Solved Bad image error everytime I open a program

June 24, 2016 at 20:26:13
Specs: Windows 7
C:\ProgamData\Quoteex\Geodex.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support" Error status 0xc00012F.

Whatever I do, this opens all the time, now I know i got viruses, malwarebytes and avast cant detect alot of them, some of them say ''access denied'' Really need help here!


See More: Bad image error everytime I open a program

Report •


#1
June 24, 2016 at 20:40:45
"I know i got viruses, malwarebytes and avast cant detect alot of them"
Copy & Paste the contents of the logs in your reply please.

Report •

#2
June 24, 2016 at 20:44:18
✔ Best Answer
After you post the logs, here are the next steps, assuming they will run.
If they don't, no problem, we will have to get around that issue.

Here are the first 2 steps, more steps will be needed, after I see the results of these logs.

Run them in this order.

Step 1: Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.raymond.cc/blog/adwclean...
http://www.bleepingcomputer.com/dow...
Author's site
http://general-changelog-team.fr/en...
Tutorial
http://general-changelog-team.fr/en...
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click Scan
In the results tabs, uncheck anything you don't want to remove.
Click on Cleaning.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please Copy & Paste the contents of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[C1 or later].txt as well.
http://i.imgur.com/r3PoAEG.gif

Step 2: Run Malwarebytes Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.bleepingcomputer.com/dow...
http://thisisudax.org/
http://thisisudax.blogspot.com.au/2...
Download Malwarebytes Junkware Removal Tool onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved onto your Desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.

message edited by Johnw


Report •

#3
June 24, 2016 at 20:52:43
# AdwCleaner v5.033 - Logfile created 08/02/2016 at 17:07:44
# Updated 07/02/2016 by Xplode
# Database : 2016-02-07.2 [Server]
# Operating system : Windows 10 Pro (x64)
# Username : 2014 - VENOM
# Running from : C:\Users\2014\Downloads\adwcleaner_5.033 (1).exe
# Option : Cleaning
# Support : hxxp://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\AppendMonitor
[-] Folder Deleted : C:\Users\2014\AppData\Local\Google\Chrome\User Data\Default\Extensions\poohjpljfecljomfhhimjhddddlidhdd
[-] Folder Deleted : C:\Users\2014\AppData\Local\Temp\ext

***** [ Files ] *****

[-] File Deleted : C:\Users\2014\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kmbcoebcjaiiejopnadjlknjhifadnlg

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [Go HD-bg.exe]
[-] Key Deleted : HKLM\SOFTWARE\204a7ea5-c722-2a28-af7e-99d44bbb1450
[-] Key Deleted : HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : HKCU\Software\WEBAPP
[-] Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
[-] Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKU\S-1-5-21-3570303574-1270954355-4073297477-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\WEBAPP
[-] Key Deleted : HKU\S-1-5-21-3570303574-1270954355-4073297477-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKU\S-1-5-21-3570303574-1270954355-4073297477-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\default-search.net

***** [ Web browsers ] *****

[-] [C:\Users\2014\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\2014\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\2014\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : websearch

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5251 bytes] ##########
# AdwCleaner v5.200 - Logfile created 24/06/2016 at 21:24:42
# Updated 14/06/2016 by ToolsLib
# Database : 2016-06-23.1 [Server]
# Operating system : Windows 10 Pro (X64)
# Username : Venom 2016 - VENOM
# Running from : C:\Users\2014\Downloads\adwcleaner_5.200.exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : RelevantKnowledge
[-] Service Deleted : CloudPrinter
[-] Service Deleted : ProntSpooler
[-] Service Deleted : Scheduler
[-] Service Deleted : Helper
[-] Service Deleted : backlh

***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\CloudPrinter
[-] Folder Deleted : C:\ProgramData\Logic Handler
[-] Folder Deleted : C:\ProgramData\784cff71-1e21-1
[-] Folder Deleted : C:\ProgramData\784cff71-59c1-0
[#] Folder Deleted : C:\ProgramData\Application Data\CloudPrinter
[#] Folder Deleted : C:\ProgramData\Application Data\Logic Handler
[#] Folder Deleted : C:\ProgramData\Application Data\784cff71-1e21-1
[#] Folder Deleted : C:\ProgramData\Application Data\784cff71-59c1-0
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Youtube Downloader
[-] Folder Deleted : C:\Program Files (x86)\RelevantKnowledge
[-] Folder Deleted : C:\Program Files (x86)\Free Youtube Downloader
[-] Folder Deleted : C:\Program Files (x86)\Hostify
[-] Folder Deleted : C:\Program Files (x86)\SoftUpgrade
[-] Folder Deleted : C:\Program Files (x86)\WeatherChickn
[-] Folder Deleted : C:\Program Files (x86)\Windriver
[-] Folder Deleted : C:\Program Files (x86)\Sysdriver
[-] Folder Deleted : C:\Program Files (x86)\comoBoss
[-] Folder Deleted : C:\Program Files (x86)\MusicManager
[-] Folder Deleted : C:\Program Files (x86)\PDFDEFAULT
[-] Folder Deleted : C:\Program Files (x86)\EXstraaCCoeupOOn
[-] Folder Deleted : C:\Users\2014\AppData\Local\Temp\ext
[-] Folder Deleted : C:\Users\2014\AppData\Local\Temp\MAXDriverUpdater
[-] Folder Deleted : C:\Users\2014\AppData\Local\Free Youtube Downloader
[-] Folder Deleted : C:\Users\2014\AppData\Local\FASTExtensions
[-] Folder Deleted : C:\Users\2014\AppData\Local\QuickCleaner
[-] Folder Deleted : C:\Users\2014\AppData\Local\WINTUNEPRO
[-] Folder Deleted : C:\Users\2014\AppData\Local\csdi_monetize_220160624
[-] Folder Deleted : C:\Users\2014\AppData\Roaming\YSPackage
[-] Folder Deleted : C:\Users\2014\AppData\Roaming\QuickCleaner
[-] Folder Deleted : C:\Users\2014\AppData\Roaming\How Inc
[-] Folder Deleted : C:\Users\2014\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence
[-] Folder Deleted : C:\Users\2014\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YSPackage
[-] Folder Deleted : C:\Program Files\Caster

***** [ Files ] *****

[-] File Deleted : C:\Users\Public\Desktop\Free Youtube Downloader.lnk
[-] File Deleted : C:\WINDOWS\AdBlock.exe
[-] File Deleted : C:\WINDOWS\systwin.exe
[-] File Deleted : C:\WINDOWS\SysWOW64\rlls.dll
[-] File Deleted : C:\WINDOWS\SysWOW64\findit.xml
[-] File Deleted : C:\Users\2014\AppData\Local\Temp\Utils.dll
[-] File Deleted : C:\Users\2014\AppData\Local\Temp\VirusRemover.exe
[-] File Deleted : C:\Users\2014\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free Youtube Downloader.lnk
[-] File Deleted : C:\Users\2014\Desktop\Continue installation .lnk
[-] File Deleted : C:\Users\2014\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pinhfkamckbogjgmbmdkdebbbpnmlaef_0.localstorage
[-] File Deleted : C:\WINDOWS\SysNative\rlls64.dll
[#] File Deleted : C:\WINDOWS\AdBlock.exe

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : SoftUpgrade
[-] Task Deleted : AdBlock
[-] Task Deleted : VirusRemover

