Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware/Virus suspected

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Malware/Virus suspected

Unread postby maranatha-lord » June 30th, 2015, 4:19 pm

Just tried to run the system look up thing and it wont get past a certain point where the system says something about a corrupt file. I cant get the exact message but its in this directory:

c:\windows\winsxs

Asking to run the chkdsk
maranatha-lord
Regular Member
 
Posts: 27
Joined: June 28th, 2015, 12:17 pm
Advertisement
Register to Remove

Re: Malware/Virus suspected

Unread postby pgmigg » June 30th, 2015, 4:45 pm

Hello maranatha-lord,

c:\windows\winsxs

Asking to run the chkdsk
It is Windows component store system directory is used during servicing operations within Windows installations and updates.

Please stop trying to run SystemLook and do the following:

Step 1.
System File Checker
  1. Please open the Start Menu, type cmd in the search box, right click on cmd.exe (at top), and click on "Run as administrator...". The elevated command prompt opens to C:\Windows\System32>
  2. In the elevated command prompt, type sfc /scannow, then press Enter. Please be patience - it may take a while...
  3. Wait for the prompt. When the scan is complete, copy and paste the command below, and press Enter.
    Code: Select all
    findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfc-scannow.txt"

    This will place a sfc-scannow.txt file on your Desktop
  4. Close the elevated command prompt.
  5. Open the sfc-scannow.txt file on your Desktop by Notepad.
  6. Please copy and paste the contents of the sfc-scannow.txt file in your next reply.

Step 2.
Check Hard Disk For Errors
  1. Please open the Start Menu, type cmd in the search box, right click on cmd.exe (at top), and click on "Run as administrator...". The elevated command prompt opens to C:\Windows\System32>
  2. In the elevated command prompt, copy and paste the command below, and press Enter.
    Code: Select all
     chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt" 
  3. Please be patience - it may take a while...
  4. Wait for the prompt. When the scan is complete, a file icon named checkhd.txt should appear on your Desktop.
  5. Close the elevated command prompt window.
  6. Find and open the checkhd.txt file by Notepad.
  7. Please copy and paste the contents of the checkhd.txt file in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of sfc-scannow file
  3. Contents of checkhd.txt file
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3175
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Malware/Virus suspected

Unread postby maranatha-lord » July 1st, 2015, 4:43 pm

a) First problem/issue to note is that Malwarebytes popped up saying it had blocked a site - I didnt catch the name but it was like 888.com or something?

Just going through the scans now
maranatha-lord
Regular Member
 
Posts: 27
Joined: June 28th, 2015, 12:17 pm

Re: Malware/Virus suspected

Unread postby maranatha-lord » July 1st, 2015, 4:43 pm

a) First problem/issue to note is that Malwarebytes popped up saying it had blocked a site - I didnt catch the name but it was like 888.com or something?

Just going through the scans now
maranatha-lord
Regular Member
 
Posts: 27
Joined: June 28th, 2015, 12:17 pm

Re: Malware/Virus suspected

Unread postby maranatha-lord » July 1st, 2015, 4:55 pm

CBS log is 1104396 chars and it wont let me attach!
maranatha-lord
Regular Member
 
Posts: 27
Joined: June 28th, 2015, 12:17 pm

Re: Malware/Virus suspected

Unread postby pgmigg » July 1st, 2015, 6:25 pm

Hello maranatha-lord,

First problem/issue to note is that Malwarebytes popped up saying it had blocked a site - I didnt catch the name but it was like 888.com or something?
When anti-virus or anti-malware program blocked some-thing, at least it means that the program is working properly and you made a good choice when selected and installed it! :) There are a lot of web sites that marked as dangerous by many reasons. So lets MBAM to continue...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3175
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Malware/Virus suspected

Unread postby pgmigg » July 1st, 2015, 6:42 pm

Hello maranatha-lord,

CBS log is 1104396 chars and it wont let me attach!
Could you please ZIP it?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3175
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Malware/Virus suspected

Unread postby maranatha-lord » July 2nd, 2015, 3:45 pm

ATTACHED
You do not have the required permissions to view the files attached to this post.
maranatha-lord
Regular Member
 
Posts: 27
Joined: June 28th, 2015, 12:17 pm

Re: Malware/Virus suspected

Unread postby maranatha-lord » July 2nd, 2015, 4:34 pm

Step 2 didnt do anything?!? No txt file or message etc produced?
maranatha-lord
Regular Member
 
Posts: 27
Joined: June 28th, 2015, 12:17 pm

Re: Malware/Virus suspected

Unread postby pgmigg » July 2nd, 2015, 5:09 pm

Hello maranatha-lord,

ATTACHED
Thank you! Good job! :D

Step 2 didnt do anything?!? No txt file or message etc produced?
It is possible, especially in case when chkdsk did not find errors. On the other hand, I would like to draw your attention to the fact that the computer is in an advanced age, and the hard drive has begun to fail. Maybe it is time to think about replacing the computer with a more modern one?

Please run SystemLook scan one more time:

Step 1.
SystemLook
You should still have SystemLook.exe on your desktop.
  1. Right click on SystemLook.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries: into SystemLook's main text entry window.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :filefind
    *AskToolbar*
    *Ask.com*
    *Bandoo*
    *Babylon*
    *borgata*
    *Cheat*
    *Conduit*
    *Coupons*
    *Enigma*
    *searchab*
    *Fun4IM*
    *Funmoods*
    *Hoyle*
    *iLivid*
    *MyPC*
    *Iminent*
    *Poker*
    *Realms*
    *Searchqu*
    *Searchnu*
    *Slick*
    *smartbar*
    *Somoto*
    *Sweet*
    *Tarma*
    *trolltech*
    *systweak*
    *vshare*
    *whitesmoke*
    *YahooPartnerToolbar*
    *Yontoo*
    
    :folderfind
    *AskToolbar*
    *Ask.com*
    *Babylon*
    *Bandoo*
    *borgata*
    *Cheat*
    *Conduit*
    *Coupons*
    *Enigma*
    *searchab*
    *smartbar*
    *Fun4IM*
    *Funmoods*
    *Hoyle*
    *iLivid*
    *MyPC*
    *Iminent*
    *Poker*
    *Realms*
    *Searchqu*
    *Searchnu*
    *Slick*
    *smartbar*
    *Somoto*
    *Sweet*
    *Tarma*
    *trolltech*
    *systweak*
    *vshare*
    *whitesmoke*
    *YahooPartnerToolbar*
    *Yontoo*
    
    :Regfind
    AskToolbar
    Ask.com
    Babylon
    Bandoo
    borgata
    Cheat
    Conduit
    Coupons
    Enigma
    searchab
    Fun4IM
    Funmoods
    Hoyle
    iLivid
    MyPC
    Iminent
    Poker
    Realms
    Searchqu
    Searchnu
    Slick
    smartbar
    Somoto
    Sweetpack
    Tarma
    trolltech
    systweak
    vshare
    whitesmoke
    YahooPartnerToolbar
    Yontoo
    
  3. Press the Look button to start the scan. The scan will take a while (even more than hour), so please be patient...
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the SystemLook.txt log file
  3. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3175
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Malware/Virus suspected

Unread postby maranatha-lord » July 6th, 2015, 6:40 am

SystemLook 30.07.11 by jpshortstuff
Log created at 10:31 on 06/07/2015 by User 1
Administrator - Elevation successful

========== filefind ==========

Searching for "*AskToolbar*"
No files found.

Searching for "*Ask.com*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Babylon*"
No files found.

Searching for "*borgata*"
No files found.

Searching for "*Cheat*"
No files found.

Searching for "*Conduit*"
C:\AdwCleaner\Quarantine\C\Users\User 1\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1500512_1495993_UK.xml.vir --a---- 198 bytes [14:24 27/03/2012] [10:47 02/04/2012] 1B9BD67B4B5E4291138AF9547F712F9A

Searching for "*Coupons*"
No files found.

Searching for "*Enigma*"
No files found.

Searching for "*searchab*"
No files found.

Searching for "*Fun4IM*"
No files found.

Searching for "*Funmoods*"
No files found.

Searching for "*Hoyle*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*MyPC*"
C:\Users\User 1\SyncFolder\MyPC Backup Quick Start Guide.pdf --a---- 890103 bytes [13:52 30/04/2014] [13:52 30/04/2014] 8861D62E0BDFDF8BF1466FC5F5306725

Searching for "*Iminent*"
No files found.

Searching for "*Poker*"
No files found.

Searching for "*Realms*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Slick*"
No files found.

Searching for "*smartbar*"
No files found.

Searching for "*Somoto*"
No files found.

Searching for "*Sweet*"
No files found.

Searching for "*Tarma*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*systweak*"
No files found.

Searching for "*vshare*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*YahooPartnerToolbar*"
No files found.

Searching for "*Yontoo*"
No files found.

========== folderfind ==========

Searching for "*AskToolbar*"
No folders found.

Searching for "*Ask.com*"
No folders found.

Searching for "*Babylon*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*borgata*"
No folders found.

Searching for "*Cheat*"
No folders found.

Searching for "*Conduit*"
C:\AdwCleaner\Quarantine\C\Users\User 1\AppData\LocalLow\Conduit d------ [22:10 29/06/2015]

Searching for "*Coupons*"
No folders found.

Searching for "*Enigma*"
No folders found.

Searching for "*searchab*"
No folders found.

Searching for "*smartbar*"
No folders found.

Searching for "*Fun4IM*"
No folders found.

Searching for "*Funmoods*"
No folders found.

Searching for "*Hoyle*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*MyPC*"
No folders found.

Searching for "*Iminent*"
No folders found.

Searching for "*Poker*"
No folders found.

Searching for "*Realms*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Slick*"
No folders found.

Searching for "*smartbar*"
No folders found.

Searching for "*Somoto*"
No folders found.

Searching for "*Sweet*"
No folders found.

Searching for "*Tarma*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*systweak*"
No folders found.

Searching for "*vshare*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*YahooPartnerToolbar*"
No folders found.

Searching for "*Yontoo*"
No folders found.

========== Regfind ==========

Searching for "AskToolbar"
No data found.

Searching for "Ask.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"

Searching for "Babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

Searching for "Bandoo"
No data found.

Searching for "borgata"
No data found.

Searching for "Cheat"
No data found.

Searching for "Conduit"
No data found.

Searching for "Coupons"
No data found.

Searching for "Enigma"
No data found.

Searching for "searchab"
No data found.

Searching for "Fun4IM"
No data found.

Searching for "Funmoods"
No data found.

Searching for "Hoyle"
No data found.

Searching for "iLivid"
No data found.

Searching for "MyPC"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0C1BA031-45EB-357E-8F55-2E6136D10FBF}\1.0.0.0]
"CodeBase"="file:///C:/Program Files/MyPC Backup/MPCBIconOverlays.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{1BFC7AFE-20FE-3F30-B10A-DF4A3EA990AC}\1.0.0.0]
"CodeBase"="file:///C:/Program Files/MyPC Backup/MPCBIconOverlays.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{24E12496-D29C-35E3-AD0F-1D66AD4C2493}\1.0.0.0]
"CodeBase"="file:///C:/Program Files/MyPC Backup/MPCBIconOverlays.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{267658E0-FF47-3CAC-B955-33221CF791F4}\1.0.0.0]
"CodeBase"="file:///C:/Program Files/MyPC Backup/MPCBIconOverlays.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{464FA238-2CEC-34AC-B096-0FEF5A4923AC}\1.0.0.0]
"CodeBase"="file:///C:/Program Files/MyPC Backup/MPCBIconOverlays.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{4765A3E5-EF39-32FC-8783-71D68E0A7CD6}\1.0.0.0]
"CodeBase"="file:///C:/Program Files/MyPC Backup/MPCBIconOverlays.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{49312164-AD83-3495-8EBD-26ED739785C0}\1.0.0.0]
"CodeBase"="file:///C:/Program Files/MyPC Backup/MPCBIconOverlays.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{77BA8C2B-C6E5-3F52-8B5B-1D508D998292}\1.0.0.0]
"CodeBase"="file:///C:/Program Files/MyPC Backup/MPCBIconOverlays.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{790C6E53-66B5-3F63-8EBB-2C18D25450AA}\1.0.0.0]
"CodeBase"="file:///C:/Program Files/MyPC Backup/MPCBIconOverlays.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{9ACB4E3B-01B0-3F8F-A0CF-08105106E5DA}\1.0.0.0]
"CodeBase"="file:///C:/Program Files/MyPC Backup/MPCBIconOverlays.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{B9FDE49C-D747-3D2C-A15B-7C7E0BA3BB35}\1.0.0.0]
"CodeBase"="file:///C:/Program Files/MyPC Backup/MPCBIconOverlays.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{E3C414FA-7C5D-3F3C-BDD5-A7791B9D1C38}\1.0.0.0]
"CodeBase"="file:///C:/Program Files/MyPC Backup/MPCBIconOverlays.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{EE7421D0-07AC-3EEE-B17B-D014197230FC}\1.0.0.0]
"CodeBase"="file:///C:/Program Files/MyPC Backup/MPCBIconOverlays.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{FB211F2C-15DB-3945-AD45-1E6AD697DD95}\1.0.0.0]
"CodeBase"="file:///C:/Program Files/MyPC Backup/MPCBIconOverlays.DLL"

Searching for "Iminent"
maranatha-lord
Regular Member
 
Posts: 27
Joined: June 28th, 2015, 12:17 pm

Re: Malware/Virus suspected

Unread postby pgmigg » July 6th, 2015, 1:32 pm

Hello maranatha-lord,

Unfortunately :( , you posted approximately 2/3 of the SystemLook.txt log file - please find the line were the log was interrupted and post the rest in your next replay. Or post the entire log again.

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3175
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Malware/Virus suspected

Unread postby maranatha-lord » July 6th, 2015, 3:42 pm

Sorry about that. Just checked the log file and that's all there was? I'll scan again ...
maranatha-lord
Regular Member
 
Posts: 27
Joined: June 28th, 2015, 12:17 pm

Re: Malware/Virus suspected

Unread postby maranatha-lord » July 6th, 2015, 4:18 pm

OK - just did the scan again and it produced the same thing? Like it is being terminated before fulfilling the scan and therefore the output is truncated ...
maranatha-lord
Regular Member
 
Posts: 27
Joined: June 28th, 2015, 12:17 pm

Re: Malware/Virus suspected

Unread postby pgmigg » July 6th, 2015, 4:54 pm

Hello maranatha-lord,

OK - just did the scan again and it produced the same thing? Like it is being terminated before fulfilling the scan and therefore the output is truncated ...
Are you sure that it was most recent log?
You can check it by the second line of header of log, which contains time and date:

Log created at 10:31 on 06/07/2015 by User 1


Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3175
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 37 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware