Solved Malware help

[omgitsjoe]

I recently made the mistake of getting infected... After running norton and malwarebytes numerous times they have came back clean, but im still having issues.
1. edge wont load any page. just says cant be reached. even though i have network access, (chrome works fine)
2. boot time (windows logo) IS SOOOO SLOW. its never been this slow. I have a pretty decent PC.
16gb ddr4 ram
I7 3.30ghz
rx290 8gb graphics card
multiple SSD

Before the infection, the boot time was just a few seconds.

please help

thanks,

Joe

 

[TwinHeadedEagle]

Hello,

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition.txt option is checked.
  
  
  
  
  
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please attach report into your next reply.

 

[omgitsjoe]

done

 

[TwinHeadedEagle]

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

 

[omgitsjoe]

Done

 

[TwinHeadedEagle]

How is the situation now?

 

[omgitsjoe]

boot time is a little better, nothing like it was.

internet explorer still says:

Hmmm...can’t reach this page
Try this

• Make sure you’ve got the right web address: MSN | Outlook, Office, Skype, Bing, Breaking News, and Latest Videos

 

[TwinHeadedEagle]

Can you try to reset its settings?

 

[omgitsjoe]

I have quite a few times, even reinstalled it.

Thanks for your help this far though.

 

[TwinHeadedEagle]

Let's check something. Please perform another fix with attached fixlist.txt and upload the report.

 

[omgitsjoe]

done

 

[TwinHeadedEagle]

I found the problem.

Please download the archive on the link below and unpack it to your Desktop.

https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/attachment/12304958/7900026/

It is important to have FixTcpipACL.ps1 on your Desktop.

Open a PowerShell command prompt as
administrator. Win + S and then type powershell. Find the command
and right click to “Run as Administrator”

Then execute this command in powershell:

cd C:\Users\OMFG\Desktop

one more command

set-executionpolicy unrestricted

and the final command:

.\FixTcpipACL.ps1

Reboot your computer and let me know how it goes now.

 

[omgitsjoe]

that worked. edge is working again.

but the boot time is still slower than before the infection. Is there anything i can do to resolve this?

thanks

 

[TwinHeadedEagle]

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition.txt option is checked.
  
  
  
  
  
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please attach report into your next reply.

 

[omgitsjoe]

done

 

[TwinHeadedEagle]

Check Disk

• Press the
  
  on your keyboard. Type cmd and right click >> Run as Administrator.
• Copy/Enter the command below and press Enter:

• chkdsk C: /r

• You should get a message to schedule Check Disk at next system restart. Please type Y and press Enter.
• All you should do now is to restart your PC and let the Check Disk process finish uninterrupted.

Check Disk report:

• Press the
  
  + R on your keyboard at the same time. Type eventvwr and click OK.
• In the left panel, expand Windows Logs and then click on Application.
• Now, on the right side, click on Filter Current Log.
• Under Event Sources, check only Wininit and click OK.
• Now you'll be presented with one or multiple Wininit logs.
• Click on an entry corresponding to the date and time of the disk check.
• On the top main menu, click Action > Copy > Copy Details as Text.
• Paste the contents into your next reply.

 

[omgitsjoe]

Log Name: Application
Source: Microsoft-Windows-Wininit
Date: 4/2/2018 6:30:01 PM
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: DESKTOP-6A3LCIC
Description:


Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.

Stage 1: Examining basic file system structure ...
371968 file records processed.
File verification completed.
11820 large file records processed.
0 bad file records processed.

Stage 2: Examining file name linkage ...
658 reparse records processed.
498370 index entries processed.
Index verification completed.
0 unindexed files scanned.
0 unindexed files recovered to lost and found.
658 reparse records processed.

Stage 3: Examining security descriptors ...
Cleaning up 4444 unused index entries from index $SII of file 0x9.
Cleaning up 4444 unused index entries from index $SDH of file 0x9.
Cleaning up 4444 unused security descriptors.
Security descriptor verification completed.
63202 data files processed.
CHKDSK is verifying Usn Journal...
41688176 USN bytes processed.
Usn Journal verification completed.

Stage 4: Looking for bad clusters in user file data ...
371952 files processed.
File data verification completed.

Stage 5: Looking for bad, free clusters ...
30095370 free clusters processed.
Free space verification is complete.
CHKDSK discovered free space marked as allocated in the volume bitmap.

Windows has made corrections to the file system.
No further action is required.

243330563 KB total disk space.
122300272 KB in 216632 files.
153500 KB in 63203 indexes.
0 KB in bad sectors.
495307 KB in use by the system.
65536 KB occupied by the log file.
120381484 KB available on disk.

4096 bytes in each allocation unit.
60832640 total allocation units on disk.
30095371 allocation units available on disk.

Internal Info:
00 ad 05 00 49 44 04 00 d5 35 08 00 00 00 00 00 ....ID...5......
58 02 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 X...:...........

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2018-04-02T22:30:01.169570900Z" />
<EventRecordID>528481</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>DESKTOP-6A3LCIC</Computer>
<Security />
</System>
<EventData>
<Data>

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.

Stage 1: Examining basic file system structure ...
371968 file records processed.
File verification completed.
11820 large file records processed.
0 bad file records processed.

Stage 2: Examining file name linkage ...
658 reparse records processed.
498370 index entries processed.
Index verification completed.
0 unindexed files scanned.
0 unindexed files recovered to lost and found.
658 reparse records processed.

Stage 3: Examining security descriptors ...
Cleaning up 4444 unused index entries from index $SII of file 0x9.
Cleaning up 4444 unused index entries from index $SDH of file 0x9.
Cleaning up 4444 unused security descriptors.
Security descriptor verification completed.
63202 data files processed.
CHKDSK is verifying Usn Journal...
41688176 USN bytes processed.
Usn Journal verification completed.

Stage 4: Looking for bad clusters in user file data ...
371952 files processed.
File data verification completed.

Stage 5: Looking for bad, free clusters ...
30095370 free clusters processed.
Free space verification is complete.
CHKDSK discovered free space marked as allocated in the volume bitmap.

Windows has made corrections to the file system.
No further action is required.

243330563 KB total disk space.
122300272 KB in 216632 files.
153500 KB in 63203 indexes.
0 KB in bad sectors.
495307 KB in use by the system.
65536 KB occupied by the log file.
120381484 KB available on disk.

4096 bytes in each allocation unit.
60832640 total allocation units on disk.
30095371 allocation units available on disk.

Internal Info:
00 ad 05 00 49 44 04 00 d5 35 08 00 00 00 00 00 ....ID...5......
58 02 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 X...:...........

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
</EventData>
</Event>

 

[TwinHeadedEagle]

How is the situation now?

 

[omgitsjoe]

running like a Ferrari!!! thanks everyone for their help!!