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SEARCHSCOPES\IELNKSRCH
[-] Key Deleted : HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
[-] Value Deleted : HKCU\Environment [SNF]
[-] Value Deleted : HKCU\Environment [SNP]
[-] Key Deleted : HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Application Hosting
[-] Key Deleted : HKLM\SOFTWARE\Classes\IePDFDEFAULTPlugin.BHO
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{314cc13e-2027-44ca-838b-546591a01fda}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{314cc13e-2027-44ca-838b-546591a01fda}
[-] Key Deleted : HKCU\Software\PRODUCTSETUP
[-] Key Deleted : HKCU\Software\System Healer
[-] Key Deleted : HKCU\Software\Wizzlabs
[-] Key Deleted : HKCU\Software\csastats
[-] Key Deleted : HKCU\Software\GreenTree Applications\YTD
[-] Key Deleted : HKCU\Software\Neusoftware Music Manager
[-] Key Deleted : HKCU\Software\INSTALLPATH\STATUS
[-] Key Deleted : HKLM\SOFTWARE\MIITS LLC
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D08D9F98-1C78-4704-87E6-368B0023D831}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YSPackage
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WeatherChickn
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\comoBoss_is1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9E02501F-FCC7-4D23-87E4-18F6F727BDD1}_is1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PDFDEFAULT
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C2705BBD-00A4-4056-86C0-ACBAD87B5EDE}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0FFAB04C-C934-4880-83E7-D185F2AA636B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d35e5e88-e5b8-447f-b6f4-66bc7aa638d1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\DBB5072C4A006504680CCAAB8DB7E5ED
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\DBB5072C4A006504680CCAAB8DB7E5ED
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DBB5072C4A006504680CCAAB8DB7E5ED
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{727244A5-EDA6-49CC-B11A-E6CFE449BBB6}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{67BE5873-4F97-4B87-8DD8-1952303568FF}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{0F314504-4156-4787-8363-77A2A03BBF63}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\ApnTBMon
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\mobilegeni daemon
[-] Value Deleted : HKU\S-1-5-21-3570303574-1270954355-4073297477-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [pcspeedup]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce [systwin]
[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Caster]
[#] Value Deleted : HKU\S-1-5-21-3570303574-1270954355-4073297477-1000\Software\Microsoft\Windows\CurrentVersion\Run [Caster]
[-] Value Deleted : HKU\S-1-5-21-3570303574-1270954355-4073297477-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Caster]
[-] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [comoBoss]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce [AdBlock2]
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\ProntSpooler
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Scheduler

***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [13671 bytes] - [08/02/2016 18:07:44]
C:\AdwCleaner\AdwCleaner[S1].txt - [11127 bytes] - [08/02/2016 18:02:45]
C:\AdwCleaner\AdwCleaner[S2].txt - [4956 bytes] - [08/02/2016 18:06:11]
C:\AdwCleaner\AdwCleaner[S3].txt - [830 bytes] - [08/02/2016 18:30:20]
C:\AdwCleaner\AdwCleaner[S4].txt - [829 bytes] - [08/02/2016 18:51:00]
C:\AdwCleaner\AdwCleaner[S5].txt - [698 bytes] - [10/02/2016 18:03:01]
C:\AdwCleaner\AdwCleaner[S6].txt - [694 bytes] - [10/02/2016 18:31:05]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [14180 bytes] ##########


Report •

Related Solutions

#4
June 24, 2016 at 21:10:35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 10 Pro x64
Ran by Venom 2016 (Administrator) on Sat 06/25/2016 at 0:08:06.79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 3

Successfully deleted: C:\ProgramData\Start Menu\Programs\(default) (Folder)
Successfully deleted: C:\Users\2014\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\WINDOWS\prefetch\DRIVERQUERY.EXE-DF9DD6EE.pf (File)

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 06/25/2016 at 0:09:53.11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Report •

#5
June 24, 2016 at 21:10:58
Alright, it's done, what next?

Report •

#6
June 24, 2016 at 21:15:30
We are on the right track.

Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt)
The logs are large, upload them using Zippy ( No account/registration needed ) or upload to a site of your choosing. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif


Report •

#7
Report •

#8
June 24, 2016 at 21:25:19
Give me up to an hour to go through those logs.

I'm here.
http://www.timeanddate.com/worldclo...


Report •

#9
June 24, 2016 at 21:26:14
Lucky for you, its midnight here :P
If i don't respond , I hope its okay

message edited by JackVenom


Report •

#10
June 24, 2016 at 21:35:03
Yep, when your up again is quite Ok.

Report •

#11
June 24, 2016 at 22:06:02
Still up , sleep for the weak

Report •

#12
June 24, 2016 at 22:06:03
Copy & Paste the text in Blue below & save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

