skullpatch
Members-
Posts
12 -
Joined
-
Last visited
Reputation
0 NeutralRecent Profile Visitors
The recent visitors block is disabled and is not being shown to other users.
-
Let the program run all night and it finally finished. here is the log. 2016-06-30 18:36:32.441 Sophos Virus Removal Tool version 2.5.5 2016-06-30 18:36:32.441 Copyright (c) 2009-2014 Sophos Limited. All rights reserved. 2016-06-30 18:36:32.442 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them. 2016-06-30 18:36:32.442 Windows version 6.2 SP 0.0 build 9200 SM=0x300 PT=0x1 WOW64 2016-06-30 18:36:32.443 Checking for updates... 2016-06-30 18:36:32.472 Update progress: proxy server not available 2016-06-30 18:36:50.520 Downloading updates... 2016-06-30 18:36:50.527 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0 2016-06-30 18:36:50.527 Update progress: [I49502] Found supplement SAVIW32 LATEST 2016-06-30 18:36:50.527 Update progress: [I49502] Found supplement IDE527 LATEST 2016-06-30 18:36:50.527 Update progress: [I49502] Found supplement IDE528 LATEST 2016-06-30 18:36:50.527 Update progress: [I49502] Found supplement IDE529 LATEST 2016-06-30 18:36:50.527 Update progress: [I49502] Found supplement IDE530 LATEST 2016-06-30 18:36:50.527 Update progress: [I49502] Found supplement IDE531 LATEST 2016-06-30 18:36:50.527 Update progress: [I49502] Found supplement IDE532 LATEST 2016-06-30 18:36:50.527 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1 2016-06-30 18:36:50.528 Update progress: [I19463] Syncing product SAVIW32 70 2016-06-30 18:36:58.506 Option all = no 2016-06-30 18:36:58.506 Option recurse = yes 2016-06-30 18:36:58.506 Option archive = no 2016-06-30 18:36:58.506 Option service = yes 2016-06-30 18:36:58.506 Option confirm = yes 2016-06-30 18:36:58.506 Option sxl = yes 2016-06-30 18:36:58.511 Option max-data-age = 35 2016-06-30 18:36:58.511 Option EnableSafeClean = yes 2016-06-30 18:37:12.389 Option vdl-logging = yes 2016-06-30 18:37:12.445 Customer ID: 094260ca9b3af99f9d4a3909fc47a743 2016-06-30 18:37:12.445 Machine ID: 8c3dd8824d724c109c41d9b4cb4e5974 2016-06-30 18:37:12.447 Component SVRTcli.exe version 2.5.5 2016-06-30 18:37:12.447 Component control.dll version 2.5.5 2016-06-30 18:37:12.447 Component SVRTservice.exe version 2.5.5 2016-06-30 18:37:12.447 Component engine\osdp.dll version 1.44.1.2250 2016-06-30 18:37:12.448 Component engine\veex.dll version 3.65.0.2250 2016-06-30 18:37:12.448 Component engine\savi.dll version 9.0.1.2250 2016-06-30 18:37:12.448 Component rkdisk.dll version 1.5.30.0 2016-06-30 18:37:12.448 Version info: Product version 2.5.5 2016-06-30 18:37:12.451 Version info: Detection engine 3.65.0 2016-06-30 18:37:12.451 Version info: Detection data 5.26 2016-06-30 18:37:12.451 Version info: Build date 4/5/2016 2016-06-30 18:37:12.451 Version info: Data files added 552 2016-06-30 18:37:12.451 Version info: Last successful update (not yet updated) 2016-06-30 18:37:19.937 Update progress: [I19463] Syncing product IDE527 142 2016-06-30 18:37:37.567 Installing updates... 2016-06-30 18:37:38.774 Error level 1 2016-06-30 18:37:38.825 Update progress: [I19463] Syncing product IDE528 127 2016-06-30 18:37:38.825 Update progress: [I19463] Syncing product IDE529 135 2016-06-30 18:37:38.825 Update progress: [I19463] Syncing product IDE530 154 2016-06-30 18:37:38.825 Update progress: [I19463] Syncing product IDE531 1 2016-06-30 18:37:38.825 Update progress: [I19463] Syncing product IDE532 1 2016-06-30 18:38:06.512 Update successful 2016-06-30 18:38:44.341 Option all = no 2016-06-30 18:38:44.342 Option recurse = yes 2016-06-30 18:38:44.342 Option archive = no 2016-06-30 18:38:44.342 Option service = yes 2016-06-30 18:38:44.342 Option confirm = yes 2016-06-30 18:38:44.342 Option sxl = yes 2016-06-30 18:38:44.346 Option max-data-age = 35 2016-06-30 18:38:44.346 Option EnableSafeClean = yes 2016-06-30 18:38:44.826 Option vdl-logging = yes 2016-06-30 18:38:44.850 Customer ID: 094260ca9b3af99f9d4a3909fc47a743 2016-06-30 18:38:44.850 Machine ID: 8c3dd8824d724c109c41d9b4cb4e5974 2016-06-30 18:38:44.851 Component SVRTcli.exe version 2.5.5 2016-06-30 18:38:44.852 Component control.dll version 2.5.5 2016-06-30 18:38:44.852 Component SVRTservice.exe version 2.5.5 2016-06-30 18:38:44.852 Component engine\osdp.dll version 1.44.1.2250 2016-06-30 18:38:44.852 Component engine\veex.dll version 3.65.0.2250 2016-06-30 18:38:44.853 Component engine\savi.dll version 9.0.1.2250 2016-06-30 18:38:44.853 Component rkdisk.dll version 1.5.30.0 2016-06-30 18:38:44.853 Version info: Product version 2.5.5 2016-06-30 18:38:44.856 Version info: Detection engine 3.65.0 2016-06-30 18:38:44.856 Version info: Detection data 5.26 2016-06-30 18:38:44.856 Version info: Build date 4/5/2016 2016-06-30 18:38:44.856 Version info: Data files added 552 2016-06-30 18:38:44.856 Version info: Last successful update 6/30/2016 2:38:06 PM 2016-07-01 00:44:29.591 Could not open C:\hiberfil.sys 2016-07-01 00:44:37.434 Could not open C:\pagefile.sys 2016-07-01 01:47:28.258 Could not open C:\swapfile.sys 2016-07-01 01:47:29.882 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} 2016-07-01 01:47:29.882 Could not open C:\System Volume Information\{4b88cab5-3c93-11e6-beb2-342387401e5c}{3808876b-c176-4e48-b7ae-04046e6cc752} 2016-07-01 01:47:29.882 Could not open C:\System Volume Information\{4b88cabe-3c93-11e6-beb2-342387401e5c}{3808876b-c176-4e48-b7ae-04046e6cc752} 2016-07-01 01:47:29.882 Could not open C:\System Volume Information\{a628a507-3eca-11e6-beb2-342387401e5c}{3808876b-c176-4e48-b7ae-04046e6cc752} 2016-07-01 01:47:29.897 Could not open C:\System Volume Information\{bcad4bbe-3eef-11e6-beb4-342387401e5c}{3808876b-c176-4e48-b7ae-04046e6cc752} 2016-07-01 01:50:15.430 Could not open C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Current Session 2016-07-01 01:50:15.431 Could not open C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Current Tabs 2016-07-01 02:27:57.871 >>> Virus 'Mal/Generic-S' found in file C:\Users\Alex\Downloads\Monster Hunter\ASS\Athenas ASS MH4U 1.10b\Athena's ASS MH4U 1.10b\Athena's ASS MH4U 1.10b.exe 2016-07-01 06:11:42.645 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb 2016-07-01 06:11:42.645 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb 2016-07-01 06:11:54.129 Could not open C:\Windows\System32\config\BBI 2016-07-01 06:11:54.677 Could not open C:\Windows\System32\config\RegBack\DEFAULT 2016-07-01 06:11:54.708 Could not open C:\Windows\System32\config\RegBack\SAM 2016-07-01 06:11:54.740 Could not open C:\Windows\System32\config\RegBack\SECURITY 2016-07-01 06:11:54.755 Could not open C:\Windows\System32\config\RegBack\SOFTWARE 2016-07-01 06:11:54.755 Could not open C:\Windows\System32\config\RegBack\SYSTEM 2016-07-01 07:03:04.850 The following items will be cleaned up: 2016-07-01 07:03:04.850 Mal/Generic-S 2016-07-01 13:54:59.375 Threat 'Mal/Generic-S' has been cleaned up. 2016-07-01 13:54:59.391 File "C:\Users\Alex\Downloads\Monster Hunter\ASS\Athenas ASS MH4U 1.10b\Athena's ASS MH4U 1.10b\Athena's ASS MH4U 1.10b.exe" belongs to malware 'Mal/Generic-S'. 2016-07-01 13:54:59.391 File "C:\Users\Alex\Downloads\Monster Hunter\ASS\Athenas ASS MH4U 1.10b\Athena's ASS MH4U 1.10b\Athena's ASS MH4U 1.10b.exe" has been cleaned up. 2016-07-01 13:54:59.391 Removal successful 2016-07-01 13:54:59.500 Contents of SafeClean bin directory: 2016-07-01 13:54:59.516 { 2016-07-01 13:54:59.516 RecordID : "0000000000000001", 2016-07-01 13:54:59.516 ItemType : "1", 2016-07-01 13:54:59.516 Location : "C:\Users\Alex\Downloads\Monster Hunter\ASS\Athenas ASS MH4U 1.10b\Athena's ASS MH4U 1.10b\", 2016-07-01 13:54:59.516 FileName : "Athena's ASS MH4U 1.10b.exe", 2016-07-01 13:54:59.516 ThreatName : "Mal/Generic-S", 2016-07-01 13:54:59.516 Checksum : "c81cc66257564d133e35f57a74e04675f61077456f9393cf70d0fcc13e7e5757", 2016-07-01 13:54:59.516 TimeStamp : "Fri Jul 01 09:54:50 2016" 2016-07-01 13:54:59.516 } 2016-07-01 13:55:00.328 Error level 0 The "Malware" it found is just a false negative. The file is just a harmless search tool.
-
I see, my mistake Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 6/30/2016 Scan Time: 1:05 PM Logfile: Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.06.30.09 Rootkit Database: v2016.05.27.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: Alex Scan Type: Threat Scan Result: Completed Objects Scanned: 344704 Time Elapsed: 41 min, 45 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
-
Sorry for taking so long to reply. It seems the sophos scan is going to take a while so I'll copy and paste the results when the process is complete. Attached the fixit log as per instructions Fix result of Farbar Recovery Scan Tool (x64) Version: 29-06-2016 Ran by Alex (2016-06-30 12:22:42) Run:1 Running from C:\Users\Alex\Desktop Loaded Profiles: Alex (Available Profiles: Alex & alex_000) Boot Mode: Normal ============================================== fixlist content: ***************** Start CreateRestorePoint: CloseProcesses: BootExecute: autocheck autochk /m /P \Device\HarddiskVolume9autocheck autochk * ProxyEnable: [S-1-5-21-107058814-2551184098-3884761247-1002] => Proxy is enabled. C:\Windows\Tasks\{5F35F8A8-7B19-9BA1-EC80-416490E6C1CB}.job C:\Users\Alex\AppData\Local\Temp\131099290231409562.exe C:\Users\Alex\AppData\Local\Temp\131099290778443727.exe C:\Users\Alex\AppData\Local\Temp\131115340301685216.exe C:\Users\Alex\AppData\Local\Temp\AAMHelper.exe C:\Users\Alex\AppData\Local\Temp\AdobeApplicationManager.exe C:\Users\Alex\AppData\Local\Temp\AstebreedTrial_up1_12.exe C:\Users\Alex\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprbvvtc.dll C:\Users\Alex\AppData\Local\Temp\HONEYVIEW-SETUP.EXE C:\Users\Alex\AppData\Local\Temp\i4jdel0.exe C:\Users\Alex\AppData\Local\Temp\mirc734.exe C:\Users\Alex\AppData\Local\Temp\ose00001.exe C:\Users\Alex\AppData\Local\Temp\proxy_vole6585020922986589137.dll C:\Users\Alex\AppData\Local\Temp\proxy_vole805607060818253200.dll C:\Users\Alex\AppData\Local\Temp\SkypeSetup.exe C:\Users\Alex\AppData\Local\Temp\xmlUpdater.exe Task: {0A828B18-79CD-4B7D-B034-7EA62FEF935A} - System32\Tasks\{5F35F8A8-7B19-9BA1-EC80-416490E6C1CB} => C:\Users\Alex\AppData\Local\{3CBE0~1\UNINST~1.EXE [2013-04-29] () <==== ATTENTION C:\Users\Alex\AppData\Local\{3CBE0~1 Task: {8ADCC82A-9D17-4263-B69F-C7BCFC271F72} - \AutoKMS -> No File <==== ATTENTION Task: C:\WINDOWS\Tasks\{5F35F8A8-7B19-9BA1-EC80-416490E6C1CB}.job => C:\Users\Alex\AppData\Local\{3CBE0~1\UNINST~1.EXE <==== ATTENTION AlternateDataStreams: C:\Users\Alex\Documents\EXCEL MANA PROJECT.xlsx:com.dropbox.attributes [168] RemoveProxy: CMD: ipconfig /flushdns EmptyTemp: end ***************** Restore point was successfully created. Processes closed successfully. hklm\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully HKU\S-1-5-21-107058814-2551184098-3884761247-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully C:\Windows\Tasks\{5F35F8A8-7B19-9BA1-EC80-416490E6C1CB}.job => moved successfully C:\Users\Alex\AppData\Local\Temp\131099290231409562.exe => moved successfully C:\Users\Alex\AppData\Local\Temp\131099290778443727.exe => moved successfully C:\Users\Alex\AppData\Local\Temp\131115340301685216.exe => moved successfully C:\Users\Alex\AppData\Local\Temp\AAMHelper.exe => moved successfully C:\Users\Alex\AppData\Local\Temp\AdobeApplicationManager.exe => moved successfully C:\Users\Alex\AppData\Local\Temp\AstebreedTrial_up1_12.exe => moved successfully C:\Users\Alex\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprbvvtc.dll => moved successfully C:\Users\Alex\AppData\Local\Temp\HONEYVIEW-SETUP.EXE => moved successfully C:\Users\Alex\AppData\Local\Temp\i4jdel0.exe => moved successfully C:\Users\Alex\AppData\Local\Temp\mirc734.exe => moved successfully C:\Users\Alex\AppData\Local\Temp\ose00001.exe => moved successfully C:\Users\Alex\AppData\Local\Temp\proxy_vole6585020922986589137.dll => moved successfully C:\Users\Alex\AppData\Local\Temp\proxy_vole805607060818253200.dll => moved successfully C:\Users\Alex\AppData\Local\Temp\SkypeSetup.exe => moved successfully C:\Users\Alex\AppData\Local\Temp\xmlUpdater.exe => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0A828B18-79CD-4B7D-B034-7EA62FEF935A}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A828B18-79CD-4B7D-B034-7EA62FEF935A}" => key removed successfully C:\WINDOWS\System32\Tasks\{5F35F8A8-7B19-9BA1-EC80-416490E6C1CB} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5F35F8A8-7B19-9BA1-EC80-416490E6C1CB}" => key removed successfully C:\Users\Alex\AppData\Local\{3CBE0~1 => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{8ADCC82A-9D17-4263-B69F-C7BCFC271F72}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8ADCC82A-9D17-4263-B69F-C7BCFC271F72}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => key removed successfully C:\WINDOWS\Tasks\{5F35F8A8-7B19-9BA1-EC80-416490E6C1CB}.job => not found. C:\Users\Alex\Documents\EXCEL MANA PROJECT.xlsx => ":com.dropbox.attributes" ADS removed successfully. ========= RemoveProxy: ========= HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully HKU\S-1-5-21-107058814-2551184098-3884761247-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\S-1-5-21-107058814-2551184098-3884761247-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully ========= End of RemoveProxy: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6111554 B Java, Flash, Steam htmlcache => 58680345 B Windows/system/drivers => 519178149 B Edge => 0 B Chrome => 844447682 B Firefox => 381391676 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 258346 B systemprofile32 => 128 B LocalService => 12400 B NetworkService => 5586022 B Alex => 7731083624 B alex_000 => 43332064 B RecycleBin => 1062871441 B EmptyTemp: => 9.9 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 12:36:02 ==== Here is the exported results from the Malware byte scan Malwarebytes Anti-Malware www.malwarebytes.org Update, 6/30/2016 6:01 AM, SYSTEM, WINDOWS-8JNJDSM, Manual, Remediation Database, 2016.6.16.1, 2016.6.29.1, Update, 6/30/2016 6:01 AM, SYSTEM, WINDOWS-8JNJDSM, Manual, Domain Database, 2016.6.20.7, 2016.6.30.1, Update, 6/30/2016 6:01 AM, SYSTEM, WINDOWS-8JNJDSM, Manual, IP Database, 2016.6.20.1, 2016.6.29.2, Update, 6/30/2016 6:01 AM, SYSTEM, WINDOWS-8JNJDSM, Manual, Malware Database, 2016.6.20.7, 2016.6.30.5, Protection, 6/30/2016 6:01 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting, Protection, 6/30/2016 6:01 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success, Scan, 6/30/2016 7:02 AM, SYSTEM, WINDOWS-8JNJDSM, Manual, Start:6/30/2016 6:01 AM, Duration:1 hr 0 min 40 sec, Threat Scan, Cancelled, 0 Malware Detections, 1 Non-Malware Detection, Protection, 6/30/2016 7:10 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malware Protection, Starting, Protection, 6/30/2016 7:10 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, Protection, 6/30/2016 7:10 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malware Protection, Started, Protection, 6/30/2016 7:12 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, Scan, 6/30/2016 7:16 AM, SYSTEM, WINDOWS-8JNJDSM, Manual, Start:6/30/2016 7:06 AM, Duration:9 min 59 sec, Custom Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, Update, 6/30/2016 7:33 AM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Malware Database, 2016.6.30.5, 2016.6.30.6, Protection, 6/30/2016 7:33 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting, Protection, 6/30/2016 7:33 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopping, Protection, 6/30/2016 7:33 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopped, Protection, 6/30/2016 7:41 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success, Protection, 6/30/2016 7:41 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, Protection, 6/30/2016 7:41 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, Scan, 6/30/2016 7:44 AM, SYSTEM, WINDOWS-8JNJDSM, Manual, Start:6/30/2016 7:21 AM, Duration:22 min 31 sec, Custom Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, Update, 6/30/2016 8:41 AM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, IP Database, 2016.6.29.2, 2016.6.30.1, Update, 6/30/2016 8:41 AM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Domain Database, 2016.6.30.1, 2016.6.30.2, Update, 6/30/2016 8:41 AM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Malware Database, 2016.6.30.6, 2016.6.30.7, Protection, 6/30/2016 8:41 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting, Protection, 6/30/2016 8:41 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopping, Protection, 6/30/2016 8:41 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopped, Protection, 6/30/2016 8:57 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success, Protection, 6/30/2016 8:57 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, Protection, 6/30/2016 8:57 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, Scan, 6/30/2016 9:08 AM, SYSTEM, WINDOWS-8JNJDSM, Manual, Start:6/30/2016 7:44 AM, Duration:1 hr 24 min 17 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, Update, 6/30/2016 9:32 AM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, IP Database, 2016.6.30.1, 2016.6.30.2, Update, 6/30/2016 9:32 AM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Domain Database, 2016.6.30.2, 2016.6.30.3, Protection, 6/30/2016 9:32 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting, Protection, 6/30/2016 9:32 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopping, Protection, 6/30/2016 9:32 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopped, Protection, 6/30/2016 9:32 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success, Protection, 6/30/2016 9:32 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, Protection, 6/30/2016 9:32 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, Update, 6/30/2016 10:14 AM, SYSTEM, WINDOWS-8JNJDSM, Manual, Malware Database, 2016.6.30.7, 2016.6.30.8, Protection, 6/30/2016 10:14 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting, Protection, 6/30/2016 10:14 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopping, Protection, 6/30/2016 10:14 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopped, Protection, 6/30/2016 10:19 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success, Protection, 6/30/2016 10:19 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, Protection, 6/30/2016 10:19 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, Update, 6/30/2016 10:37 AM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Domain Database, 2016.6.30.3, 2016.6.30.4, Protection, 6/30/2016 10:37 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting, Protection, 6/30/2016 10:37 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopping, Protection, 6/30/2016 10:37 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopped, Protection, 6/30/2016 10:38 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success, Protection, 6/30/2016 10:38 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, Protection, 6/30/2016 10:39 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, Update, 6/30/2016 11:27 AM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Domain Database, 2016.6.30.4, 2016.6.30.6, Protection, 6/30/2016 11:27 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting, Protection, 6/30/2016 11:27 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopping, Protection, 6/30/2016 11:27 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopped, Update, 6/30/2016 11:31 AM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Malware Database, 2016.6.30.8, 2016.6.30.9, Protection, 6/30/2016 11:37 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success, Protection, 6/30/2016 11:37 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, Protection, 6/30/2016 11:37 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting, Protection, 6/30/2016 11:37 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, Protection, 6/30/2016 11:37 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopping, Protection, 6/30/2016 11:37 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopped, Protection, 6/30/2016 11:38 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success, Protection, 6/30/2016 11:38 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, Protection, 6/30/2016 11:38 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, Scan, 6/30/2016 11:46 AM, SYSTEM, WINDOWS-8JNJDSM, Manual, Start:6/30/2016 10:14 AM, Duration:1 hr 31 min 34 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, Protection, 6/30/2016 12:28 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malware Protection, Starting, Protection, 6/30/2016 12:28 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malware Protection, Started, Protection, 6/30/2016 12:28 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, Protection, 6/30/2016 12:28 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, Update, 6/30/2016 12:39 PM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Domain Database, 2016.6.30.6, 2016.6.30.7, Protection, 6/30/2016 12:39 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting, Protection, 6/30/2016 12:39 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopping, Protection, 6/30/2016 12:39 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopped, Protection, 6/30/2016 12:39 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success, Protection, 6/30/2016 12:39 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, Protection, 6/30/2016 12:39 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, Protection, 6/30/2016 12:58 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malware Protection, Starting, Protection, 6/30/2016 12:58 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malware Protection, Started, Protection, 6/30/2016 12:58 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, Protection, 6/30/2016 12:58 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, Update, 6/30/2016 1:36 PM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Malware Database, 2016.6.30.9, 2016.6.30.10, Protection, 6/30/2016 1:36 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting, Protection, 6/30/2016 1:36 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopping, Protection, 6/30/2016 1:36 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopped, Protection, 6/30/2016 1:41 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success, Protection, 6/30/2016 1:41 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, Protection, 6/30/2016 1:41 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, Scan, 6/30/2016 1:47 PM, SYSTEM, WINDOWS-8JNJDSM, Manual, Start:6/30/2016 1:05 PM, Duration:41 min 45 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, Protection, 6/30/2016 2:24 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malware Protection, Starting, Protection, 6/30/2016 2:24 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malware Protection, Started, Protection, 6/30/2016 2:24 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, Protection, 6/30/2016 2:24 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, Update, 6/30/2016 4:35 PM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Domain Database, 2016.6.30.7, 2016.6.30.8, Update, 6/30/2016 4:35 PM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Malware Database, 2016.6.30.10, 2016.6.30.11, Protection, 6/30/2016 4:35 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting, Protection, 6/30/2016 4:35 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopping, Protection, 6/30/2016 4:35 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopped, Protection, 6/30/2016 4:41 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success, Protection, 6/30/2016 4:41 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting, Protection, 6/30/2016 4:41 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started, (end) And here is the AdwCleaner(C*)-Notepad log # AdwCleaner v5.200 - Logfile created 30/06/2016 at 14:22:07 # Updated 14/06/2016 by ToolsLib # Database : 2016-06-30.2 [Server] # Operating system : Windows 8.1 (X64) # Username : Alex - WINDOWS-8JNJDSM # Running from : C:\Users\Alex\Desktop\AdwCleaner.exe # Option : Clean # Support : https://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder Deleted : C:\Users\Alex\AppData\Local\jZip ***** [ Files ] ***** [-] File Deleted : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\bald2n12.default\searchplugins\Search Provided by Bing.xml ***** [ DLLs ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** [-] Value Deleted : HKLM\SOFTWARE\RegisteredApplications [jZip] [-] Key Deleted : HKCU\Software\jZip ***** [ Web browsers ] ***** [-] [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bahkljhhdeciiaodlkppoonappfnheoi [-] [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxps://search.yahoo.com/?type=903578&fr=spigot-yhp-ch ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [1305 bytes] - [30/06/2016 14:22:07] C:\AdwCleaner\AdwCleaner[S1].txt - [1409 bytes] - [30/06/2016 14:13:18] ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1451 bytes] ########## Some time before you posted your instructions I used task manager to close the pop up because at that point it became impossible to type up responses. After the multiple reboots I have yet to see it reapear Fixlog.txt AdwCleaner[C1].txt
-
I have an very annoying window popping up on my computer asking me to update yahoo and install chromium. I ran malware byte but the scan results show nothing. using task manager I found the program running from a folder called syswow64 purchased the full version of malware byte and did a custom scan on that specific location and still nothing was found. I followed the I'm infected guide on this forum and made the post you see now. Please help as soon as possible the window won't stop appearing over everything i do and it makes it extremely difficult to do anything (it's popping up as i type this message out). Addition.txt FRST.txt