Solved Really need help. Thankyou!

G

gracie

Level 1
Thread author
May 24, 2017
6
Hello, and thankyou in advance for all the support and help. Very much appreciated.
Computer has been possibly infected for 3 or so months, maybe more. Lost ability to download from Spotify, which I use for work. First real sign was Internet Explorer would not open, will flash up on screen when trying to open then close. Took IE 11 back to IE 8 but still same.
Many of the links in Control panel do not work mainly Firewall and Network. Action center does not come up. Also cannot download Java updates or Windows updates.
2 days ago, call from credit card company stating CC # has been used many times online and also had charges on another card approx 4 weeks ago.
If you need any other info I will try and provide and soon as I can.
Thank you SO much.
Gracie
 

Attachments

  • FRST.txt
    65.7 KB · Views: 1
  • Addition.txt
    42.1 KB · Views: 3
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hello,

Please uninstall current version of MalwareBytes and follow the instructions for the latest version below:


51a46ae42d560-malwarebytes_anti_malware.png
Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Start Scan.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the Reports tab.
  • Double-click the Scan Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.
 
G

gracie

Level 1
Thread author
May 24, 2017
6
Hello again, apologies for the delay.
Uninstalled previous version of Malwarebytes and Dl from link that you gave me here.
Wont let me open the program once Dl stating tray application error. I have included the details below. THANK YOU so much for taking the time.

Problem signature:
Problem Event Name: APPCRASH
Application Name: mbam.exe
Application Version: 3.0.0.1068
Application Timestamp: 59125ef2
Fault Module Name: mbam.exe
Fault Module Version: 3.0.0.1068
Fault Module Timestamp: 59125ef2
Exception Code: c0000005
Exception Offset: 0026ddd8
OS Version: 6.1.7601.2.1.0.256.48
Locale ID: 1033
Additional Information 1: 0a9e
Additional Information 2: 0a9e372d3b4ad19135b953a78882e789
Additional Information 3: 0a9e
Additional Information 4: 0a9e372d3b4ad19135b953a78882e789

Read our privacy statement online:
Windows 7 Privacy Statement

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt
 
G

gracie

Level 1
Thread author
May 24, 2017
6
No unfortunately has the same result.

Problem signature:
Problem Event Name: APPCRASH
Application Name: mbamtray.exe
Application Version: 3.0.0.1068
Application Timestamp: 59125d35
Fault Module Name: mbamtray.exe
Fault Module Version: 3.0.0.1068
Fault Module Timestamp: 59125d35
Exception Code: c0000005
Exception Offset: 0008a378
OS Version: 6.1.7601.2.1.0.256.48
Locale ID: 1033
Additional Information 1: 0a9e
Additional Information 2: 0a9e372d3b4ad19135b953a78882e789
Additional Information 3: 0a9e
Additional Information 4: 0a9e372d3b4ad19135b953a78882e789
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Check Disk
  • Press the
    WindowsKey.png
    on your keyboard. Type cmd and right click >> Run as Administrator.
  • Copy/Enter the command below and press Enter:
  • Code: 
    chkdsk C: /r
  • You should get a message to schedule Check Disk at next system restart. Please type Y and press Enter.
  • All you should do now is to restart your PC and let the Check Disk process finish uninterrupted.
Check Disk report:
  • Press the
    WindowsKey.png
    + R on your keyboard at the same time. Type eventvwr and click OK.
  • In the left panel, expand Windows Logs and then click on Application.
  • Now, on the right side, click on Filter Current Log.
  • Under Event Sources, check only Wininit and click OK.
  • Now you'll be presented with one or multiple Wininit logs.
  • Click on an entry corresponding to the date and time of the disk check.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.
 
G

gracie

Level 1
Thread author
May 24, 2017
6
Hoping I did this right. Thanks again.....

Log Name: Application
Source: Microsoft-Windows-Wininit
Date: 5/25/2017 8:15:19 PM
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: GRACIE
Description:


Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.

A disk check has been scheduled.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 5)...
366592 file records processed.

File verification completed.
1402 large file records processed.

0 bad file records processed.

2 EA records processed.

103 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 5)...
436460 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 5)...
366592 file SDs/SIDs processed.

Cleaning up 51 unused index entries from index $SII of file 0x9.
Cleaning up 51 unused index entries from index $SDH of file 0x9.
Cleaning up 51 unused security descriptors.
Security descriptor verification completed.
34935 data files processed.

CHKDSK is verifying Usn Journal...
38506840 USN bytes processed.

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
366576 files processed.

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
207574727 free clusters processed.

Free space verification is complete.
Windows has checked the file system and found no problems.

951834623 KB total disk space.
120880356 KB in 269987 files.
152884 KB in 34936 indexes.
0 KB in bad sectors.
502475 KB in use by the system.
65536 KB occupied by the log file.
830298908 KB available on disk.

4096 bytes in each allocation unit.
237958655 total allocation units on disk.
207574727 allocation units available on disk.

Internal Info:
00 98 05 00 26 a7 04 00 ec 5b 08 00 00 00 00 00 ....&....[......
05 13 00 00 67 00 00 00 00 00 00 00 00 00 00 00 ....g...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2017-05-26T03:15:19.000000000Z" />
<EventRecordID>36322</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>GRACIE</Computer>
<Security />
</System>
<EventData>
<Data>

Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.

A disk check has been scheduled.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 5)...
366592 file records processed.

File verification completed.
1402 large file records processed.

0 bad file records processed.

2 EA records processed.

103 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 5)...
436460 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 5)...
366592 file SDs/SIDs processed.

Cleaning up 51 unused index entries from index $SII of file 0x9.
Cleaning up 51 unused index entries from index $SDH of file 0x9.
Cleaning up 51 unused security descriptors.
Security descriptor verification completed.
34935 data files processed.

CHKDSK is verifying Usn Journal...
38506840 USN bytes processed.

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
366576 files processed.

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
207574727 free clusters processed.

Free space verification is complete.
Windows has checked the file system and found no problems.

951834623 KB total disk space.
120880356 KB in 269987 files.
152884 KB in 34936 indexes.
0 KB in bad sectors.
502475 KB in use by the system.
65536 KB occupied by the log file.
830298908 KB available on disk.

4096 bytes in each allocation unit.
237958655 total allocation units on disk.
207574727 allocation units available on disk.

Internal Info:
00 98 05 00 26 a7 04 00 ec 5b 08 00 00 00 00 00 ....&amp;....[......
05 13 00 00 67 00 00 00 00 00 00 00 00 00 00 00 ....g...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
</EventData>
</Event>
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Let's try this:


TDSSKiller_Kaspersky.png
Scan with TDSSKiller

Please download TDSSKiller by Kaspersky and save it to your desktop.

  • Right-click on
    TDSSKiller_Kaspersky.png
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
  • Click on Change parameters and put a checkmark beside Loaded modules. A reboot will be needed to apply the changes, allow it to do so.
  • Your machine may appear very slow and unusable after that - it's normal.
  • TDSSKiller will run automaticaly. Click on Change parameters and click OK.
  • Click the Start Scan button and wait patiently.

If anything will be found follow this guidelines:
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    If Cure is not available, please choose Skip instead.
  • Do not choose Delete unless instructed!

A report will be created in your root directory, (usually C:\ drive) in the form of TDSSKiller.[Version]_[Date]_[Time]_log.txt. Please include the contents of that file in your next post.
 
G

gracie

Level 1
Thread author
May 24, 2017
6
Done! Here is the log. THANKS.
 

Attachments

  • TDSSKiller.3.1.0.15_27.05.2017_08.23.27_log.txt
    906.2 KB · Views: 1
G

gracie

Level 1
Thread author
May 24, 2017
6
Thanks for the fast reply. Its a relief to know that there isnt an infection. Still exhibiting the same symptoms that I described in my first post. What do you recommend? Did the logs indicate any problems with the OS? Shall I try a repair installation of windows 7. If so, how would I do that and am I in the right section for help with that?
Thank you very much for your time and efforts with this.
Gracie.
 

Similar threads

xonaxa
  • Locked
Help
Replies
8
Views
509
Windows Malware Removal Help & Support
nasdaq
nasdaq
meowwww
  • Locked
Need help removing a Google extension virus (?)
Replies
3
Views
523
Windows Malware Removal Help & Support
nasdaq
nasdaq
Trident
    • Like
    • +Reputation
Malware News Attacker Relies on Retired IE and Parlour Tricks for More than a Year
Replies
4
Views
3,057
Security News
brambedkar59
brambedkar59

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top