CreateRestorePoint:
emptytemp:
closeprocesses:
Hosts:
cmd: netsh winsock reset
cmd: ipconfig /flushdns
Task: {396B9DEA-4155-407D-A90C-7BF2521DE6F5} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {6E1DF63F-3303-489D-89E9-37B679BD95D0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {8A12D9F3-2F8C-4EC0-ACB6-FB99608CA329} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9DD98C67-3549-4C31-8CFC-E4022D679952} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C38A7F7E-A1D4-49F2-AF7D-A58901CB15C9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C4E0AAB8-0C6D-4F4A-A5B0-61C65297C15D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {C8A924A1-0078-46E1-BCFE-CC922C835742} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {CA2DC61A-7EBB-49BD-875D-C464D68CA530} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {CDB48F9A-8E48-4F33-9D67-26CBC94D037F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {D30C6D5F-EB2B-4131-8685-912E8571BD10} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E83F2D7D-0156-432C-B197-C3813BEE7407} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\2014:Heroes & Generals [38]
AlternateDataStreams: C:\Users\2014\MediaFire:mf_x [26]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKU\S-1-5-21-3570303574-1270954355-4073297477-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://arabia.msn.com/?rd=1&ucc=LB&dcc=LB&opt=0&ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3570303574-1270954355-4073297477-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelogx64.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelog.dll [No File]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR StartupUrls: Profile 1 -> "hxxp://www.trovi.com/?gd=&ctid=CT3331213&octid=EB_ORIGINAL_CTID&ISID=M1F7D3DC5-F38B-46C7-9C0E-AC6B0D73D829&SearchSource=55&CUI=&UM=8&UP=SPB4EB5271-0316-41CA-8998-E92435E428E3&D=062416&SSPV="
S2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [X]
S3 cleanhlp; \??\C:\EEK\bin\cleanhlp64.sys [X]
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath

Open FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.


Report •

#13
June 24, 2016 at 22:18:49
Okay, i did a reboot,

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-06-2016 01
Ran by Venom 2016 (2016-06-25 01:09:03) Run:1
Running from C:\Users\2014\Desktop
Loaded Profiles: Venom 2016 (Available Profiles: Venom 2016 & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
emptytemp:
closeprocesses:
Hosts:
cmd: netsh winsock reset
cmd: ipconfig /flushdns
Task: {396B9DEA-4155-407D-A90C-7BF2521DE6F5} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {6E1DF63F-3303-489D-89E9-37B679BD95D0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {8A12D9F3-2F8C-4EC0-ACB6-FB99608CA329} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9DD98C67-3549-4C31-8CFC-E4022D679952} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C38A7F7E-A1D4-49F2-AF7D-A58901CB15C9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C4E0AAB8-0C6D-4F4A-A5B0-61C65297C15D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {C8A924A1-0078-46E1-BCFE-CC922C835742} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {CA2DC61A-7EBB-49BD-875D-C464D68CA530} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {CDB48F9A-8E48-4F33-9D67-26CBC94D037F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {D30C6D5F-EB2B-4131-8685-912E8571BD10} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E83F2D7D-0156-432C-B197-C3813BEE7407} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\2014:Heroes & Generals [38]
AlternateDataStreams: C:\Users\2014\MediaFire:mf_x [26]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKU\S-1-5-21-3570303574-1270954355-4073297477-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://arabia.msn.com/?rd=1&ucc=LB&dcc=LB&opt=0&ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3570303574-1270954355-4073297477-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelogx64.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelog.dll [No File]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR StartupUrls: Profile 1 -> "hxxp://www.trovi.com/?gd=&ctid=CT3331213&octid=EB_ORIGINAL_CTID&ISID=M1F7D3DC5-F38B-46C7-9C0E-AC6B0D73D829&SearchSource=55&CUI=&UM=8&UP=SPB4EB5271-0316-41CA-8998-E92435E428E3&D=062416&SSPV="
S2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [X]
S3 cleanhlp; \??\C:\EEK\bin\cleanhlp64.sys [X]
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= netsh winsock reset =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{396B9DEA-4155-407D-A90C-7BF2521DE6F5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{396B9DEA-4155-407D-A90C-7BF2521DE6F5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6E1DF63F-3303-489D-89E9-37B679BD95D0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E1DF63F-3303-489D-89E9-37B679BD95D0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8A12D9F3-2F8C-4EC0-ACB6-FB99608CA329}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A12D9F3-2F8C-4EC0-ACB6-FB99608CA329}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9DD98C67-3549-4C31-8CFC-E4022D679952}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9DD98C67-3549-4C31-8CFC-E4022D679952}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C38A7F7E-A1D4-49F2-AF7D-A58901CB15C9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C38A7F7E-A1D4-49F2-AF7D-A58901CB15C9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C4E0AAB8-0C6D-4F4A-A5B0-61C65297C15D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4E0AAB8-0C6D-4F4A-A5B0-61C65297C15D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C8A924A1-0078-46E1-BCFE-CC922C835742}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8A924A1-0078-46E1-BCFE-CC922C835742}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA2DC61A-7EBB-49BD-875D-C464D68CA530}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA2DC61A-7EBB-49BD-875D-C464D68CA530}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CDB48F9A-8E48-4F33-9D67-26CBC94D037F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CDB48F9A-8E48-4F33-9D67-26CBC94D037F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D30C6D5F-EB2B-4131-8685-912E8571BD10}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D30C6D5F-EB2B-4131-8685-912E8571BD10}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E83F2D7D-0156-432C-B197-C3813BEE7407}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E83F2D7D-0156-432C-B197-C3813BEE7407}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
C:\Users\2014 => ":Heroes & Generals" ADS removed successfully.
"C:\Users\2014\MediaFire" => ":mf_x" ADS not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKU\S-1-5-21-3570303574-1270954355-4073297477-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-3570303574-1270954355-4073297477-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.7.0" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.7.0" => key removed successfully
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value removed successfully
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
Chrome StartupUrls => removed successfully
SkypeUpdate => service removed successfully
cleanhlp => service removed successfully
idsvc => service removed successfully
wpcsvc => service removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 838026 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 65063473 B
Java, Flash, Steam htmlcache => 424025216 B
Windows/system/drivers => 191385688 B
Edge => 16908929 B
Chrome => 371222531 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 16674 B
ProgramData => 0 B
Public => 0 B
systemprofile => 152814657 B
systemprofile32 => 0 B
LocalService => 92218 B
NetworkService => 1734420 B
2014 => 2898453223 B
DefaultAppPool => 16674 B

RecycleBin => 11116461 B
EmptyTemp: => 3.8 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 01:10:53 ====


Report •

#14
June 24, 2016 at 22:53:30
Download Security Check by screen317 from one of the following links and save it to your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
Please restart the computer before running this security check.
* Double click SecurityCheck.exe. If you run Windows Vista or 7/8, right click and choose 'Run as Administrator'.
o If you are asked by Windows to run this program or not, please click 'Yes' or 'Run'.
o When you see a console window, press any key to continue scanning.
o Wait while it scans.
o If your firewall alerts you of Security Check, please press 'Allow' or similar.
* A Notepad document should open automatically after scan is completed. It will be called checkup.txt; Please Copy and Paste the contents into your reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
SecurityCheck is a program that searches for installed and running security programs on a user's computer. After it is finished, SecurityCheck will then display a log file that contains information about the security programs found on your computer and the status of security services such as Windows Firewall.
The log file that SecurityCheck creates is broken down into different sections. These sections are:
The Antivirus/Firewall Check section will contain information about antivirus programs that are installed on your computer and whether or not you have a firewall enabled.
The Anti-malware/Other Utilities Check lists installed anti-malware programs as well as utility programs that include Java, Adobe Reader, and Flash.
The Process Check section will list all of the running processes at the time the log was created.

Report •

#15
June 24, 2016 at 22:55:31
Do i disable my anti virus during this process too?

Report •

#16
June 24, 2016 at 23:00:41
Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
[b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u]
Windows Firewall Enabled!
Windows Defender
avast! Antivirus
[color=red][b]Antivirus out of date![/b][/color]
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u]
AVG PC TuneUp 2015 (en-US)
AVG PC TuneUp 2014 (en-GB)
Java 8 Update 91
[color=red][b]Java version 32-bit out of Date![/b][/color]
Adobe Flash Player 22.0.0.192
Google Chrome (51.0.2704.103)
Google Chrome (51.0.2704.84)
Google Chrome (SetupMetrics.pma..)
[b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]
AVAST Software Avast AvastSvc.exe
AVAST Software Avast ng vbox\AvastVBoxSVC.exe
AVAST Software Avast avastui.exe
[b][u]`````````````````System Health check`````````````````[/b][/u]
Total Fragmentation on Drive C: %
[b][u]````````````````````End of Log``````````````````````[/b][/u]

Report •

#17
June 24, 2016 at 23:04:16
Try Malwarebytes again. No need to run Avast.
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box to Scan for rootkits.
http://i.imgur.com/dZgt1g2.gif
Under Non-Malware Protection sub tab, make sure PUP and PUM entries to Treat detections as Malware are checked.
http://i.imgur.com/MKxr2K1.gif
Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
A Threat Scan will begin.
With some infections, you may see this message box.
'Could not load DDA driver'
Click 'Yes' to this message, to allow the driver to load after a restart.
Allow the computer to restart. Continue with the rest of these instructions.
When the scan is complete, click Apply Actions.
Wait for the prompt to restart the computer to appear, then click on Yes.
After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.
Or, you can do it before the reboot.
http://i.imgur.com/NOmMO3l.gif

Copy and Paste the contents of the log, in your reply please.
Log locations
http://i.imgur.com/s05hsP9.gif
http://i.imgur.com/qZ5dybV.gif
http://i.imgur.com/wOHlluy.gif
http://i.imgur.com/pYQQLah.gif

If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
If your MBAM log indicates "No action taken". That's usually a result of NOT clicking the Apply Actions button after the scan. In most cases, a restart will be required.


Report •

#18
June 24, 2016 at 23:27:56
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/25/2016
Scan Time: 02:06 AM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.06.25.01
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Venom 2016

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 353397
Time Elapsed: 18 min, 0 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


Report •

#19
June 24, 2016 at 23:31:13
What issues are you having now?

Here is how a USER got the problems, no AV would have prevented USER error. Go to any Malware forum & no matter what AV they have installed, they got infected.

As you can see from your logs, you had a lot of stuff installed, that you do not know, how it got installed.
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom install. No more click, click during an install, you have to read after each click.

Or, Use Unchecky to help prevent these third party installs. Nothing is perfect, the badies are always ahead of the goodies, so be vigilant.
http://www.softpedia.com/get/System...
http://www.freewarefiles.com/Unchec...
http://unchecky.com/
A reliable application that aims to protect your computer against third-party components often offered during software installations.

WARNING: CNET Download.com downloads now come bundled with opt-out crapware and toolbars ( Same applies to Softonic & Brothersoft )
http://www.groovypost.com/unplugged...
http://www.howtogeek.com/198622/her...

I use Softpedia & FreewareFiles.com, they make you aware what Ad-supported programs the author of the program has included.
http://win.softpedia.com/index.free...
http://www.freewarefiles.com/new_fi...
Sample pages
http://www.softpedia.com/get/CD-DVD...

Make sure ALL your Regional and Language Options settings are Ok. They will be something similar to this, the main point being, you should have at least 3 places to make sure you have your country displayed.

Windows 10: Change or Add Another Language or Region.
http://www.tech-recipes.com/rx/5633...
http://i.imgur.com/gkPnT4j.gif
http://i.imgur.com/8J4WO6U.gif
http://i.imgur.com/gtwlzJo.gif
http://i.imgur.com/vSWwH00.gif

Extract from the fixlog.
"EmptyTemp: => 3.8 GB temporary data Removed."
Way, way too big, even if you are a gamer.
Here are temp file settings for a normal user, adjust to suit your requirements.
Set Java to 100mb
https://steveshank.com/cgi-bin/arti...
All browsers, set to 50mb ( that's MB, not GB ) for temp.
Chrome is not so straight forward.
How to set Google Chrome cache to 50mb max temporary files.
With comps, there is always more than one way to do things, try this way.
Right click on the Google Chrome shortcut > Properties.
Copy & Paste this below after .exe" as per SS ( Screenshot )
NOTE: There is a space after .exe"
http://i.imgur.com/vgkU3X1.gif
--disk-cache-size=50000"
Click > Apply & then OK.


Report •

#20
June 24, 2016 at 23:42:22
Alright, I am no longer getting pop ups when opening stuff! Thanks alot for your time & help, I will see how it goes for a couple of days, if I message back, then it's not gone, if I don't, then please remember how grateful I am :). Thanks again!

Report •

#21
June 24, 2016 at 23:46:48
Nice work John!

"Sleep for the weak".... I say that every time I'm enjoying a few too many brews. I always end up losing.

Edit: it ends up being, sleep for the week

message edited by btk1w1


Report •

#22
June 24, 2016 at 23:47:53
Join the club, I've had many 3am finishes, computers are like that.

Report •

#23
June 24, 2016 at 23:50:16
Thanks btk1w1, didn't know you were there, you too, have probably had many 3am finishes.

Report •

#24
June 25, 2016 at 00:12:33
Hahaha. More than I'd care to admit :-D

Report •


Ask Question