Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Windows 10 issues - Possible Registry Malware  (Read 2769 times)

0 Members and 1 Guest are viewing this topic.

IdolsBeNot

    Topic Starter


    Rookie

    • Experience: Familiar
    • OS: Windows 7
    Windows 10 issues - Possible Registry Malware
    « on: June 18, 2017, 11:17:53 AM »
    Okay, Hopefully you guys can figure this out cause I can't. I am running a Win 10 laptop. My issue is that no applications will install, I can't use Device Manager or any properties, and trying to refresh the system with the installation media won't work because I run into an autorun.dll error.

    Here are the requested logs:

    # AdwCleaner v6.047 - Logfile created 18/06/2017 at 05:44:23
    # Updated on 19/05/2017 by Malwarebytes
    # Database : 2017-06-16.2 [Server]
    # Operating System : Windows 10 Pro  (X64)
    # Username : Asus - ASUS-PC
    # Running from : C:\Users\Asus\Downloads\adwcleaner_6.047.exe
    # Mode: Scan
    # Support : https://www.malwarebytes.com/support



    ***** [ Services ] *****

    No malicious services found.


    ***** [ Folders ] *****

    No malicious folders found.


    ***** [ Files ] *****

    No malicious files found.


    ***** [ DLL ] *****

    No malicious DLLs found.


    ***** [ WMI ] *****

    No malicious keys found.


    ***** [ Shortcuts ] *****

    No infected shortcut found.


    ***** [ Scheduled Tasks ] *****

    No malicious task found.


    ***** [ Registry ] *****

    Key Found:  HKCU\Software\61a61365f9f06ddac731cd05b08b41f9
    Key Found:  HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
    Key Found:  HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
    Key Found:  HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
    Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
    Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}
    Key Found:  HKU\S-1-5-21-746890316-3883974028-3501740458-1000\Software\DriverUpdaterPro
    Key Found:  HKCU\Software\DriverUpdaterPro
    Key Found:  [x64] HKCU\Software\DriverUpdaterPro
    Value Found:  HKU\S-1-5-21-746890316-3883974028-3501740458-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [DUP]


    ***** [ Web browsers ] *****

    No malicious Firefox based browser items found.
    No malicious Chromium based browser items found.

    *************************

    C:\AdwCleaner\AdwCleaner[S0].txt - [1747 Bytes] - [18/06/2017 05:44:23]

    -------------------------------------------------------------------------------------------------------

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 6/18/17
    Scan Time: 1:10 PM
    Log File:
    Administrator: Yes

    -Software Information-
    Version: 3.1.2.1733
    Components Version: 1.0.141
    Update Package Version: 1.0.2177
    License: Trial

    -System Information-
    OS: Windows 10
    CPU: x64
    File System: NTFS
    User: Asus-PC\Asus

    -Scan Summary-
    Scan Type: Hyper Scan
    Result: Completed
    Objects Scanned: 2474
    Threats Detected: 0
    (No malicious items detected)
    Threats Quarantined: 0
    (No malicious items detected)
    Time Elapsed: 0 min, 45 sec

    -Scan Options-
    Memory: Enabled
    Startup: Disabled
    Filesystem: Disabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Disabled
    PUP: Enabled
    PUM: Enabled

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 0
    (No malicious items detected)

    Physical Sector: 0
    (No malicious items detected)


    (end)

    ------------------------------------------------------------------------------------------------------------

     Results of screen317's Security Check version 1.014 --- 12/23/15 
       x64 (UAC is enabled) 
     Internet Explorer 11 
    ``````````````Antivirus/Firewall Check:``````````````[/u]
     Windows Firewall Enabled! 
    Microsoft Security Essentials   
    Windows Defender               
    Malwarebytes                   
     Antivirus up to date! 
    `````````Anti-malware/Other Utilities Check:`````````[/u]
     Mozilla Firefox (49.0.2)
     Google Chrome (57.0.2987.133)
     Google Chrome (58.0.3029.110)
     Google Chrome (SetupMetrics...)
    ````````Process Check: objlist.exe by Laurent````````[/u] 
     Microsoft Security Essentials MSMpEng.exe
     Microsoft Security Essentials msseces.exe
     Malwarebytes Anti-Malware mbamservice.exe 
     Malwarebytes Anti-Malware mbam.exe 
     Malwarebytes Anti-Malware mbamtray.exe 
    `````````````````System Health check`````````````````[/u]
     Total Fragmentation on Drive C:  %
    ````````````````````End of Log``````````````````````[/u]



    SuperDave

    • Malware Removal Specialist


    • Genius
    • Thanked: 984
    • Certifications: List
    • Experience: Expert
    • OS: Windows 8
    Re: Windows 10 issues - Possible Registry Malware
    « Reply #1 on: June 18, 2017, 12:27:01 PM »
    Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

    1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
    2. The fixes are specific to your problem and should only be used for this issue on this machine.
    3. If you don't know or understand something, please don't hesitate to ask.
    4. Please DO NOT run any other tools or scans while I am helping you.
    5. It is important that you reply to this thread. Do not start a new topic.
    6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    7. Absence of symptoms does not mean that everything is clear.

    If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
    *************************************************************************
    Please run AdwCleaner again and hit the clean button.
    What happens when you try to install applications?

    *********************************************
    Please download Junkware Removal Tool to your desktop.

    Warning! Once the scan is complete JRT will shut down your browser with NO warning.

    Shut down your protection software now to avoid potential conflicts.

    •Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

    •Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

    •The tool will open and start scanning your system.

    •Please be patient as this can take a while to complete depending on your system's specifications.

    •On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

    •Copy and Paste the JRT.txt log into your next message.
    *************************************************
    To Run the SFC /SCANNOW Command in Windows 10
    Click All Apps, select Windows Systems and select Command Prompt

    2. To Scan and Repair System Files
    NOTE: Scans the integrity of all protected system files and repairs the system files if needed.
    A) In the elevated command prompt, type sfc /scannow and press Enter. (see screenshot below)
    NOTE: This may take some time to finish.



    If it finds corrupted files it will ask for the Windows 10 Media. Insert your USB stick

    B) Go to step 4.

    3. To Only Verify if the System Files are Corrupted
    NOTE: Scans and only verifies the integrity of all proteced system files only.
    A) In the elevated command prompt, type sfc /verifyonly and press Enter.

    4. When the scan is complete, hopefully you will see all is ok like the screenshot below.
    NOTE: If not, then you can attempt to run a System Restore using a restore point dated before the bad file occured to fix it. You may need to repeat doing a System Restore until you find a older restore point that may work.



    5. When done, close the elevated command prompt.
    Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

    IdolsBeNot

      Topic Starter


      Rookie

      • Experience: Familiar
      • OS: Windows 7
      Re: Windows 10 issues - Possible Registry Malware
      « Reply #2 on: June 18, 2017, 10:28:28 PM »
      Hello, Dave.

      Thank you for taking the time to assist me.

      I have ran ADWCleaner and cleaned everything out successfully.

      It seems that some programs will install now, so, that's no longer an issue in the smaller sense. Before, the exe would run but no installation.

      Here is the JRT log:

      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Junkware Removal Tool (JRT) by Malwarebytes
      Version: 8.1.3 (04.10.2017)
      Operating System: Windows 10 Pro x64
      Ran by Asus (Administrator) on Mon 06/19/2017 at  0:15:26.85
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




      File System: 9

      Successfully deleted: C:\ProgramData\esellerate (Folder)
      Successfully deleted: C:\Users\Asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\Asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\Asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
      Successfully deleted: C:\Users\Asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
      Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
      Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
      Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
      Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)



      Registry: 0





      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Scan was completed on Mon 06/19/2017 at  0:20:30.81
      End of JRT log
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

      As for SFC /SCANNOW, I was unable to run that as I saw "Windows Resource Protection could not start the repair service." I made sure I also opened Command Prompt in Admin mode.

      SuperDave

      • Malware Removal Specialist


      • Genius
      • Thanked: 984
      • Certifications: List
      • Experience: Expert
      • OS: Windows 8
      Re: Windows 10 issues - Possible Registry Malware
      « Reply #3 on: June 19, 2017, 12:46:42 PM »
      I'd like to scan your machine with ESET OnlineScan

      •Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan

      •Click the button.
      •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the icon on your desktop.
      •Check
      •Click the button.
      •Accept any security warnings from your browser.
      • Leave the check mark next to Remove found threats.
      •Check
      •Push the Start button.
      •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
      •When the scan completes, push
      •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      •Push the button.
      •Push
      A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
      Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

      IdolsBeNot

        Topic Starter


        Rookie

        • Experience: Familiar
        • OS: Windows 7
        Re: Windows 10 issues - Possible Registry Malware
        « Reply #4 on: June 20, 2017, 10:55:29 AM »
        ESET scan was completed, took almost 10 hours to do, but it left no log file for me to post. It did delete 4 items. However, I'm still unable to use Device Manager and such properties.

        SuperDave

        • Malware Removal Specialist


        • Genius
        • Thanked: 984
        • Certifications: List
        • Experience: Expert
        • OS: Windows 8
        Re: Windows 10 issues - Possible Registry Malware
        « Reply #5 on: June 20, 2017, 01:25:36 PM »
        What happens when you try to access Device Manager?
        Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

        IdolsBeNot

          Topic Starter


          Rookie

          • Experience: Familiar
          • OS: Windows 7
          Re: Windows 10 issues - Possible Registry Malware
          « Reply #6 on: June 20, 2017, 10:14:51 PM »
          When I try to open Device Manager, I get a pop up that says "Microsoft Management Console Unable to create new document"

          SuperDave

          • Malware Removal Specialist


          • Genius
          • Thanked: 984
          • Certifications: List
          • Experience: Expert
          • OS: Windows 8
          Re: Windows 10 issues - Possible Registry Malware
          « Reply #7 on: June 21, 2017, 12:41:26 PM »
          Please explain to me the method you're using to get into Device Manager.
          Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender