Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Bad Virus found on windows 7, losing hard-drive space, HELP!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Bad Virus found on windows 7, losing hard-drive space, H

Unread postby boynsini_13 » January 23rd, 2015, 3:19 am

A. No Problems.

B. junction.zip log: Attached
junction log.txt
You do not have the required permissions to view the files attached to this post.
boynsini_13
Regular Member
 
Posts: 79
Joined: January 3rd, 2015, 6:15 am
Advertisement
Register to Remove

Re: Bad Virus found on windows 7, losing hard-drive space, H

Unread postby boynsini_13 » January 23rd, 2015, 5:05 am

C. Problem with OTL Fix: Computer boots up to login screen, then loads to a black screen where I can't see anything but the cursor. I was able to push control, alt, delete and manually run task manager and safari by searching for it and it loaded. Though, I don't know now if there's something wrong with the fix or how to go about it from this point.

D. Before I had the problem above, my hard-drive free space was 10.4 gigabytes.

E. Changes with display driver (i'm guessing, causing the black screen), can't tell for sure.
boynsini_13
Regular Member
 
Posts: 79
Joined: January 3rd, 2015, 6:15 am

Re: Bad Virus found on windows 7, losing hard-drive space, H

Unread postby boynsini_13 » January 23rd, 2015, 9:39 pm

C. I may have jumped the gun on the OTL scan..... It took a long time to run (12 hours) and come up with the log. When i just got home at 5:30pm, everything was back to normal and the log popped up:

OTL LOG:


All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2609911718-454996853-969934346-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Memeo AutoSync deleted successfully.
C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Memeo Instant Backup deleted successfully.
C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Memeo Send deleted successfully.
C:\Program Files (x86)\Memeo\Memeo Send\MemeoLauncher.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Seagate Dashboard deleted successfully.
C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe moved successfully.
Starting removal of ActiveX control {6A060448-60F9-11D5-A6CD-0002B31F7455}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6A060448-60F9-11D5-A6CD-0002B31F7455}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6A060448-60F9-11D5-A6CD-0002B31F7455}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A060448-60F9-11D5-A6CD-0002B31F7455}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6A060448-60F9-11D5-A6CD-0002B31F7455}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A060448-60F9-11D5-A6CD-0002B31F7455}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {C345E174-3E87-4F41-A01C-B066A90A49B4}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C345E174-3E87-4F41-A01C-B066A90A49B4}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C345E174-3E87-4F41-A01C-B066A90A49B4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C345E174-3E87-4F41-A01C-B066A90A49B4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C345E174-3E87-4F41-A01C-B066A90A49B4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C345E174-3E87-4F41-A01C-B066A90A49B4}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\Users\brianboyns\AppData\Roaming\IObit\Smart Defrag 3 folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit\Smart Defrag 2 folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit\IObit Uninstaller\UMLog folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit\IObit Uninstaller\Log folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit\IObit Uninstaller folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit\IObit Malware Fighter folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit\Driver Booster\Logs\Scan folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit\Driver Booster\Logs\Main folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit\Driver Booster\Logs\Install folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit\Driver Booster\Logs folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit\Driver Booster\License folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit\Driver Booster folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit\Advanced SystemCare V8\Startup Manager\ShortcutPublic folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit\Advanced SystemCare V8\Startup Manager\Shortcut folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit\Advanced SystemCare V8\Startup Manager folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit\Advanced SystemCare V8\SmartRAM folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit\Advanced SystemCare V8\Registrycleaner\backup\Registry folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit\Advanced SystemCare V8\Registrycleaner\backup folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit\Advanced SystemCare V8\Registrycleaner folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit\Advanced SystemCare V8\ProgramDeactivator folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit\Advanced SystemCare V8\Log folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit\Advanced SystemCare V8\Internet Booster folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit\Advanced SystemCare V8\Homepage Protection folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit\Advanced SystemCare V8\EmptyFolder folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit\Advanced SystemCare V8\DiskCleaner folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit\Advanced SystemCare V8\boottime folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit\Advanced SystemCare V8\Backup folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit\Advanced SystemCare V8 folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit\Advanced SystemCare V7\Temp folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit\Advanced SystemCare V7\Startup Manager folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit\Advanced SystemCare V7\SmartRAM folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit\Advanced SystemCare V7\Registrycleaner\backup\Registry folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit\Advanced SystemCare V7\Registrycleaner\backup folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit\Advanced SystemCare V7\Registrycleaner folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit\Advanced SystemCare V7\ProgramDeactivator folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit\Advanced SystemCare V7\Log folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit\Advanced SystemCare V7\Internet Booster folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit\Advanced SystemCare V7\Homepage Protection folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit\Advanced SystemCare V7\EmptyFolder folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit\Advanced SystemCare V7\DiskCleaner folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit\Advanced SystemCare V7\Boottime folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit\Advanced SystemCare V7\Backup folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit\Advanced SystemCare V7 folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit\Advanced SystemCare V6\Temp folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit\Advanced SystemCare V6\Log folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit\Advanced SystemCare V6\Internet Booster folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit\Advanced SystemCare V6\Boottime folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit\Advanced SystemCare V6\Backup folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit\Advanced SystemCare V6 folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit\Advanced SystemCare V5\Toolbox folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit\Advanced SystemCare V5\Log folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit\Advanced SystemCare V5\Boottime folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit\Advanced SystemCare V5\Backup folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit\Advanced SystemCare V5 folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\IObit folder moved successfully.
C:\Users\Default\AppData\Roaming\IObit\Advanced SystemCare V7\Log folder moved successfully.
C:\Users\Default\AppData\Roaming\IObit\Advanced SystemCare V7\Backup folder moved successfully.
C:\Users\Default\AppData\Roaming\IObit\Advanced SystemCare V7 folder moved successfully.
C:\Users\Default\AppData\Roaming\IObit folder moved successfully.
Folder C:\Users\Default User\AppData\Roaming\IObit\ not found.
Folder C:\Users\brianboyns\AppData\Roaming\WeatherBug\ not found.
C:\Users\brianboyns\AppData\Roaming\Memeo\Memeo Send\logs folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\Memeo\Memeo Send folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\Memeo\AutoSync\logs folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\Memeo\AutoSync folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\Memeo\AutoBackup\logs folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\Memeo\AutoBackup\instances\65B1C671-DDFD-42E7-97CE-195027BB1D82\copy folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\Memeo\AutoBackup\instances\65B1C671-DDFD-42E7-97CE-195027BB1D82 folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\Memeo\AutoBackup\instances folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\Memeo\AutoBackup folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\Memeo folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1\Local Store\#SharedObjects folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1\Local Store\#ApplicationUpdater folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1\Local Store folder moved successfully.
C:\Users\brianboyns\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1 folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Arborist
->Temp folder emptied: 0 bytes

User: Arborist.brianboyns-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: brianboyns
->Temp folder emptied: 274068031 bytes
->Temporary Internet Files folder emptied: 4569568 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 150045696 bytes
->Flash cache emptied: 940 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 70 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 409.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 01222015_232204

Files\Folders moved on Reboot...
C:\Users\brianboyns\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\brianboyns\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8S1ZP3CT\dinpro-medium-webfont[1].eot moved successfully.
C:\Users\brianboyns\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6599278W\PIE[1].htc moved successfully.
C:\Users\brianboyns\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6599278W\us[1].htm moved successfully.
File move failed. C:\Users\brianboyns\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
boynsini_13
Regular Member
 
Posts: 79
Joined: January 3rd, 2015, 6:15 am

Re: Bad Virus found on windows 7, losing hard-drive space, H

Unread postby boynsini_13 » January 23rd, 2015, 9:41 pm

D. As of today, I have 8.01 gigabytes of free space left
boynsini_13
Regular Member
 
Posts: 79
Joined: January 3rd, 2015, 6:15 am

Re: Bad Virus found on windows 7, losing hard-drive space, H

Unread postby pgmigg » January 24th, 2015, 3:08 am

Hello Brian,

C. I may have jumped the gun on the OTL scan..... It took a long time to run (12 hours) and come up with the log. When i just got home at 5:30pm, everything was back to normal and the log popped up:
I am glad to read it. :)

Sorry for such delay but I still investigate and research your logs. I will return back here with next set of steps when I finished.

I tend to think that the reason for the loss of your hard drive free space is not related to infections - most likely it is a problem of backups or similar issues.

Thanks for your patience,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Bad Virus found on windows 7, losing hard-drive space, H

Unread postby pgmigg » January 24th, 2015, 5:30 pm

Hello Brian,

I would like uninstall a few application temporary - you can return them back when we finished if you will need them. it is possible that you will not see all of them in my list of removals - simply skip not existed names.

Step 1.
Remove Program(s)
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Copy and paste the value below without into the open text entry box:
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
     appwiz.cpl 
    and press Enter - the Unistall or change a program list will be opened.
  3. Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:
    Backup Manager Advance
    Memeo AutoSync
    Memeo Instant Backup
    Memeo Send
    Memeo Share
    WD Drive Utilities
    WD Security
  4. Take extra care in answering questions posted by any Uninstaller.
  5. When the program(s) have been uninstalled, please close Control Panel.

Then I would like to receive recent listings of files to compare it with previous set made couple days ago.

Step 2.
Create Listing of Files
I'd like to see the listings of all files and directories on the questionable hard disk C:
It will be easier and less error prone, if we create a batch file to do this... Please follow these steps:
  1. Copy all text in the quote box (below) to Notepad.
    @echo off
    dir C:\*.* /A:H /S /R /Q > "%userprofile%\desktop\CDiskList-H-New.txt"
    dir C:\*.* /S /R /Q > "%userprofile%\desktop\CDiskListAll-New.txt"
    Del %0
  2. Save the Notepad file on your desktop as CDiskLists.bat... save type as "All Files"
    Image
    EDiskLists.bat <<------------- you should see this on your Desktop.
  3. Double click on EDiskLists.bat to execute it.
    A black CMD window will open, then disappear in a while - this is normal. The CDiskLists.bat file will be deleted.
  4. The two files, CDiskList-H-New.txt and CDiskListAll-New.txt will appear on your desktop.
  5. Please compress both files in two separate ZIP or RAR archive files.
  6. Upload both of compressed file to http://www.zippyshare.com/ and then post a links to it.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Links to uploaded compressed CDiskList-H-New.txt and CDiskListAll-New.txt files via zippyshare.
  3. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Bad Virus found on windows 7, losing hard-drive space, H

Unread postby boynsini_13 » January 24th, 2015, 10:07 pm

A. No Problems

B. EDiskList.bat didn't show up on desktop or the search option

C. Double clicked the Cdisklist you had me made and will submit that log when it's done
boynsini_13
Regular Member
 
Posts: 79
Joined: January 3rd, 2015, 6:15 am

Re: Bad Virus found on windows 7, losing hard-drive space, H

Unread postby boynsini_13 » January 24th, 2015, 10:13 pm

Zippyshare Links:

CDiskList-H-new.txt link: http://www64.zippyshare.com/v/CHoy54Wv/file.html

CDiskListAll-New.txt link: http://www64.zippyshare.com/v/pQizcbWw/file.html
boynsini_13
Regular Member
 
Posts: 79
Joined: January 3rd, 2015, 6:15 am

Re: Bad Virus found on windows 7, losing hard-drive space, H

Unread postby boynsini_13 » January 24th, 2015, 10:15 pm

D. Only changes are now hard-drive at 5.68 gigs free, don't think this is helping
boynsini_13
Regular Member
 
Posts: 79
Joined: January 3rd, 2015, 6:15 am

Re: Bad Virus found on windows 7, losing hard-drive space, H

Unread postby boynsini_13 » January 24th, 2015, 10:16 pm

I noticed a bunch of virus files in a previous log, were those overlooked or do you have a master plan?
boynsini_13
Regular Member
 
Posts: 79
Joined: January 3rd, 2015, 6:15 am

Re: Bad Virus found on windows 7, losing hard-drive space, H

Unread postby boynsini_13 » January 24th, 2015, 11:59 pm

Update, deleted a couple folders that I've backed up (to buy us some time). Current Gigabyte free space is at 315 gigs free
boynsini_13
Regular Member
 
Posts: 79
Joined: January 3rd, 2015, 6:15 am

Re: Bad Virus found on windows 7, losing hard-drive space, H

Unread postby pgmigg » January 25th, 2015, 12:05 am

Hello Brian,

I noticed a bunch of virus files in a previous log, were those overlooked or do you have a master plan?
Could you please show me some examples?

Update, deleted a couple folders that I've backed up (to buy us some time). Current Gigabyte free space is at 315 gigs free
Nice! :D
It is exactly what I thought...

It looks like you made your backups on the same drive - am I right?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Bad Virus found on windows 7, losing hard-drive space, H

Unread postby boynsini_13 » January 25th, 2015, 1:56 am

I backed up my large movie, music, business documents, and other misc. files onto an external hard-drive to answer your second question. To answer your first, the virus files I saw (files ending with the ".vir" suffix) were located in the original CDiskListAll.txt File I submitted to you. I've copied and pasted a section for you below (I realize that these files are listed under a "quarantined" subfolder, but I'm not confident"):


Directory of C:\AdwCleaner\Quarantine\C\Program Files (x86)\Application Updater

01/19/2015 06:37 PM <DIR> BUILTIN\Administrators .
01/19/2015 06:37 PM <DIR> BUILTIN\Administrators ..
08/31/2013 09:17 AM 85 NT AUTHORITY\SYSTEM config.ini.vir
1 File(s) 85 bytes

Directory of C:\AdwCleaner\Quarantine\C\Program Files (x86)\Free Ride Games

01/19/2015 06:37 PM <DIR> BUILTIN\Administrators .
01/19/2015 06:37 PM <DIR> BUILTIN\Administrators ..
01/12/2011 04:38 PM 640,512 BUILTIN\Administrators AppLoader2KEx.dll.vir
11/22/2010 09:05 AM 58,880 BUILTIN\Administrators AX32.dll.vir
12/24/2002 08:47 PM 395 BUILTIN\Administrators ClientSettings.ini.vir
05/18/2011 05:34 PM 188,416 BUILTIN\Administrators cmhelper.exe.vir
01/25/2005 04:24 PM 139,264 BUILTIN\Administrators DoDlg.exe.vir
11/08/2011 12:46 AM 3,219 BUILTIN\Administrators ExentComponents.ini.vir
06/22/2011 10:00 AM 548,924 BUILTIN\Administrators exs.dll.vir
11/08/2011 12:46 AM 1,187 BUILTIN\Administrators exs.ini.vir
07/07/2010 02:01 PM 17,542 BUILTIN\Administrators FRGN.ico.vir
06/22/2011 10:32 AM 1,438,136 BUILTIN\Administrators GameInst.dll.vir
06/22/2011 10:32 AM 254,392 BUILTIN\Administrators GameLauncher.exe.vir
09/03/2009 12:01 PM 104,448 BUILTIN\Administrators glutil.dll.vir
06/22/2011 10:32 AM 4,837,808 BUILTIN\Administrators GPlayer.exe.vir
06/22/2011 10:33 AM 631,224 BUILTIN\Administrators GPlrLanc.exe.vir
01/19/2015 06:37 PM <DIR> BUILTIN\Administrators IGL
01/19/2015 06:37 PM <DIR> BUILTIN\Administrators Info
01/25/2010 07:10 PM 13,095 BUILTIN\Administrators license.txt.vir
07/26/2010 11:55 AM 51,609 BUILTIN\Administrators myGames.ico.vir
12/27/2009 01:52 PM 260,912 BUILTIN\Administrators npExentCtl.dll.vir
11/08/2011 12:46 AM 312 BUILTIN\Administrators ProviderComponents.ini.vir
06/22/2011 10:32 AM 790,960 BUILTIN\Administrators Report.exe.vir
11/08/2011 12:46 AM 368 BUILTIN\Administrators report.ini.vir
01/19/2015 06:37 PM <DIR> BUILTIN\Administrators Skins
10/14/2008 11:34 PM 53,248 BUILTIN\Administrators Uninstall.exe.vir
03/10/2011 10:00 AM 561,768 BUILTIN\Administrators X5Ex.sys.vir
11/22/2010 09:25 AM 55,400 BUILTIN\Administrators X5XSEx.sys.vir
23 File(s) 10,652,019 bytes

Directory of C:\AdwCleaner\Quarantine\C\Program Files (x86)\Free Ride Games\IGL

01/19/2015 06:37 PM <DIR> BUILTIN\Administrators .
01/19/2015 06:37 PM <DIR> BUILTIN\Administrators ..
01/19/2015 06:37 PM <DIR> BUILTIN\Administrators 2000119
01/19/2015 06:37 PM <DIR> BUILTIN\Administrators 7001402
01/19/2015 06:37 PM <DIR> BUILTIN\Administrators 8000200
0 File(s) 0 bytes

Directory of C:\AdwCleaner\Quarantine\C\Program Files (x86)\Free Ride Games\IGL\2000119

01/19/2015 06:37 PM <DIR> BUILTIN\Administrators .
01/19/2015 06:37 PM <DIR> BUILTIN\Administrators ..
11/08/2011 05:59 PM 4,057 brianboyns-PC\brianboyn654250_GameInfo.xml.vir
11/08/2011 05:59 PM 338 brianboyns-PC\brianboynComponentMgrConfig.xml.vir
06/16/2009 07:47 AM 5,333 brianboyns-PC\brianboynconnect_bottom.gif.vir
10/11/2007 02:49 AM 162 brianboyns-PC\brianboynconnect_bottom.html.vir
06/16/2009 07:42 AM 682 brianboyns-PC\brianboynconnect_left.gif.vir
10/11/2007 03:01 AM 160 brianboyns-PC\brianboynconnect_left.html.vir
06/16/2009 07:43 AM 682 brianboyns-PC\brianboynconnect_right.gif.vir
10/11/2007 03:01 AM 161 brianboyns-PC\brianboynconnect_right.html.vir
06/16/2009 07:43 AM 631 brianboyns-PC\brianboynconnect_top.gif.vir
10/11/2007 03:01 AM 159 brianboyns-PC\brianboynconnect_top.html.vir
06/16/2009 07:43 AM 631 brianboyns-PC\brianboyndefault_bottom.gif.vir
01/22/2008 02:32 AM 162 brianboyns-PC\brianboyndefault_bottom.html.vir
06/16/2009 07:43 AM 682 brianboyns-PC\brianboyndefault_left.gif.vir
01/22/2008 02:33 AM 160 brianboyns-PC\brianboyndefault_left.html.vir
06/16/2009 07:43 AM 682 brianboyns-PC\brianboyndefault_right.gif.vir
01/22/2008 02:33 AM 161 brianboyns-PC\brianboyndefault_right.html.vir
06/16/2009 07:43 AM 631 brianboyns-PC\brianboyndefault_top.gif.vir
01/22/2008 02:31 AM 159 brianboyns-PC\brianboyndefault_top.html.vir
11/08/2011 05:59 PM 804 brianboyns-PC\brianboynGF.env.vir
08/09/2010 07:23 AM 692,344 brianboyns-PC\brianboynGFComponent.dll.vir
08/09/2010 07:23 AM 446,584 brianboyns-PC\brianboynIGH1.dll.vir
08/09/2010 07:23 AM 622,712 brianboyns-PC\brianboynIGH2.dll.vir
08/09/2010 07:23 AM 471,160 brianboyns-PC\brianboynIGH3.dll.vir
08/09/2010 07:23 AM 565,368 brianboyns-PC\brianboynIGL.dll.vir
11/08/2011 05:59 PM 146 brianboyns-PC\brianboynIGL.ini.vir
06/16/2009 07:57 AM 493,292 brianboyns-PC\brianboyntemp_bottom.dds.vir
06/16/2009 07:55 AM 565,328 brianboyns-PC\brianboyntemp_left.dds.vir
06/16/2009 07:55 AM 565,328 brianboyns-PC\brianboyntemp_right.dds.vir
06/16/2009 07:55 AM 493,292 brianboyns-PC\brianboyntemp_top.dds.vir
29 File(s) 4,931,991 bytes

Directory of C:\AdwCleaner\Quarantine\C\Program Files (x86)\Free Ride Games\IGL\7001402

01/19/2015 06:37 PM <DIR> BUILTIN\Administrators .
01/19/2015 06:37 PM <DIR> BUILTIN\Administrators ..
10/16/2007 03:32 AM 338 brianboyns-PC\brianboynComponentMgrConfig.xml.vir
06/16/2009 07:47 AM 5,333 brianboyns-PC\brianboynconnect_bottom.gif.vir
10/11/2007 02:49 AM 162 brianboyns-PC\brianboynconnect_bottom.html.vir
06/16/2009 07:42 AM 682 brianboyns-PC\brianboynconnect_left.gif.vir
10/11/2007 03:01 AM 160 brianboyns-PC\brianboynconnect_left.html.vir
06/16/2009 07:43 AM 682 brianboyns-PC\brianboynconnect_right.gif.vir
10/11/2007 03:01 AM 161 brianboyns-PC\brianboynconnect_right.html.vir
06/16/2009 07:43 AM 631 brianboyns-PC\brianboynconnect_top.gif.vir
10/11/2007 03:01 AM 159 brianboyns-PC\brianboynconnect_top.html.vir
06/16/2009 07:43 AM 631 brianboyns-PC\brianboyndefault_bottom.gif.vir
01/22/2008 02:32 AM 162 brianboyns-PC\brianboyndefault_bottom.html.vir
06/16/2009 07:43 AM 682 brianboyns-PC\brianboyndefault_left.gif.vir
01/22/2008 02:33 AM 160 brianboyns-PC\brianboyndefault_left.html.vir
06/16/2009 07:43 AM 682 brianboyns-PC\brianboyndefault_right.gif.vir
01/22/2008 02:33 AM 161 brianboyns-PC\brianboyndefault_right.html.vir
06/16/2009 07:43 AM 631 brianboyns-PC\brianboyndefault_top.gif.vir
01/22/2008 02:31 AM 159 brianboyns-PC\brianboyndefault_top.html.vir
12/27/2010 09:12 AM 1,102,456 brianboyns-PC\brianboynGFComponent.dll.vir
12/27/2010 09:12 AM 255,608 brianboyns-PC\brianboynIGH1.dll.vir
12/27/2010 09:12 AM 638,072 brianboyns-PC\brianboynIGH2.dll.vir
12/27/2010 09:12 AM 478,840 brianboyns-PC\brianboynIGH3.dll.vir
12/27/2010 09:12 AM 649,848 brianboyns-PC\brianboynIGL.dll.vir
10/16/2007 07:46 AM 46 brianboyns-PC\brianboynIGL.ini.vir
12/27/2010 09:12 AM 112,248 brianboyns-PC\brianboynISH1.dll.vir
01/19/2015 06:37 PM <DIR> BUILTIN\Administrators resources
06/16/2009 07:57 AM 493,292 brianboyns-PC\brianboyntemp_bottom.dds.vir
06/16/2009 07:55 AM 565,328 brianboyns-PC\brianboyntemp_left.dds.vir
06/16/2009 07:55 AM 565,328 brianboyns-PC\brianboyntemp_right.dds.vir
06/16/2009 07:55 AM 493,292 brianboyns-PC\brianboyntemp_top.dds.vir
28 File(s) 5,365,934 bytes
boynsini_13
Regular Member
 
Posts: 79
Joined: January 3rd, 2015, 6:15 am

Re: Bad Virus found on windows 7, losing hard-drive space, H

Unread postby boynsini_13 » January 25th, 2015, 3:38 am

at this point, would you advise against wiping the hard-drive and starting over fresh?
boynsini_13
Regular Member
 
Posts: 79
Joined: January 3rd, 2015, 6:15 am

Re: Bad Virus found on windows 7, losing hard-drive space, H

Unread postby pgmigg » January 25th, 2015, 3:20 pm

Hello Brian,

at this point, would you advise against wiping the hard-drive and starting over fresh?
At this point, I am going to finish cleanup and treatment of your computer.

As for those files that you thought viruses, I want to draw your attention to the fact that all such files with extension .vir or similar were found under \Quarantine directory. This is the way used by many cleaning tools that during deleting files does not destroy them physically, but rename, compress, and move into special folders, so they can be restored if it needed. Further, there are procedures to clean up such files and folders.

Step 1.
Turn Off Windows Backup
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Copy and paste the value below without into the open text entry box:
    ( Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
     Backup and Restore 
    and press Enter - the Backup and Restore panel will be opened.
  3. On the left up corner you may see Turn off schedule . If it is here please click on it - it may take a few seconds to turn off.
  4. Then please close Control Panel.

Step 2.
Set System Restore Disk Usage
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Copy and paste the value below without into the open text entry box:
    ( Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    SystemPropertiesProtection.exe 
    and press Enter - the System Properties panel will be opened.
  3. Click on Configure button.
  4. If the Max usage slider is set to higher than 4 percent, slide it to the left to approximately the 4% point.
  5. Then click OK and OK again to close System Properties.

Step 3.
SystemLook
Please download SystemLook_x64.exe by jpshortstuff and save it to your Desktop.
  1. Right click on SystemLook_x64.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries: into SystemLook's main text entry window.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :filefind
    *brianboyns-PC*
    *dts.search*
    *IObit*
    *securedsearch*
    *SparkTrust*
    
    :folderfind
    *brianboyns-PC*
    *dts.search*
    *IObit*
    *securedsearch*
    *SparkTrust*
    
    :Regfind
    brianboyns-PC
    dts.search
    IObit
    securedsearch
    SparkTrust
    
  3. Press the Look button to start the scan. Please be patient - it may take a while...
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the SystemLook.txt log file
  3. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 108 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware