Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

requested resource is in use.. cannot run mc Affee or any other antivi

antivirus disabled virus cannot access files can not delete virus

  • Please log in to reply

#31
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,491 posts
You did fine. Many victims are amazed at the files this infection drops. Go ahead and let it run over night if necessary. If for reason it does not finish, which there has been times this has occurred, we will stop it then and I will post my next set of instructions.
  • 0

Advertisements


#32
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,491 posts

Sorryabout sending the wrong file...oops

This is the first time you have worked with this tool and I expect oopsy's to happen. You have done a great job so far with running the scans and following instructions. :yes:
  • 0

#33
aKay47

aKay47

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

no ,,,,,i think there is a problem the thing has not moved since yesterday  when i last posted.and says not responding since then. literally has not moved from the same file.


  • 0

#34
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,491 posts
Are you sure the Fix result you posted above is the complete log? The bottom half of the log is missing. To copy the all the content in the log file I find it easiest to open the log then right click and choose Select All from the list which will highlight everything on the text file in blue. Then right click on the same open log file again and this time choose Copy. Then you can come to a reply box here at GeeksToGo and paste what was copied into the reply box.

When you run a scan with MBAR, make sure the program window is open, close all other programs and do not touch your computer until the scan is complete. It'll go through eventually.
  • 0

#35
aKay47

aKay47

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
 
here is the select all copy paste version..  is this one complete?
I didn't touch the computer since yesterday, how do i get the program to close as it is stuck?  should I reboot? close it in task manager?   I don't want to mess up this good thing we have going here by doing the wrong thing
 
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 24-11-2017 01
Ran by April (24-11-2017 22:40:07) Run:1
Running from C:\Users\April\Desktop
Loaded Profiles: April (Available Profiles: April & Classic .NET AppPool & .NET v4.5 & DefaultAppPool & .NET v2.0 & .NET v4.5 Classic & .NET v2.0 Classic)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
() C:\Program Files (x86)\ntuserlitelist\dataup\dataup.exe
C:\Users\April\AppData\Local\ntuserlitelist
C:\Program Files (x86)\ntuserlitelist
() C:\Windows\System32\tprdpw32.exe
() C:\Users\April\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
() C:\Users\April\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\April\AppData\Local\ntuserlitelist
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
S2 Dataup; C:\Program Files (x86)\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
R0 drmkpro64; C:\WINDOWS\System32\drivers\ndistpr64.sys [78112 2013-09-28] () [File not signed] <==== ATTENTION
S3 AppObserver; \??\C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\appobserver64.sys [X]
S1 azwtqkfi; \??\C:\WINDOWS\system32\drivers\azwtqkfi.sys [X]
S1 eoettcum; \??\C:\WINDOWS\system32\drivers\eoettcum.sys [X]
S1 hkotdgis; \??\C:\WINDOWS\system32\drivers\hkotdgis.sys [X]
S1 kzejxclx; \??\C:\WINDOWS\system32\drivers\kzejxclx.sys [X]
S1 nkbromna; \??\C:\WINDOWS\system32\drivers\nkbromna.sys [X]
S1 odvoxhdr; \??\C:\WINDOWS\system32\drivers\odvoxhdr.sys [X]
C:\WINDOWS\system32\drivers\ndistpr64.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {03516F4F-0CA0-42C0-A53F-36384E5CB315} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {08F1B00C-84DB-4F97-AC9D-6E1D1651A152} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {19B45630-1933-4C9A-AA47-8569C68A7D3B} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {338D5739-A62F-48EB-825D-B3583A072594} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {3F716B81-CE98-4DC4-86A2-0E034BD0274F} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {42B07A2F-EE96-4D9D-ADAA-8E058A837C38} - \McAfee\McAfee Idle Detection Task -> No File <==== ATTENTION
Task: {438FF447-4C42-4A66-9F8E-45EA37A26D8E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {5C8C518B-5F80-44EE-8805-67BD1F123601} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {7E4D6F1A-F926-4D1B-9E02-1611C15F5A16} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {7EE9C0AB-9F00-4AA6-84F3-49216534F39C} - \WPD\SqmUpload_S-1-5-21-2751042415-2246998964-2558403214-1001 -> No File <==== ATTENTION
Task: {87FABF81-9ADD-4872-AE58-C151210D4CD2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {8BF5180A-EC42-453A-9E50-A7A74AED0B98} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {A3206F36-1B48-4A73-BFF1-56DA74FC0138} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B2A96232-71C1-48B7-A7B0-AC9AE7D8D2E9} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D2DBB54F-F9FA-4E0C-A688-D60E872C26BD} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-04-18] (Microleaves) <==== ATTENTION
Task: {F037890D-BBFF-4886-8EC6-6C641AEDA471} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {FF0EE298-FC3A-4696-B70C-E4986F1C8FC5} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION
Hosts:
Emptytemp:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
RemoveProxy:
 
 
 
 
 
 
 
 
 
 
 
*****************

  • 0

#36
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,491 posts
No it's not. It should display the following at the end of the fixlog (*****************)

==== End of Fixlog 20:06:47 ====

I have a feeling it didn't run correctly. Let's run the script again just to make sure. Please do as follows:

Please do as follows:

Right click and delete the fixlist script you have on your desktop.

Next:
  • Download the attached fixlist.txt to your Desktop.

    >>Attached File  fixlist.txt   7.67KB   12 downloads<<

    Please note: fixlist.txt must be saved to your desktop since that is where FRST64.exe is located
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Click FRST64.exe icon to open the program.
  • Press the Fix button just once and wait.
  • FRST64.exe will execute, search and find the fixlist.txt downloaded to your desktop.
  • When FRST64.exe is finished executing the script, the fixlist.txt will disappear and will be replaced by a log that will be named (Fixlog.txt) which you will find on your desktop. Please post it to your reply.
  • I will wait to post my next set of instructions after I see the Fixlog.txt.

  • 0

#37
aKay47

aKay47

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Fix result of Farbar Recovery Scan Tool (x64) Version: 26-11-2017
Ran by April (26-11-2017 13:27:31) Run:2
Running from C:\Users\April\Desktop
Loaded Profiles: April (Available Profiles: April & Classic .NET AppPool & .NET v4.5 & DefaultAppPool & .NET v2.0 & .NET v4.5 Classic & .NET v2.0 Classic)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
() C:\Program Files (x86)\ntuserlitelist\dataup\dataup.exe
C:\Users\April\AppData\Local\ntuserlitelist
C:\Program Files (x86)\ntuserlitelist
() C:\Windows\System32\tprdpw32.exe
() C:\Users\April\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
() C:\Users\April\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\April\AppData\Local\ntuserlitelist
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
S2 Dataup; C:\Program Files (x86)\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
R0 drmkpro64; C:\WINDOWS\System32\drivers\ndistpr64.sys [78112 2013-09-28] () [File not signed] <==== ATTENTION
S3 AppObserver; \??\C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\appobserver64.sys [X]
S1 azwtqkfi; \??\C:\WINDOWS\system32\drivers\azwtqkfi.sys [X]
S1 eoettcum; \??\C:\WINDOWS\system32\drivers\eoettcum.sys [X]
S1 hkotdgis; \??\C:\WINDOWS\system32\drivers\hkotdgis.sys [X]
S1 kzejxclx; \??\C:\WINDOWS\system32\drivers\kzejxclx.sys [X]
S1 nkbromna; \??\C:\WINDOWS\system32\drivers\nkbromna.sys [X]
S1 odvoxhdr; \??\C:\WINDOWS\system32\drivers\odvoxhdr.sys [X]
C:\WINDOWS\system32\drivers\ndistpr64.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {03516F4F-0CA0-42C0-A53F-36384E5CB315} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {08F1B00C-84DB-4F97-AC9D-6E1D1651A152} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {19B45630-1933-4C9A-AA47-8569C68A7D3B} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {338D5739-A62F-48EB-825D-B3583A072594} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {3F716B81-CE98-4DC4-86A2-0E034BD0274F} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {42B07A2F-EE96-4D9D-ADAA-8E058A837C38} - \McAfee\McAfee Idle Detection Task -> No File <==== ATTENTION
Task: {438FF447-4C42-4A66-9F8E-45EA37A26D8E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {5C8C518B-5F80-44EE-8805-67BD1F123601} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {7E4D6F1A-F926-4D1B-9E02-1611C15F5A16} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {7EE9C0AB-9F00-4AA6-84F3-49216534F39C} - \WPD\SqmUpload_S-1-5-21-2751042415-2246998964-2558403214-1001 -> No File <==== ATTENTION
Task: {87FABF81-9ADD-4872-AE58-C151210D4CD2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {8BF5180A-EC42-453A-9E50-A7A74AED0B98} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {A3206F36-1B48-4A73-BFF1-56DA74FC0138} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B2A96232-71C1-48B7-A7B0-AC9AE7D8D2E9} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D2DBB54F-F9FA-4E0C-A688-D60E872C26BD} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-04-18] (Microleaves) <==== ATTENTION
Task: {F037890D-BBFF-4886-8EC6-6C641AEDA471} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {FF0EE298-FC3A-4696-B70C-E4986F1C8FC5} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION
Hosts:
Emptytemp:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
RemoveProxy:
 
 
 
 
 
 
 
 
 
 
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\ntuserlitelist\dataup\dataup.exe => No running process found
C:\Users\April\AppData\Local\ntuserlitelist => moved successfully
"C:\Program Files (x86)\ntuserlitelist" => not found.
C:\Windows\System32\tprdpw32.exe => No running process found
C:\Users\April\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe => No running process found
C:\Users\April\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe => No running process found
C:\Users\April\AppData\Local\ntuserlitelist => No running process found
"C:\WINDOWS\system32\GroupPolicy\Machine" => not found.
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key removed successfully
HKLM\Software\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found
HKLM\System\CurrentControlSet\Services\Dataup => key could not remove, key could be protected
drmkpro64 => Unable to stop service.
HKLM\System\CurrentControlSet\Services\drmkpro64 => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\AppObserver => key removed successfully
AppObserver => service removed successfully
HKLM\System\CurrentControlSet\Services\azwtqkfi => key removed successfully
azwtqkfi => service removed successfully
HKLM\System\CurrentControlSet\Services\eoettcum => key removed successfully
eoettcum => service removed successfully
HKLM\System\CurrentControlSet\Services\hkotdgis => key removed successfully
hkotdgis => service removed successfully
HKLM\System\CurrentControlSet\Services\kzejxclx => key removed successfully
kzejxclx => service removed successfully
HKLM\System\CurrentControlSet\Services\nkbromna => key removed successfully
nkbromna => service removed successfully
HKLM\System\CurrentControlSet\Services\odvoxhdr => key removed successfully
odvoxhdr => service removed successfully
"C:\WINDOWS\system32\drivers\ndistpr64.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION" => not found.
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208} => key removed successfully
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448} => key removed successfully
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4} => key removed successfully
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1} => key removed successfully
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856} => key removed successfully
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4} => key removed successfully
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E} => key removed successfully
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98} => key removed successfully
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247} => key removed successfully
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04} => key removed successfully
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8} => key removed successfully
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A} => key removed successfully
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA} => key removed successfully
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2} => key removed successfully
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9} => key removed successfully
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF} => key removed successfully
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E} => key removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{03516F4F-0CA0-42C0-A53F-36384E5CB315} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03516F4F-0CA0-42C0-A53F-36384E5CB315} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08F1B00C-84DB-4F97-AC9D-6E1D1651A152} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08F1B00C-84DB-4F97-AC9D-6E1D1651A152} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{19B45630-1933-4C9A-AA47-8569C68A7D3B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19B45630-1933-4C9A-AA47-8569C68A7D3B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{338D5739-A62F-48EB-825D-B3583A072594} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{338D5739-A62F-48EB-825D-B3583A072594} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3F716B81-CE98-4DC4-86A2-0E034BD0274F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F716B81-CE98-4DC4-86A2-0E034BD0274F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{42B07A2F-EE96-4D9D-ADAA-8E058A837C38} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42B07A2F-EE96-4D9D-ADAA-8E058A837C38} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\McAfee Idle Detection Task => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{438FF447-4C42-4A66-9F8E-45EA37A26D8E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{438FF447-4C42-4A66-9F8E-45EA37A26D8E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5C8C518B-5F80-44EE-8805-67BD1F123601} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C8C518B-5F80-44EE-8805-67BD1F123601} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7E4D6F1A-F926-4D1B-9E02-1611C15F5A16} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E4D6F1A-F926-4D1B-9E02-1611C15F5A16} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7EE9C0AB-9F00-4AA6-84F3-49216534F39C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7EE9C0AB-9F00-4AA6-84F3-49216534F39C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-2751042415-2246998964-2558403214-1001 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{87FABF81-9ADD-4872-AE58-C151210D4CD2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{87FABF81-9ADD-4872-AE58-C151210D4CD2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8BF5180A-EC42-453A-9E50-A7A74AED0B98} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8BF5180A-EC42-453A-9E50-A7A74AED0B98} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A3206F36-1B48-4A73-BFF1-56DA74FC0138} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3206F36-1B48-4A73-BFF1-56DA74FC0138} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B2A96232-71C1-48B7-A7B0-AC9AE7D8D2E9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2A96232-71C1-48B7-A7B0-AC9AE7D8D2E9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D2DBB54F-F9FA-4E0C-A688-D60E872C26BD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2DBB54F-F9FA-4E0C-A688-D60E872C26BD} => key removed successfully
C:\WINDOWS\System32\Tasks\Updater_Online_Application => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater_Online_Application => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F037890D-BBFF-4886-8EC6-6C641AEDA471} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F037890D-BBFF-4886-8EC6-6C641AEDA471} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FF0EE298-FC3A-4696-B70C-E4986F1C8FC5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF0EE298-FC3A-4696-B70C-E4986F1C8FC5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
C:\WINDOWS\Tasks\Updater_Online_Application.job => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
========= netsh advfirewall reset =========
 
The following helper DLL cannot be loaded: FWCFG.DLL.
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state on =========
 
The following helper DLL cannot be loaded: FWCFG.DLL.
Ok.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 7364608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 132331511 B
Java, Flash, Steam htmlcache => 15494 B
Windows/system/drivers => 202762991 B
Edge => 57514097 B
Chrome => 403917023 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 87648 B
NetworkService => 489719044 B
April => 1312186216 B
Classic .NET AppPool => 0 B
.NET v4.5 => 0 B
DefaultAppPool => 0 B
.NET v2.0 => 0 B
.NET v4.5 Classic => 0 B
.NET v2.0 Classic => 0 B
 
RecycleBin => 1130114687 B
EmptyTemp: => 3.5 GB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 26-11-2017 14:58:13)
 
 
Result of scheduled keys to remove after reboot:
 
HKLM\System\CurrentControlSet\Services\Dataup => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\drmkpro64 => key could not remove, key could be protected
 
==== End of Fixlog 14:58:14 ====

  • 0

#38
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,491 posts
Perfect! Let's try to run Malwarebytes Anti-rootkit again and see if we have better luck this time. If not, there are other tricks we can try...

No need to download a second time. Just start where the instructions tell you to:

Malwarebytes Anti-Rootkit (MBAR)
  • Right-Click MBAR.exe and select AVOiBNU.jpgRun as administrator to run the installer.
  • Select your Desktop as the location to extract the contents and click OK. The programme should open upon completion.
  • Click Next, followed by Update. Upon update completion, click Next.
  • Ensure Drivers, Sectors & System are checked and click Scan.
  • Note: Do not use your computer during the scan.
  • Upon completion:
    • If no infection is found, close the MBAR window.
    • If an infection is found, ensure Create Restore Point is checked and click Cleanup. Reboot when prompted.
  • Two logs (mbar-log.txt and system-log.txt) will be created. Copy the contents of both logs and paste in your next reply. Both logs can be found in the MBAR folder.
  • Instructins with pictures can be found here.

  • 0

#39
aKay47

aKay47

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

hmmmm having the issue where i can not see what is written in the boxes again. could you send me screen shots of what the program looks like so i can ensure that i press the correct prompts?  i apologize for the extra work when you are doing so much already, but I thank you 


  • 0

#40
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,491 posts
See if you can boot the computer into Safe Mode and run MBAR.
  • 0

Advertisements


#41
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,491 posts
If that fails, have a look at the instructions to run MBAR in the link below:

Malwarebytes Anti Rootkit (MBAR)

There are step by step pictures. You will want to start at Step 3 since you have already downloaded it to your desktop.
  • 0

#42
aKay47

aKay47

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
I walked out of theroom and my computer was rebooting when i walked back in . This was after it had the blue screen of death while running mbar last time. I am going to runit onemore time and stay in the room this time to see what happens... ij6st sawyour mssg about running in safe mode so i am going yo try y
That this time
  • 0

#43
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,491 posts
Good morning aKay47,

Unfortunately, back to work for me today. Just checking in on how MBAR did with this last try in safe mode. This infection is a beast and I got word from the tool developers that they in the process of updating MBAR to meet the changing needs of this infection. If you have the patience, please leave MBAR to run all day if necessary. The reason it keeps freezing is because it is encountering a tough file that it is processing.

Earlier you had mentioned that you were using a tablet to communicate with me. What Operating System is on this tablet? Windows or Android? I am trying to think of a way to get around this beastly infection to annihilate it.

Couple of questions....

Do you have access to a second Windows computer and a USB drive?
Do you have a USB drive that we could use to see if we could get into the recovery console to conquer the beast?
Do you happen to have a W10 USB recovery media?

I am thinking that even if the tablet you are using is an Android and has a USB port, we may be able to download a Windows file to it and copy to the USB. Not sure about that so I will ask one of my associates what the possibility is.

Back later today around 5pm CST.
  • 0

#44
aKay47

aKay47

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
The two would not work in safe mode at all. Cats getting the response of resource is in use in safe mode when trying to run the toll. I did run it in regular mode rebooted into regular mode and I am once again stuck for over while since about midnight on the same file I'll send you a picture I'm getting ready to go to school so I'll be in school till 9 tonight I'll check back and you can tell me what I'm supposed to do...nevermind can not figure how to attach the file onmy tablet. Todayisback to reality, school 1 till 9pm i will check back when i get home. Have an awesome day!
  • 0

#45
aKay47

aKay47

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Figured it out
  • 0






Similar Topics


Also tagged with one or more of these keywords: antivirus disabled, virus, cannot access files, can not delete virus

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP