\System Healer
[-] Key deleted: HKU\S-1-5-21-2501153814-4213713238-597727832-1001\Software\MICROSOFT\wewewe
[-] Key deleted: HKU\S-1-5-21-2501153814-4213713238-597727832-1001\Software\isMiner
[-] Key deleted: HKU\S-1-5-21-2501153814-4213713238-597727832-1001\Software\YeaDesktop
[-] Key deleted: HKU\S-1-5-21-2501153814-4213713238-597727832-1001\Software\Bagsarah
[-] Key deleted: HKU\S-1-5-21-2501153814-4213713238-597727832-1001\Software\JiSuZip
[#] Key deleted on reboot: HKU\S-1-5-18\Software\b`nl{y
[#] Key deleted on reboot: HKU\S-1-5-18\Software\ompndb
[#] Key deleted on reboot: HKU\S-1-5-18\Software\ecb`nl
[#] Key deleted on reboot: HKCU\Software\Conduit
[#] Key deleted on reboot: HKCU\Software\Installer
[#] Key deleted on reboot: HKCU\Software\System Healer
[#] Key deleted on reboot: HKCU\Software\MICROSOFT\wewewe
[#] Key deleted on reboot: HKCU\Software\isMiner
[#] Key deleted on reboot: HKCU\Software\YeaDesktop
[#] Key deleted on reboot: HKCU\Software\Bagsarah
[#] Key deleted on reboot: HKCU\Software\JiSuZip
[-] Key deleted: HKLM\SOFTWARE\Conduit
[-] Key deleted: HKLM\SOFTWARE\youndooSoftware
[-] Key deleted: HKLM\SOFTWARE\ScreenShot
[-] Key deleted: HKLM\SOFTWARE\b`nl{y
[-] Key deleted: HKLM\SOFTWARE\ompndb
[-] Key deleted: HKLM\SOFTWARE\ecb`nl
[-] Key deleted: HKLM\SOFTWARE\Microleaves
[-] Key deleted: HKLM\SOFTWARE\{84416237-6490-494D-9AD6-4994DD978971}
[-] Key deleted: HKLM\SOFTWARE\initialpage123Software
[-] Key deleted: HKLM\SOFTWARE\ourluckysitesSoftware
[-] Key deleted: HKLM\SOFTWARE\Bagsarah
[-] Key deleted: HKLM\SOFTWARE\JiSuZip
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YeaDesktop
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
[#] Key deleted on reboot: [x64] HKCU\Software\Conduit
[#] Key deleted on reboot: [x64] HKCU\Software\Installer
[#] Key deleted on reboot: [x64] HKCU\Software\System Healer
[#] Key deleted on reboot: [x64] HKCU\Software\MICROSOFT\wewewe
[#] Key deleted on reboot: [x64] HKCU\Software\isMiner
[#] Key deleted on reboot: [x64] HKCU\Software\YeaDesktop
[#] Key deleted on reboot: [x64] HKCU\Software\Bagsarah
[#] Key deleted on reboot: [x64] HKCU\Software\JiSuZip
[-] Key deleted: [x64] HKLM\SOFTWARE\b`nl{y
[-] Key deleted: [x64] HKLM\SOFTWARE\ompndb
[-] Key deleted: [x64] HKLM\SOFTWARE\ecb`nl
[-] Key deleted: [x64] HKLM\SOFTWARE\InterSect Alliance
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchy
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{24F5E422-6A70-4FAA-8CAD-E23D5DC1DAE6}
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD0688A5-FC8B-4E93-A485-CBF606A56D49}
[-] Value deleted: HKU\S-1-5-21-2501153814-4213713238-597727832-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [background_fault]
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\jZipShell.DLL
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
[#] Key deleted on reboot: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
[#] Key deleted on reboot: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [Kitty]
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [BIT]
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [YeaDesktop.exe]

***** [ Web browsers ] *****

 

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [11085 Bytes] - [31/05/2017 03:36:10]
C:\AdwCleaner\AdwCleaner[S0].txt - [10258 Bytes] - [31/05/2017 03:24:46]
C:\AdwCleaner\AdwCleaner[S1].txt - [10332 Bytes] - [31/05/2017 03:28:20]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [11307 Bytes] ##########

[Informah]

while I was running the AWD.exe it stopped working, but after I waited a lot of time it deleted the files and infected folders it wanted restart and now I send you the logs from it

[zep516]

Malwarebytes next, looking good a ways to go yet..

[Informah]

ok I just went in that 3-rd step after I sended you the logs from AWD.
So I went in the download link, saved it and it popped up the message saying:
The signature of mb3-setup-consumer-3.1.2.1733-1.0.122-1.0.1976.exe is corrupt or invalid
then shows me 2 options: Delete and View downloads.
 

[zep516]

See if this link works, save the file to the desktop and run it.

https://www.malwareb...nload/thankyou/

[Informah]

nope it says the same thing as the previous one

[Informah]

I will try to run it again with the command promp, hold on

[Informah]

ok it asked me for language for the installation, it started, but then stopped after I clicked OK and it says:
Runtime Error (at 49:120):

Could not all proc.

[Informah]

by the way  I came back in the topic from internet explorer since it was the only viable browser to go back in the internet, the popping windows from Initial123 stopped popping all the time, which I think its good, but all the time Microsoft Edge is popping and it shows blue screen and one big E in the middle of it, should I worry about that, is it something from the malware invasion>?

[zep516]

One more link to try

https://www.bleeping...malware/dl/344/ wait for save dialog box to pop up then save file.

No go there, try the other tool below

• Download Emsisoft Emergency Kit and save it to your desktop.
• Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
• Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
• Click Yes to update the program
• Once the update is completed click the Back button
• Click on 2. Scan (not Quick Scan or Smart Scan Click Yes to detect Potentially Unwanted Programs (PUPs)
• Patiently wait for the thorough scan to complete, this can be a lengthy process
• Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
• Click View Report
• Attach the report to your reply
• Close the program then click Close

[Informah]

ok now I'm on the scan part, the prompt command helps a lot by running these programs, good I write how to use it

[Informah]

ok it send the infected files under quarantine and wanted a restart, I did the restart, but I don't know where to view that log so I can send it to you, should I start again the scan or?

[zep516]

You mean the malwarebytes scan

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the Scan Log which shows the Date and time of the scan just performed.
• Click 'Export'.
• Click 'Text file (*.txt)'
• In the Save File dialog box which appears, click on Desktop.
• In the File name: box type a name for your scan log.
• A message box named 'File Saved' should appear stating "Your file has been successfully exported".
• Click Ok
• post that saved log to your next reply.