My desktop pc got infected with a virus, still having problems

Page 1 of 2 12 LastLast

  1. Posts : 22
    Windows 10 PRO
       #1

    My desktop pc got infected with a virus, still having problems


    Hello,

    Tonight around 9:14 pm I was trying to merge my friends 5 videos together... I remembered that Windows Live movie maker had a feature that you could merge the files together... I must have gotten an illegitimate version of the program because it asked me to "register" the program... So I then decided to go to chrome and search for a "patch" for the program, regardless of never recalling WLMM to ever ask me to do this in the past.

    side note: I was in a rush while iIwas trying to merge the files together, which was why this happened...


    So so I found something on the web called "Windows Live Movie Maker 16.4 Crack Registration"... it was really dumb, I know.

    Anyways, so it actually installed some things like remote PC login and like 2 game shortcuts, which nothing it "installed" I did not open. It then completely removed firefox, it kept popping ads up on my PC, regardless that I have Adblock plus LOL - I know not funny. I then decided to very quickly purchase Malwarebytes Premium, and immediately ran a scan - which ended up finding 296 viruses etc.. I have a photo of it on my phone. I have noticed that no matter what I do, I can not launch the edge browser... it just keeps crashing/closing.

    I would like to know what to do next, as I REALLY don`t want to have to re-install my OS.... -.-

    Any help will be much appreciated!

    Thank you :)
      My Computer


  2. Posts : 22
    Windows 10 PRO
    Thread Starter
       #2

    I have just ran a scan with Adware Removal Tool and these are the results:

    PUP.SecureWebChannel ->> Registry Key ->> HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\Currentversion\Uninstall\ <RegKey:> 11598763487076930564PUP.SecureWebChannel ->> Registry Key ->> HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\microsoft\windows\Currentversion\Uninstall\ <RegKey:> 11598763487076930564Adware.adskeeper ->> Browser: Chrome ->> C:\Users\dtlaw\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Please let me know what I can do further...

    Thanks
      My Computer


  3. Posts : 22
    Windows 10 PRO
    Thread Starter
       #3

    With the edge issue, I have tried this articles recommendation: How to reset Microsoft Edge in Windows 10 when things are broken | Windows Central

    with absolutely no luck

    Not sure why edge keeps crashing - like it pops up and then closes... weird...
      My Computer


  4. Posts : 579
    Windows 10 Home
       #4

    KaozVirtus,

    File this one under "Lessons learned"!!
    Windows Live Movie Maker 16.4 Crack Registration


    Let's take a look at the infected system

    Please use the Farbar Recovery Scan Tool Download
    Save FRST to your Desktop.

    [Note: You need to run the version compatible with your system: 32 bit or 64 bit]

    Double-click FRST to run it.
    When the tool opens click Yes to the disclaimer.
    Next, press the Scan button.

    When done, the tool makes a log (FRST.txt) on the Desktop.
    The first time the tool is run, it makes another log: (Addition.txt).

    Please attach the results of both reports in your reply.
      My Computer


  5. Posts : 22
    Windows 10 PRO
    Thread Starter
       #5

    Hello,

    I will post the results as soon as possible, thank you.
      My Computer


  6. Posts : 22
    Windows 10 PRO
    Thread Starter
       #6

    Hello,
    I have attached the results.

    Thank you.
    My desktop pc got infected with a virus, still having problems Attached Files
      My Computer


  7. Posts : 579
    Windows 10 Home
       #7

    KaozVirtus,

    Please manually uninstall the cracked program:
    Movie Maker (x32 Version: 16.4.3528.0331


    • Press the Start menu.
    • Click: Settings.
    • Click: System on the Settings menu.
    • Select: Apps & features from the left pane. Wait for the list of programs to appear.
    • Select the application, and right-click.
    • Click: Uninstall



    Next, please do the following:

    Press the Windows and R keys at the same time.
    This opens the Run box.
    Type Notepad and click OK.

    Now, please copy the entire contents inside the code box below to Notepad:
    Code:
    Start
    CreateRestorePoint:
    CloseProcesses:
    
    HKLM-x32\...\Run: [] => [X]
    GroupPolicy: Restriction - Chrome <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -  No File
    FF Plugin-x32: @Microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
    CustomCLSID: HKU\S-1-5-21-2131147218-2223772917-1229145198-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-85C0AAC3F68A}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
    Shortcut: C:\Users\dtlaw\Downloads\P3DHack BLT 1.3.9 fix2_[unknowncheats.me]_\mods\???????.lnk -> C:\Users\dtlaw\AppData\Local\PAYDAY 2\crash.txt () <===== Cyrillic
    Shortcut: C:\Users\dtlaw\Desktop\Games\Syndi??te.lnk -> C:\Users\dtlaw\AppData\Roaming\Browsers\exe.rehcnual.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\dtlaw\Desktop\Games\??niaPlanet.lnk -> C:\Users\dtlaw\AppData\Roaming\Browsers\exe.rehcnualtenalpainam.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\dtlaw\Desktop\Games\?ommand and Conquer R?d ?lert.lnk -> C:\Users\dtlaw\AppData\Roaming\Browsers\exe.rehcnual59ar.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\dtlaw\Desktop\Games\?omm?nd and C?nqu?r and ?h? Cov?rt ???rations.lnk -> C:\Users\dtlaw\AppData\Roaming\Browsers\exe.rehcnual59cnc.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\dtlaw\Desktop\Games\?omm?nd ?nd ?onquer Ren?gade.lnk -> C:\Users\dtlaw\AppData\Roaming\Browsers\exe.rehcnualedagener.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\dtlaw\Desktop\Games\?omm?nd ?nd ?onquer R?d ?l?rt 2.lnk -> C:\Users\dtlaw\AppData\Roaming\Browsers\exe.rehcnual2ar.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\dtlaw\Desktop\Games\??mmand and ??nqu?r ?ib?ri?n Sun.lnk -> C:\Users\dtlaw\AppData\Roaming\Browsers\exe.rehcnualst.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\dtlaw\Desktop\Games\??mmand ?nd Conqu?r Red Alert 3 and Uprising.lnk -> C:\Users\dtlaw\AppData\Roaming\Browsers\exe.rehcnual3ar.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\dtlaw\Desktop\Games\??mm?nd and Conquer ?he Ultimate Collecti?n ?dditi?n?l ??nt?nt.lnk -> C:\Users\dtlaw\AppData\Roaming\Browsers\exe.rehcnual.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\dtlaw\Desktop\Games\??mm?nd and ??nquer 3 Tib?rium W?rs ?nd ??ne's Wr?th.lnk -> C:\Users\dtlaw\AppData\Roaming\Browsers\exe.rehcnual3cnc.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\dtlaw\Desktop\Games\?h? Sims 3.lnk -> C:\Users\dtlaw\AppData\Roaming\Browsers\exe.rehcnual3smis.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\dtlaw\Desktop\Games\?rine En?h?nted ?dition.lnk -> C:\Users\dtlaw\AppData\Roaming\Browsers\exe.rehcnual_enirt.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\dtlaw\Desktop\Games\?rin? 2 Complete Story.lnk -> C:\Users\dtlaw\AppData\Roaming\Browsers\exe.rehcnual_2enirt.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\dtlaw\Desktop\APPS\?roth?r Utiliti?s_p.lnk -> C:\Users\dtlaw\AppData\Roaming\Browsers\exe.rehcnualrb.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\dtlaw\Desktop\APPS\?r?ther Utilities.lnk -> C:\Users\dtlaw\AppData\Roaming\Browsers\exe.rehcnualrb.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\dtlaw\Desktop\APPS\??zilla Fir?f??.lnk -> C:\Users\dtlaw\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\dtlaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\G?ogl? Pl?y ?usic.lnk -> C:\Users\dtlaw\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\dtlaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Int?rn?t E?pl?r?r.lnk -> C:\Users\dtlaw\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\dtlaw\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G??gle Chr?m?.lnk -> C:\Users\dtlaw\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\dtlaw\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\G??gle Chr?m?.lnk -> C:\Users\dtlaw\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G??gl? Chr?me.lnk -> C:\Users\dtlaw\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\?d?be Widg?t Br?ws?r.lnk -> C:\Users\dtlaw\AppData\Roaming\Browsers\exe.resworb tegdiw eboda.bat (No File) <===== Cyrillic
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??zill? Fir?fo?.lnk -> C:\Users\dtlaw\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic
    EmptyTemp:
    Reboot:
    End
    Save the file as fixlist.txt in the same folder where the FRST is running from. It appears to be running from C:\Users\dtlaw\Downloads\Programs vs. the Desktop. They both need to be in the same place, preferably the Desktop.

    Next, run FRST and click Fix only once, and wait.

    When done, the tool creates a log: Fixlog.txt
    Please attach to your reply.



    Last, please download CKScanner:
    http://downloads.malwareremoval.com/CKScanner.exe
    Save the file to the Desktop.

    To run the program, right-Click CKScanner.exe and select: Run as administrator
    At the program console, click: Search For Files
    When done, click: Save List To File
    A message verifies the file saved.

    A log (CKFiles.txt) is created on the Desktop.
    Press: Exit
    Attach the contents of CKFiles.txt in your reply.

    Also, let us know how the system is doing.
      My Computer


  8. Posts : 31,459
    10 Home x64 (22H2) (10 Pro on 2nd pc)
       #8

    cottonball said:
    File this one under "Lessons learned"!!
    Windows Live Movie Maker 16.4 Crack Registration
    And so unnecessary, @KaozVirtus. Movie Maker is part of Windows Essentials 2012. Although officially past its 'end of support' date, the free offline installer is still available to download direct from Microsoft (I've just checked). No registration or cracks needed for that one. The link is in this post...
    Windows Essentials 2012 will reach end of support on January 10th 2017
    ...you could download it now, but best wait until cottonball has sorted you out before installing it.
      My Computers


  9. Posts : 22
    Windows 10 PRO
    Thread Starter
       #9

    I will post an update soon, I`m not home.

    Also, Thank you.
      My Computer


  10. Posts : 22
    Windows 10 PRO
    Thread Starter
       #10

    Hello,

    I am now back home after being away for more than a week, I have done everything that CottonBall said to do and I have the results.

    I am only having one small problem, Microsoft Edge browser - and everytime I try and open it, it crashes... This is the only problem I have that I can see.

    Also, apologies that I took this long to get back...

    I have included the results :)
    My desktop pc got infected with a virus, still having problems Attached Files
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 05:59.
Find Us




Windows 10 Forums