skullpatch
-
Posts
12 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by skullpatch
-
-
-
Let the program run all night and it finally finished.
here is the log.
2016-06-30 18:36:32.441 Sophos Virus Removal Tool version 2.5.5
2016-06-30 18:36:32.441 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.2016-06-30 18:36:32.442 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
2016-06-30 18:36:32.442 Windows version 6.2 SP 0.0 build 9200 SM=0x300 PT=0x1 WOW64
2016-06-30 18:36:32.443 Checking for updates...
2016-06-30 18:36:32.472 Update progress: proxy server not available
2016-06-30 18:36:50.520 Downloading updates...
2016-06-30 18:36:50.527 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2016-06-30 18:36:50.527 Update progress: [I49502] Found supplement SAVIW32 LATEST
2016-06-30 18:36:50.527 Update progress: [I49502] Found supplement IDE527 LATEST
2016-06-30 18:36:50.527 Update progress: [I49502] Found supplement IDE528 LATEST
2016-06-30 18:36:50.527 Update progress: [I49502] Found supplement IDE529 LATEST
2016-06-30 18:36:50.527 Update progress: [I49502] Found supplement IDE530 LATEST
2016-06-30 18:36:50.527 Update progress: [I49502] Found supplement IDE531 LATEST
2016-06-30 18:36:50.527 Update progress: [I49502] Found supplement IDE532 LATEST
2016-06-30 18:36:50.527 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2016-06-30 18:36:50.528 Update progress: [I19463] Syncing product SAVIW32 70
2016-06-30 18:36:58.506 Option all = no
2016-06-30 18:36:58.506 Option recurse = yes
2016-06-30 18:36:58.506 Option archive = no
2016-06-30 18:36:58.506 Option service = yes
2016-06-30 18:36:58.506 Option confirm = yes
2016-06-30 18:36:58.506 Option sxl = yes
2016-06-30 18:36:58.511 Option max-data-age = 35
2016-06-30 18:36:58.511 Option EnableSafeClean = yes
2016-06-30 18:37:12.389 Option vdl-logging = yes
2016-06-30 18:37:12.445 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2016-06-30 18:37:12.445 Machine ID: 8c3dd8824d724c109c41d9b4cb4e5974
2016-06-30 18:37:12.447 Component SVRTcli.exe version 2.5.5
2016-06-30 18:37:12.447 Component control.dll version 2.5.5
2016-06-30 18:37:12.447 Component SVRTservice.exe version 2.5.5
2016-06-30 18:37:12.447 Component engine\osdp.dll version 1.44.1.2250
2016-06-30 18:37:12.448 Component engine\veex.dll version 3.65.0.2250
2016-06-30 18:37:12.448 Component engine\savi.dll version 9.0.1.2250
2016-06-30 18:37:12.448 Component rkdisk.dll version 1.5.30.0
2016-06-30 18:37:12.448 Version info: Product version 2.5.5
2016-06-30 18:37:12.451 Version info: Detection engine 3.65.0
2016-06-30 18:37:12.451 Version info: Detection data 5.26
2016-06-30 18:37:12.451 Version info: Build date 4/5/2016
2016-06-30 18:37:12.451 Version info: Data files added 552
2016-06-30 18:37:12.451 Version info: Last successful update (not yet updated)
2016-06-30 18:37:19.937 Update progress: [I19463] Syncing product IDE527 142
2016-06-30 18:37:37.567 Installing updates...
2016-06-30 18:37:38.774 Error level 1
2016-06-30 18:37:38.825 Update progress: [I19463] Syncing product IDE528 127
2016-06-30 18:37:38.825 Update progress: [I19463] Syncing product IDE529 135
2016-06-30 18:37:38.825 Update progress: [I19463] Syncing product IDE530 154
2016-06-30 18:37:38.825 Update progress: [I19463] Syncing product IDE531 1
2016-06-30 18:37:38.825 Update progress: [I19463] Syncing product IDE532 1
2016-06-30 18:38:06.512 Update successful
2016-06-30 18:38:44.341 Option all = no
2016-06-30 18:38:44.342 Option recurse = yes
2016-06-30 18:38:44.342 Option archive = no
2016-06-30 18:38:44.342 Option service = yes
2016-06-30 18:38:44.342 Option confirm = yes
2016-06-30 18:38:44.342 Option sxl = yes
2016-06-30 18:38:44.346 Option max-data-age = 35
2016-06-30 18:38:44.346 Option EnableSafeClean = yes
2016-06-30 18:38:44.826 Option vdl-logging = yes
2016-06-30 18:38:44.850 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2016-06-30 18:38:44.850 Machine ID: 8c3dd8824d724c109c41d9b4cb4e5974
2016-06-30 18:38:44.851 Component SVRTcli.exe version 2.5.5
2016-06-30 18:38:44.852 Component control.dll version 2.5.5
2016-06-30 18:38:44.852 Component SVRTservice.exe version 2.5.5
2016-06-30 18:38:44.852 Component engine\osdp.dll version 1.44.1.2250
2016-06-30 18:38:44.852 Component engine\veex.dll version 3.65.0.2250
2016-06-30 18:38:44.853 Component engine\savi.dll version 9.0.1.2250
2016-06-30 18:38:44.853 Component rkdisk.dll version 1.5.30.0
2016-06-30 18:38:44.853 Version info: Product version 2.5.5
2016-06-30 18:38:44.856 Version info: Detection engine 3.65.0
2016-06-30 18:38:44.856 Version info: Detection data 5.26
2016-06-30 18:38:44.856 Version info: Build date 4/5/2016
2016-06-30 18:38:44.856 Version info: Data files added 552
2016-06-30 18:38:44.856 Version info: Last successful update 6/30/2016 2:38:06 PM2016-07-01 00:44:29.591 Could not open C:\hiberfil.sys
2016-07-01 00:44:37.434 Could not open C:\pagefile.sys
2016-07-01 01:47:28.258 Could not open C:\swapfile.sys
2016-07-01 01:47:29.882 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-07-01 01:47:29.882 Could not open C:\System Volume Information\{4b88cab5-3c93-11e6-beb2-342387401e5c}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-07-01 01:47:29.882 Could not open C:\System Volume Information\{4b88cabe-3c93-11e6-beb2-342387401e5c}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-07-01 01:47:29.882 Could not open C:\System Volume Information\{a628a507-3eca-11e6-beb2-342387401e5c}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-07-01 01:47:29.897 Could not open C:\System Volume Information\{bcad4bbe-3eef-11e6-beb4-342387401e5c}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-07-01 01:50:15.430 Could not open C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Current Session
2016-07-01 01:50:15.431 Could not open C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
2016-07-01 02:27:57.871 >>> Virus 'Mal/Generic-S' found in file C:\Users\Alex\Downloads\Monster Hunter\ASS\Athenas ASS MH4U 1.10b\Athena's ASS MH4U 1.10b\Athena's ASS MH4U 1.10b.exe
2016-07-01 06:11:42.645 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2016-07-01 06:11:42.645 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2016-07-01 06:11:54.129 Could not open C:\Windows\System32\config\BBI
2016-07-01 06:11:54.677 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2016-07-01 06:11:54.708 Could not open C:\Windows\System32\config\RegBack\SAM
2016-07-01 06:11:54.740 Could not open C:\Windows\System32\config\RegBack\SECURITY
2016-07-01 06:11:54.755 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2016-07-01 06:11:54.755 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2016-07-01 07:03:04.850 The following items will be cleaned up:
2016-07-01 07:03:04.850 Mal/Generic-S
2016-07-01 13:54:59.375 Threat 'Mal/Generic-S' has been cleaned up.
2016-07-01 13:54:59.391 File "C:\Users\Alex\Downloads\Monster Hunter\ASS\Athenas ASS MH4U 1.10b\Athena's ASS MH4U 1.10b\Athena's ASS MH4U 1.10b.exe" belongs to malware 'Mal/Generic-S'.
2016-07-01 13:54:59.391 File "C:\Users\Alex\Downloads\Monster Hunter\ASS\Athenas ASS MH4U 1.10b\Athena's ASS MH4U 1.10b\Athena's ASS MH4U 1.10b.exe" has been cleaned up.
2016-07-01 13:54:59.391 Removal successful
2016-07-01 13:54:59.500 Contents of SafeClean bin directory:
2016-07-01 13:54:59.516 {
2016-07-01 13:54:59.516 RecordID : "0000000000000001",
2016-07-01 13:54:59.516 ItemType : "1",
2016-07-01 13:54:59.516 Location : "C:\Users\Alex\Downloads\Monster Hunter\ASS\Athenas ASS MH4U 1.10b\Athena's ASS MH4U 1.10b\",
2016-07-01 13:54:59.516 FileName : "Athena's ASS MH4U 1.10b.exe",
2016-07-01 13:54:59.516 ThreatName : "Mal/Generic-S",
2016-07-01 13:54:59.516 Checksum : "c81cc66257564d133e35f57a74e04675f61077456f9393cf70d0fcc13e7e5757",
2016-07-01 13:54:59.516 TimeStamp : "Fri Jul 01 09:54:50 2016"
2016-07-01 13:54:59.516 }
2016-07-01 13:55:00.328 Error level 0
The "Malware" it found is just a false negative. The file is just a harmless search tool.
-
I see, my mistake
Malwarebytes Anti-Malware
www.malwarebytes.orgScan Date: 6/30/2016
Scan Time: 1:05 PM
Logfile:
Administrator: YesVersion: 2.2.1.1043
Malware Database: v2016.06.30.09
Rootkit Database: v2016.05.27.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: DisabledOS: Windows 8.1
CPU: x64
File System: NTFS
User: AlexScan Type: Threat Scan
Result: Completed
Objects Scanned: 344704
Time Elapsed: 41 min, 45 secMemory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: EnabledProcesses: 0
(No malicious items detected)Modules: 0
(No malicious items detected)Registry Keys: 0
(No malicious items detected)Registry Values: 0
(No malicious items detected)Registry Data: 0
(No malicious items detected)Folders: 0
(No malicious items detected)Files: 0
(No malicious items detected)Physical Sectors: 0
(No malicious items detected)
(end) -
Sorry for taking so long to reply. It seems the sophos scan is going to take a while so I'll copy and paste the results when the process is complete.
Attached the fixit log as per instructions
Fix result of Farbar Recovery Scan Tool (x64) Version: 29-06-2016
Ran by Alex (2016-06-30 12:22:42) Run:1
Running from C:\Users\Alex\Desktop
Loaded Profiles: Alex (Available Profiles: Alex & alex_000)
Boot Mode: Normal
==============================================fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
BootExecute: autocheck autochk /m /P \Device\HarddiskVolume9autocheck autochk *
ProxyEnable: [S-1-5-21-107058814-2551184098-3884761247-1002] => Proxy is enabled.
C:\Windows\Tasks\{5F35F8A8-7B19-9BA1-EC80-416490E6C1CB}.job
C:\Users\Alex\AppData\Local\Temp\131099290231409562.exe
C:\Users\Alex\AppData\Local\Temp\131099290778443727.exe
C:\Users\Alex\AppData\Local\Temp\131115340301685216.exe
C:\Users\Alex\AppData\Local\Temp\AAMHelper.exe
C:\Users\Alex\AppData\Local\Temp\AdobeApplicationManager.exe
C:\Users\Alex\AppData\Local\Temp\AstebreedTrial_up1_12.exe
C:\Users\Alex\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprbvvtc.dll
C:\Users\Alex\AppData\Local\Temp\HONEYVIEW-SETUP.EXE
C:\Users\Alex\AppData\Local\Temp\i4jdel0.exe
C:\Users\Alex\AppData\Local\Temp\mirc734.exe
C:\Users\Alex\AppData\Local\Temp\ose00001.exe
C:\Users\Alex\AppData\Local\Temp\proxy_vole6585020922986589137.dll
C:\Users\Alex\AppData\Local\Temp\proxy_vole805607060818253200.dll
C:\Users\Alex\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Alex\AppData\Local\Temp\xmlUpdater.exe
Task: {0A828B18-79CD-4B7D-B034-7EA62FEF935A} - System32\Tasks\{5F35F8A8-7B19-9BA1-EC80-416490E6C1CB} => C:\Users\Alex\AppData\Local\{3CBE0~1\UNINST~1.EXE [2013-04-29] () <==== ATTENTION
C:\Users\Alex\AppData\Local\{3CBE0~1
Task: {8ADCC82A-9D17-4263-B69F-C7BCFC271F72} - \AutoKMS -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\{5F35F8A8-7B19-9BA1-EC80-416490E6C1CB}.job => C:\Users\Alex\AppData\Local\{3CBE0~1\UNINST~1.EXE <==== ATTENTION
AlternateDataStreams: C:\Users\Alex\Documents\EXCEL MANA PROJECT.xlsx:com.dropbox.attributes [168]
RemoveProxy:
CMD: ipconfig /flushdns
EmptyTemp:
end*****************
Restore point was successfully created.
Processes closed successfully.
hklm\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
HKU\S-1-5-21-107058814-2551184098-3884761247-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
C:\Windows\Tasks\{5F35F8A8-7B19-9BA1-EC80-416490E6C1CB}.job => moved successfully
C:\Users\Alex\AppData\Local\Temp\131099290231409562.exe => moved successfully
C:\Users\Alex\AppData\Local\Temp\131099290778443727.exe => moved successfully
C:\Users\Alex\AppData\Local\Temp\131115340301685216.exe => moved successfully
C:\Users\Alex\AppData\Local\Temp\AAMHelper.exe => moved successfully
C:\Users\Alex\AppData\Local\Temp\AdobeApplicationManager.exe => moved successfully
C:\Users\Alex\AppData\Local\Temp\AstebreedTrial_up1_12.exe => moved successfully
C:\Users\Alex\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprbvvtc.dll => moved successfully
C:\Users\Alex\AppData\Local\Temp\HONEYVIEW-SETUP.EXE => moved successfully
C:\Users\Alex\AppData\Local\Temp\i4jdel0.exe => moved successfully
C:\Users\Alex\AppData\Local\Temp\mirc734.exe => moved successfully
C:\Users\Alex\AppData\Local\Temp\ose00001.exe => moved successfully
C:\Users\Alex\AppData\Local\Temp\proxy_vole6585020922986589137.dll => moved successfully
C:\Users\Alex\AppData\Local\Temp\proxy_vole805607060818253200.dll => moved successfully
C:\Users\Alex\AppData\Local\Temp\SkypeSetup.exe => moved successfully
C:\Users\Alex\AppData\Local\Temp\xmlUpdater.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0A828B18-79CD-4B7D-B034-7EA62FEF935A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A828B18-79CD-4B7D-B034-7EA62FEF935A}" => key removed successfully
C:\WINDOWS\System32\Tasks\{5F35F8A8-7B19-9BA1-EC80-416490E6C1CB} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5F35F8A8-7B19-9BA1-EC80-416490E6C1CB}" => key removed successfully
C:\Users\Alex\AppData\Local\{3CBE0~1 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{8ADCC82A-9D17-4263-B69F-C7BCFC271F72}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8ADCC82A-9D17-4263-B69F-C7BCFC271F72}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => key removed successfully
C:\WINDOWS\Tasks\{5F35F8A8-7B19-9BA1-EC80-416490E6C1CB}.job => not found.
C:\Users\Alex\Documents\EXCEL MANA PROJECT.xlsx => ":com.dropbox.attributes" ADS removed successfully.========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-107058814-2551184098-3884761247-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-107058814-2551184098-3884761247-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
========= End of RemoveProxy: =========
========= ipconfig /flushdns =========
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========= End of CMD: =========
=========== EmptyTemp: ==========BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6111554 B
Java, Flash, Steam htmlcache => 58680345 B
Windows/system/drivers => 519178149 B
Edge => 0 B
Chrome => 844447682 B
Firefox => 381391676 B
Opera => 0 BTemp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 258346 B
systemprofile32 => 128 B
LocalService => 12400 B
NetworkService => 5586022 B
Alex => 7731083624 B
alex_000 => 43332064 BRecycleBin => 1062871441 B
EmptyTemp: => 9.9 GB temporary data Removed.================================
The system needed a reboot.==== End of Fixlog 12:36:02 ====
Here is the exported results from the Malware byte scan
Malwarebytes Anti-Malware
www.malwarebytes.org
Update, 6/30/2016 6:01 AM, SYSTEM, WINDOWS-8JNJDSM, Manual, Remediation Database, 2016.6.16.1, 2016.6.29.1,
Update, 6/30/2016 6:01 AM, SYSTEM, WINDOWS-8JNJDSM, Manual, Domain Database, 2016.6.20.7, 2016.6.30.1,
Update, 6/30/2016 6:01 AM, SYSTEM, WINDOWS-8JNJDSM, Manual, IP Database, 2016.6.20.1, 2016.6.29.2,
Update, 6/30/2016 6:01 AM, SYSTEM, WINDOWS-8JNJDSM, Manual, Malware Database, 2016.6.20.7, 2016.6.30.5,
Protection, 6/30/2016 6:01 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting,
Protection, 6/30/2016 6:01 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success,
Scan, 6/30/2016 7:02 AM, SYSTEM, WINDOWS-8JNJDSM, Manual, Start:6/30/2016 6:01 AM, Duration:1 hr 0 min 40 sec, Threat Scan, Cancelled, 0 Malware Detections, 1 Non-Malware Detection,
Protection, 6/30/2016 7:10 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malware Protection, Starting,
Protection, 6/30/2016 7:10 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting,
Protection, 6/30/2016 7:10 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malware Protection, Started,
Protection, 6/30/2016 7:12 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started,
Scan, 6/30/2016 7:16 AM, SYSTEM, WINDOWS-8JNJDSM, Manual, Start:6/30/2016 7:06 AM, Duration:9 min 59 sec, Custom Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,
Update, 6/30/2016 7:33 AM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Malware Database, 2016.6.30.5, 2016.6.30.6,
Protection, 6/30/2016 7:33 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting,
Protection, 6/30/2016 7:33 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopping,
Protection, 6/30/2016 7:33 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopped,
Protection, 6/30/2016 7:41 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success,
Protection, 6/30/2016 7:41 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting,
Protection, 6/30/2016 7:41 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started,
Scan, 6/30/2016 7:44 AM, SYSTEM, WINDOWS-8JNJDSM, Manual, Start:6/30/2016 7:21 AM, Duration:22 min 31 sec, Custom Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,
Update, 6/30/2016 8:41 AM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, IP Database, 2016.6.29.2, 2016.6.30.1,
Update, 6/30/2016 8:41 AM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Domain Database, 2016.6.30.1, 2016.6.30.2,
Update, 6/30/2016 8:41 AM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Malware Database, 2016.6.30.6, 2016.6.30.7,
Protection, 6/30/2016 8:41 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting,
Protection, 6/30/2016 8:41 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopping,
Protection, 6/30/2016 8:41 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopped,
Protection, 6/30/2016 8:57 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success,
Protection, 6/30/2016 8:57 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting,
Protection, 6/30/2016 8:57 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started,
Scan, 6/30/2016 9:08 AM, SYSTEM, WINDOWS-8JNJDSM, Manual, Start:6/30/2016 7:44 AM, Duration:1 hr 24 min 17 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,
Update, 6/30/2016 9:32 AM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, IP Database, 2016.6.30.1, 2016.6.30.2,
Update, 6/30/2016 9:32 AM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Domain Database, 2016.6.30.2, 2016.6.30.3,
Protection, 6/30/2016 9:32 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting,
Protection, 6/30/2016 9:32 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopping,
Protection, 6/30/2016 9:32 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopped,
Protection, 6/30/2016 9:32 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success,
Protection, 6/30/2016 9:32 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting,
Protection, 6/30/2016 9:32 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started,
Update, 6/30/2016 10:14 AM, SYSTEM, WINDOWS-8JNJDSM, Manual, Malware Database, 2016.6.30.7, 2016.6.30.8,
Protection, 6/30/2016 10:14 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting,
Protection, 6/30/2016 10:14 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopping,
Protection, 6/30/2016 10:14 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopped,
Protection, 6/30/2016 10:19 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success,
Protection, 6/30/2016 10:19 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting,
Protection, 6/30/2016 10:19 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started,
Update, 6/30/2016 10:37 AM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Domain Database, 2016.6.30.3, 2016.6.30.4,
Protection, 6/30/2016 10:37 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting,
Protection, 6/30/2016 10:37 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopping,
Protection, 6/30/2016 10:37 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopped,
Protection, 6/30/2016 10:38 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success,
Protection, 6/30/2016 10:38 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting,
Protection, 6/30/2016 10:39 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started,
Update, 6/30/2016 11:27 AM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Domain Database, 2016.6.30.4, 2016.6.30.6,
Protection, 6/30/2016 11:27 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting,
Protection, 6/30/2016 11:27 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopping,
Protection, 6/30/2016 11:27 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopped,
Update, 6/30/2016 11:31 AM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Malware Database, 2016.6.30.8, 2016.6.30.9,
Protection, 6/30/2016 11:37 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success,
Protection, 6/30/2016 11:37 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting,
Protection, 6/30/2016 11:37 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting,
Protection, 6/30/2016 11:37 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started,
Protection, 6/30/2016 11:37 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopping,
Protection, 6/30/2016 11:37 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopped,
Protection, 6/30/2016 11:38 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success,
Protection, 6/30/2016 11:38 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting,
Protection, 6/30/2016 11:38 AM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started,
Scan, 6/30/2016 11:46 AM, SYSTEM, WINDOWS-8JNJDSM, Manual, Start:6/30/2016 10:14 AM, Duration:1 hr 31 min 34 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,
Protection, 6/30/2016 12:28 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malware Protection, Starting,
Protection, 6/30/2016 12:28 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malware Protection, Started,
Protection, 6/30/2016 12:28 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting,
Protection, 6/30/2016 12:28 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started,
Update, 6/30/2016 12:39 PM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Domain Database, 2016.6.30.6, 2016.6.30.7,
Protection, 6/30/2016 12:39 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting,
Protection, 6/30/2016 12:39 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopping,
Protection, 6/30/2016 12:39 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopped,
Protection, 6/30/2016 12:39 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success,
Protection, 6/30/2016 12:39 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting,
Protection, 6/30/2016 12:39 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started,
Protection, 6/30/2016 12:58 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malware Protection, Starting,
Protection, 6/30/2016 12:58 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malware Protection, Started,
Protection, 6/30/2016 12:58 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting,
Protection, 6/30/2016 12:58 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started,
Update, 6/30/2016 1:36 PM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Malware Database, 2016.6.30.9, 2016.6.30.10,
Protection, 6/30/2016 1:36 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting,
Protection, 6/30/2016 1:36 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopping,
Protection, 6/30/2016 1:36 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopped,
Protection, 6/30/2016 1:41 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success,
Protection, 6/30/2016 1:41 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting,
Protection, 6/30/2016 1:41 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started,
Scan, 6/30/2016 1:47 PM, SYSTEM, WINDOWS-8JNJDSM, Manual, Start:6/30/2016 1:05 PM, Duration:41 min 45 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,
Protection, 6/30/2016 2:24 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malware Protection, Starting,
Protection, 6/30/2016 2:24 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malware Protection, Started,
Protection, 6/30/2016 2:24 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting,
Protection, 6/30/2016 2:24 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started,
Update, 6/30/2016 4:35 PM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Domain Database, 2016.6.30.7, 2016.6.30.8,
Update, 6/30/2016 4:35 PM, SYSTEM, WINDOWS-8JNJDSM, Scheduler, Malware Database, 2016.6.30.10, 2016.6.30.11,
Protection, 6/30/2016 4:35 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Starting,
Protection, 6/30/2016 4:35 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopping,
Protection, 6/30/2016 4:35 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Stopped,
Protection, 6/30/2016 4:41 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Refresh, Success,
Protection, 6/30/2016 4:41 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Starting,
Protection, 6/30/2016 4:41 PM, SYSTEM, WINDOWS-8JNJDSM, Protection, Malicious Website Protection, Started,(end)
And here is the AdwCleaner(C*)-Notepad log
# AdwCleaner v5.200 - Logfile created 30/06/2016 at 14:22:07
# Updated 14/06/2016 by ToolsLib
# Database : 2016-06-30.2 [Server]
# Operating system : Windows 8.1 (X64)
# Username : Alex - WINDOWS-8JNJDSM
# Running from : C:\Users\Alex\Desktop\AdwCleaner.exe
# Option : Clean
# Support : https://toolslib.net/forum***** [ Services ] *****
***** [ Folders ] *****[-] Folder Deleted : C:\Users\Alex\AppData\Local\jZip
***** [ Files ] *****
[-] File Deleted : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\bald2n12.default\searchplugins\Search Provided by Bing.xml
***** [ DLLs ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****[-] Value Deleted : HKLM\SOFTWARE\RegisteredApplications [jZip]
[-] Key Deleted : HKCU\Software\jZip***** [ Web browsers ] *****
[-] [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bahkljhhdeciiaodlkppoonappfnheoi
[-] [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxps://search.yahoo.com/?type=903578&fr=spigot-yhp-ch*************************
:: "Tracing" keys deleted
:: Winsock settings cleared*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [1305 bytes] - [30/06/2016 14:22:07]
C:\AdwCleaner\AdwCleaner[S1].txt - [1409 bytes] - [30/06/2016 14:13:18]########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1451 bytes] ##########
Some time before you posted your instructions I used task manager to close the pop up because at that point it became impossible to type up responses. After the multiple reboots I have yet to see it reapear
-
I think those are the complete files
-
-
-
Done.
the farbar tool was acting strangely so I restarted it. It would open the txt files and start the process over again. I will post again when it completes.
-
The Farbar program seems to still be running even after it opened the txt file. So my guess is that it won't truly be complete until the process is over? I'll wait until that finishes and then I'll repost it.
How do I locate and stop the illegal hack from running? I don't know what it is.
-
-
I have an very annoying window popping up on my computer asking me to update yahoo and install chromium. I ran malware byte but the scan results show nothing. using task manager I found the program running from a folder called syswow64 purchased the full version of malware byte and did a custom scan on that specific location and still nothing was found. I followed the I'm infected guide on this forum and made the post you see now. Please help as soon as possible the window won't stop appearing over everything i do and it makes it extremely difficult to do anything (it's popping up as i type this message out).
Malware on computer isn't being detected by Malware byte
in Resolved Malware Removal Logs
Posted
No, the problem with the pop up has ended entirely. Whatever was causing it seems to have been removed.
Thank you for your assistance.