Windows 10: My desktop pc got infected with a virus, still having problems

Page 1 of 2 12 LastLast
  1.    29 Jan 2017 #1

    My desktop pc got infected with a virus, still having problems


    Hello,

    Tonight around 9:14 pm I was trying to merge my friends 5 videos together... I remembered that Windows Live movie maker had a feature that you could merge the files together... I must have gotten an illegitimate version of the program because it asked me to "register" the program... So I then decided to go to chrome and search for a "patch" for the program, regardless of never recalling WLMM to ever ask me to do this in the past.

    side note: I was in a rush while iIwas trying to merge the files together, which was why this happened...


    So so I found something on the web called "Windows Live Movie Maker 16.4 Crack Registration"... it was really dumb, I know.

    Anyways, so it actually installed some things like remote PC login and like 2 game shortcuts, which nothing it "installed" I did not open. It then completely removed firefox, it kept popping ads up on my PC, regardless that I have Adblock plus LOL - I know not funny. I then decided to very quickly purchase Malwarebytes Premium, and immediately ran a scan - which ended up finding 296 viruses etc.. I have a photo of it on my phone. I have noticed that no matter what I do, I can not launch the edge browser... it just keeps crashing/closing.

    I would like to know what to do next, as I REALLY don`t want to have to re-install my OS.... -.-

    Any help will be much appreciated!

    Thank you
      My ComputerSystem Spec

  2.    29 Jan 2017 #2

    I have just ran a scan with Adware Removal Tool and these are the results:

    PUP.SecureWebChannel ->> Registry Key ->> HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\Currentversion\Uninstall\ <RegKey:> 11598763487076930564PUP.SecureWebChannel ->> Registry Key ->> HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\microsoft\windows\Currentversion\Uninstall\ <RegKey:> 11598763487076930564Adware.adskeeper ->> Browser: Chrome ->> C:\Users\dtlaw\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Please let me know what I can do further...

    Thanks
      My ComputerSystem Spec

  3.    29 Jan 2017 #3

    With the edge issue, I have tried this articles recommendation: How to reset Microsoft Edge in Windows 10 when things are broken | Windows Central

    with absolutely no luck

    Not sure why edge keeps crashing - like it pops up and then closes... weird...
      My ComputerSystem Spec

  4.    30 Jan 2017 #4

    KaozVirtus,

    File this one under "Lessons learned"!!
    Windows Live Movie Maker 16.4 Crack Registration


    Let's take a look at the infected system

    Please use the Farbar Recovery Scan Tool Download
    Save FRST to your Desktop.

    [Note: You need to run the version compatible with your system: 32 bit or 64 bit]

    Double-click FRST to run it.
    When the tool opens click Yes to the disclaimer.
    Next, press the Scan button.

    When done, the tool makes a log (FRST.txt) on the Desktop.
    The first time the tool is run, it makes another log: (Addition.txt).

    Please attach the results of both reports in your reply.
      My ComputerSystem Spec

  5.    30 Jan 2017 #5

    Hello,

    I will post the results as soon as possible, thank you.
      My ComputerSystem Spec

  6.    30 Jan 2017 #6

    Hello,
    I have attached the results.

    Thank you.
    My desktop pc got infected with a virus, still having problems Attached Files
      My ComputerSystem Spec

  7.    30 Jan 2017 #7

    KaozVirtus,

    Please manually uninstall the cracked program:
    Movie Maker (x32 Version: 16.4.3528.0331


    • Press the Start menu.
    • Click: Settings.
    • Click: System on the Settings menu.
    • Select: Apps & features from the left pane. Wait for the list of programs to appear.
    • Select the application, and right-click.
    • Click: Uninstall



    Next, please do the following:

    Press the Windows and R keys at the same time.
    This opens the Run box.
    Type Notepad and click OK.

    Now, please copy the entire contents inside the code box below to Notepad:
    Code:
    Start
    CreateRestorePoint:
    CloseProcesses:
    
    HKLM-x32\...\Run: [] => [X]
    GroupPolicy: Restriction - Chrome <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -  No File
    FF Plugin-x32: @Microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
    CustomCLSID: HKU\S-1-5-21-2131147218-2223772917-1229145198-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-85C0AAC3F68A}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
    Shortcut: C:\Users\dtlaw\Downloads\P3DHack BLT 1.3.9 fix2_[unknowncheats.me]_\mods\???????.lnk -> C:\Users\dtlaw\AppData\Local\PAYDAY 2\crash.txt () <===== Cyrillic
    Shortcut: C:\Users\dtlaw\Desktop\Games\Syndi??te.lnk -> C:\Users\dtlaw\AppData\Roaming\Browsers\exe.rehcnual.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\dtlaw\Desktop\Games\??niaPlanet.lnk -> C:\Users\dtlaw\AppData\Roaming\Browsers\exe.rehcnualtenalpainam.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\dtlaw\Desktop\Games\?ommand and Conquer R?d ?lert.lnk -> C:\Users\dtlaw\AppData\Roaming\Browsers\exe.rehcnual59ar.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\dtlaw\Desktop\Games\?omm?nd and C?nqu?r and ?h? Cov?rt ???rations.lnk -> C:\Users\dtlaw\AppData\Roaming\Browsers\exe.rehcnual59cnc.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\dtlaw\Desktop\Games\?omm?nd ?nd ?onquer Ren?gade.lnk -> C:\Users\dtlaw\AppData\Roaming\Browsers\exe.rehcnualedagener.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\dtlaw\Desktop\Games\?omm?nd ?nd ?onquer R?d ?l?rt 2.lnk -> C:\Users\dtlaw\AppData\Roaming\Browsers\exe.rehcnual2ar.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\dtlaw\Desktop\Games\??mmand and ??nqu?r ?ib?ri?n Sun.lnk -> C:\Users\dtlaw\AppData\Roaming\Browsers\exe.rehcnualst.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\dtlaw\Desktop\Games\??mmand ?nd Conqu?r Red Alert 3 and Uprising.lnk -> C:\Users\dtlaw\AppData\Roaming\Browsers\exe.rehcnual3ar.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\dtlaw\Desktop\Games\??mm?nd and Conquer ?he Ultimate Collecti?n ?dditi?n?l ??nt?nt.lnk -> C:\Users\dtlaw\AppData\Roaming\Browsers\exe.rehcnual.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\dtlaw\Desktop\Games\??mm?nd and ??nquer 3 Tib?rium W?rs ?nd ??ne's Wr?th.lnk -> C:\Users\dtlaw\AppData\Roaming\Browsers\exe.rehcnual3cnc.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\dtlaw\Desktop\Games\?h? Sims 3.lnk -> C:\Users\dtlaw\AppData\Roaming\Browsers\exe.rehcnual3smis.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\dtlaw\Desktop\Games\?rine En?h?nted ?dition.lnk -> C:\Users\dtlaw\AppData\Roaming\Browsers\exe.rehcnual_enirt.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\dtlaw\Desktop\Games\?rin? 2 Complete Story.lnk -> C:\Users\dtlaw\AppData\Roaming\Browsers\exe.rehcnual_2enirt.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\dtlaw\Desktop\APPS\?roth?r Utiliti?s_p.lnk -> C:\Users\dtlaw\AppData\Roaming\Browsers\exe.rehcnualrb.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\dtlaw\Desktop\APPS\?r?ther Utilities.lnk -> C:\Users\dtlaw\AppData\Roaming\Browsers\exe.rehcnualrb.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\dtlaw\Desktop\APPS\??zilla Fir?f??.lnk -> C:\Users\dtlaw\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\dtlaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\G?ogl? Pl?y ?usic.lnk -> C:\Users\dtlaw\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\dtlaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Int?rn?t E?pl?r?r.lnk -> C:\Users\dtlaw\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\dtlaw\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G??gle Chr?m?.lnk -> C:\Users\dtlaw\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\dtlaw\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\G??gle Chr?m?.lnk -> C:\Users\dtlaw\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G??gl? Chr?me.lnk -> C:\Users\dtlaw\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\?d?be Widg?t Br?ws?r.lnk -> C:\Users\dtlaw\AppData\Roaming\Browsers\exe.resworb tegdiw eboda.bat (No File) <===== Cyrillic
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??zill? Fir?fo?.lnk -> C:\Users\dtlaw\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic
    EmptyTemp:
    Reboot:
    End
    Save the file as fixlist.txt in the same folder where the FRST is running from. It appears to be running from C:\Users\dtlaw\Downloads\Programs vs. the Desktop. They both need to be in the same place, preferably the Desktop.

    Next, run FRST and click Fix only once, and wait.

    When done, the tool creates a log: Fixlog.txt
    Please attach to your reply.



    Last, please download CKScanner:
    http://downloads.malwareremoval.com/CKScanner.exe
    Save the file to the Desktop.

    To run the program, right-Click CKScanner.exe and select: Run as administrator
    At the program console, click: Search For Files
    When done, click: Save List To File
    A message verifies the file saved.

    A log (CKFiles.txt) is created on the Desktop.
    Press: Exit
    Attach the contents of CKFiles.txt in your reply.

    Also, let us know how the system is doing.
      My ComputerSystem Spec


  8. Posts : 4,512
    10 Home x64 (1709) (10 Pro on 2nd pc)
       30 Jan 2017 #8

    cottonball said: View Post
    File this one under "Lessons learned"!!
    Windows Live Movie Maker 16.4 Crack Registration
    And so unnecessary, @KaozVirtus. Movie Maker is part of Windows Essentials 2012. Although officially past its 'end of support' date, the free offline installer is still available to download direct from Microsoft (I've just checked). No registration or cracks needed for that one. The link is in this post...
    Windows Essentials 2012 will reach end of support on January 10th 2017
    ...you could download it now, but best wait until cottonball has sorted you out before installing it.
      My ComputersSystem Spec

  9.    30 Jan 2017 #9

    I will post an update soon, I`m not home.

    Also, Thank you.
      My ComputerSystem Spec

  10.    08 Feb 2017 #10

    Hello,

    I am now back home after being away for more than a week, I have done everything that CottonBall said to do and I have the results.

    I am only having one small problem, Microsoft Edge browser - and everytime I try and open it, it crashes... This is the only problem I have that I can see.

    Also, apologies that I took this long to get back...

    I have included the results
    My desktop pc got infected with a virus, still having problems Attached Files
      My ComputerSystem Spec


 
Page 1 of 2 12 LastLast

Related Threads
Solved Infected by mail.ru virus in AntiVirus, Firewalls and System Security
Hi, 2 days ago I ran a infected Russian .exe file to download a intro template from "Frogges" Youtube channel with mediadisk.net website. But with that I downloaded some unwanted programs to my computer. The virus opens an advertising tab on my...
Virus problems in AntiVirus, Firewalls and System Security
Hi everyone! So, my laptop got infectet when i downloaded a fake using manual i downloaded it from this site (DO NOT OPEN) Siemens Siwamat 2102 User Manual | downloadfreefileshere.com and i would be very thankful if someone helped me out here.
Hey there, I have started having serious problems with my computer. It seems to have started this morning when all of a sudden my computer kept sort of refreshing explorer (the taskbar would disappear and reappear, etc.) so i decided it was time to...
Backdoor virus infected in AntiVirus, Firewalls and System Security
Can I launch a police report if I know who are installing backdoor virus into my computer system? Many thanks.
Solved Infected Web Source in AntiVirus, Firewalls and System Security
Anyone else getting this. Bitdefender is throwing up this alarm every time I click on this web site or any post in this site. Never had this before, so it could well be a false positive.
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 22:54.
Find Us