[Solved] errors after using malware anti malware program

The problems started when the Web page will not open:
I get this: Sorry. something went wrong with the weighing giving this webpagina.Mogelijk helps if you close apps and tabs that you do not need to free up more memory.
Also tried on; folder name changes to '' backup default '' laptop reboots. has not helped.
Then I did a scan with Malwarebytes Anti-Malware. and without that I have made all selected to remove backup. I find when I start on new exe much. files have widened honors. and asks computer during startup for all those files.
These files: Logonui.exe / userinit.exe / dwm.exe / explorer.exe / Syntpenh.exe / chrome.exe / will be a total of 24 files.

Also tried system restore off a created restore point .this was not the solution.

Maybe someone knows how I can solve this. Thank you in advance.

 

Hi,

Please follow the instruction here and post the requested logs as a reply in this thread and I'll be able to look them over.

http://computerhelpforums.com/threa...-help-winxp-vista-win7-win8-and-win8-1.41927/

-etavares

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 15-9-2015
Scan Time: 21:27:00
Logfile:
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.09.15.06
Rootkit Database: v2015.08.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: User

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 309906
Time Elapsed: 9 min, 3 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.Palikan, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Palikan mole, Delete-on-Reboot, [ec46e947f19ad95d98422980d13327d9],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 3
PUP.Optional.Pakilan, C:\Users\User\AppData\Local\Chromium\User Data\Default\Extensions\ljibkigjccbegnbeojkoafejpoiachej\0.0.1_0, Quarantined, [171bf0407d0e0432a9b4eeba6a9b6c94],
PUP.Optional.Pakilan, C:\Users\User\AppData\Local\Chromium\User Data\Default\Extensions\ljibkigjccbegnbeojkoafejpoiachej\0.0.1_0\_metadata, Quarantined, [171bf0407d0e0432a9b4eeba6a9b6c94],
PUP.Optional.Pakilan, C:\Users\User\AppData\Local\Chromium\User Data\Default\Extensions\ljibkigjccbegnbeojkoafejpoiachej, Quarantined, [171bf0407d0e0432a9b4eeba6a9b6c94],

Files: 7
PUP.HackTool.Patcher, C:\Users\User\Dropbox\idm t.rar, No Action By User, [5ed437f924671b1b4765aa5ea957d12f],
PUP.Optional.Pakilan, C:\Users\User\AppData\Local\Chromium\User Data\Default\Extensions\ljibkigjccbegnbeojkoafejpoiachej\0.0.1_0\manifest.json, Quarantined, [171bf0407d0e0432a9b4eeba6a9b6c94],
PUP.Optional.Pakilan, C:\Users\User\AppData\Local\Chromium\User Data\Default\Extensions\ljibkigjccbegnbeojkoafejpoiachej\0.0.1_0\content_script.js, Quarantined, [171bf0407d0e0432a9b4eeba6a9b6c94],
PUP.Optional.Pakilan, C:\Users\User\AppData\Local\Chromium\User Data\Default\Extensions\ljibkigjccbegnbeojkoafejpoiachej\0.0.1_0\icon.ico, Quarantined, [171bf0407d0e0432a9b4eeba6a9b6c94],
PUP.Optional.Pakilan, C:\Users\User\AppData\Local\Chromium\User Data\Default\Extensions\ljibkigjccbegnbeojkoafejpoiachej\0.0.1_0\newtab.html, Quarantined, [171bf0407d0e0432a9b4eeba6a9b6c94],
PUP.Optional.Pakilan, C:\Users\User\AppData\Local\Chromium\User Data\Default\Extensions\ljibkigjccbegnbeojkoafejpoiachej\0.0.1_0\newtab.js, Quarantined, [171bf0407d0e0432a9b4eeba6a9b6c94],
PUP.Optional.Pakilan, C:\Users\User\AppData\Local\Chromium\User Data\Default\Extensions\ljibkigjccbegnbeojkoafejpoiachej\0.0.1_0\_metadata\verified_contents.json, Quarantined, [171bf0407d0e0432a9b4eeba6a9b6c94],

Physical Sectors: 0
(No malicious items detected)


(end)

 

Hi,

First off, I see a peer to peer program (uTorrent) and some cracked software in the logs to say nothing of the ethics of using cracked software. Please refrain from using these while I'm helping you. They are an extremely common and potent source of infection. P2P programs are a great tool...when you know exactly what peer you are connecting to on the other side.

If you agree to that, please let me know and we will proceed on. I do see some things that require attention.

-etavares

 

Hi ,

Yes you are right, I am agree with you .

 

Hi,

Ok great. Now, when you say the computer asks you for those files during startup, what exactly do you mean? Before windows loads? After you see the desktop? What exactly does it say in the error message?

A few of the programs you have installed are sometimes classified as potentially unwanted programs. (Internet Download Manager; Freemake). Do you wish to keep them installed?

We will do some clean up as well.

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE:This script was written specifically forthis user,foruse on that particular machine. Running this on another machine may cause damage to your operating system

RunFRST/FRST64a nd press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.When finished FRST will generate a log on the Desktop (Fixlog.txt).Please post it to your reply.

Thanks,
-etavares

 

Hi ,

There are no error messages more , I have removed internet download manager .
Fixlog.txt is attached .

 

Great!

Please run FRST and post the resulting frst.txt file in your reply.

Next, let's get a final opinion that your computer is clean. Please run this and post the log file you export.

ESET OnlineScanner

• Click here to download the installer for ESET Online Scanner and save it to your Desktop.
• Disable all your antivirus and antimalware software - see how to do that here.
• Right click on esetsmartinstaller_enu.exe andselectRunasAdministrator.
• Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
• Select Enable detection of potentially unwanted applications.
• Click Advanced Settings, then place a checkmark in the following:
  • Remove found threats
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
• Click Start to begin scanning.
• ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
• When the scan is done, click List threats (only available if ESET Online Scanner found something).
• Click Export, then save the file to your desktop.
• Click Back, then Finish to exit ESET Online Scanner.

-etavares

 

Hi ,

FRST is done . FRST log is attached .

First i started ESET OnlineScanner , 5 infected files found at 57 % scanning . But my computer shows blue screen with some words that i cant read because it shuts down itself in a few seconds. it restarts immediately. when it restarts i must choose a category between normal start, safe mode. i download bluescreenview_setup tool to search and read that blue screen ,but the tool didn't found any crashes, no dump file , no file name . This blue screen error happens occasionally, once in a few weeks to my pc ! How can i fix this ?
Then i started ESET onlieScanner one time again . this time no blue screen at 57 % scanning , the scanner achieved 100 % and found 32 infected files , 30 are removed , 2 files are not removed . ESETlog is attached

 

Hi,

OK, looking better. You'll want to delete these two files, they are the one that ESET didn't delete and have a trojan exploit.
C:\Users\All Users\Documenten\Wondershare\mobilego_full1153.exe
C:\Users\Public\Documents\Wondershare\mobilego_full1153.exe

Next, for BlueScreenView to work, we need to enable minidumps. TO do so:

1. Copy/Paste SystemPropertiesAdvanced.exe into the search box and press Enter
2. Press Continue at the UAC prompt
3. Click Advanced tab
4. Click Settings under Startup and Recovery
5. Check Write an event to the system log if it is not checked
6. Check Automatically restart if it is not checked
7. Under Write Debugging Information select Small memory dump (256 KB) from the drop down.
8. Ensure the directory is set to %SystemRoot%\Minidump
9. Press OK
10. Reboot

That will create minidump files. Let me know if step 5/6 were already checked and if you had to make any changes.

Next, I see you have outdated Java installed (Java 8 Update 45). Update 60 is the current one. To update, go to Java.com and download and install the most recent update. This closes known security holes.

-etavares

 

Hi , check my reply is writing with blue

C:\Users\All Users\Documenten\Wondershare\mobilego_full1153.exe is deleted
C:\Users\Public\Documents\Wondershare\mobilego_full1153.exe is deleted

Next, for BlueScreenView to work, we need to enable minidumps. TO do so:

1. Copy/Paste SystemPropertiesAdvanced.exe into the search box and press Enter
2. Press Continue at the UAC prompt
3. Click Advanced tab
4. Click Settings under Startup and Recovery
5. Check Write an event to the system log if it is not checked is already checked
6. Check Automatically restart if it is not checked is not checked since yesterday , because some one told me yesterday that it is better to be not checked for getting chance to red the blue screen next time .Because it shuts down quickly itself in a few seconds . then i can restart when i finished reading the blue screen. But now Automatically restart is checked again because you've asked.
7. Under Write Debugging Information select Small memory dump (256 KB) from the drop down. is done but on my pc i have only Small memory dump (64 KB) not 256 KB
8. Ensure the directory is set to %SystemRoot%\Minidump is done
9. Press OK
10. Reboot

That will create minidump files. Let me know if step 5/6 were already checked and if you had to make any changes.

Next, I see you have outdated Java installed (Java 8 Update 45). Update 60 is the current one. To update, go to Java.com and download and install the most recent update. This closes known security holes.

 

Yes, you can uncheck Automatically Restart if you want...you're right, the blue screen will flicker and disappear. Feel free to uncheck if you want...if you use Blue Screen View to view, seeing the screen isn't critical. HOwever, given your answer, BSV should have found the minidumps. Did you have to change the directory to that, or was it already set as in Step 8 above?

-etavares

 

No I have to change the directory to %SystemRoot%\Minidump .
Before i change it to %SystemRoot%\Minidump was %SystemRoot%\MEMORY.DMP

 

Ah, that is why BlueScreenView didn't find those minidumps. You can copy the most recent file from C:\Windows\MEMORY.DMP to C:\Windows\Minidump\ and then run BlueScreenView to get the information.

-etavares

 

Hi ,
C:/Windows/System/Memory.dmp, folder doesn't exist .

 

Hi, it would be in C:\windows, not C:\windows\system...is it in the root windows folder?

-etavares

 

Hi , sorry i write by mistake C:/Windows/System/Memory.dmp . I mean C:/Windows/Memory.dmp doesn't exist .

 

OK, how it everything running now? If good, I'll leave this thread open for a while in case you have a blue screen, then we can try and diagnose.

-etavares