snynx

Hey just a heads up, I'll do that within 3 days. Any reason why the old frsts I submitted earlier in the thread wouldn't work? this error has been occuring for quite a while, though to a lesser extent, so I don't think another FRST would catch anything

Usually the bluescreen disappears and the computer resets, but I did catch "BAD_SYSTEM_CONFIG_INFO" That's probably correct as I just did a google search and it appears that this BSOD error tends to appear with the CorruptRegistry system repair. I've never touched my registry manually, unless running the anti-malware programs did something.

Nope. Doesn't get past the windows logo before bluescreening, then forcing a windows repair on the next boot, then bluescreening again after restarting, etc

Just an update, I used chkdsk and after it was done I got through to my desktop no problems, but I immediately had to go again so I turned off my computer. I have not been able to manage to boot up my computer ever since - same problem, tried going through safe mode and it still didn't work. Tried to recreate the scenario where I waited for 4 hours after "repairing" it before attempting to start the computer and that didn't work either. I was watching the chkdsk as it occurred though, and I do remember that there were no bad sectors.

I need to use the computer now and since you said it may take a few hours, I'll do that in about 2 days

Because "corruptregistry" is what I'm reading when it gives me an error readout. Not my own example (googled it) but this is what mine looks like whenever I try to system repair Problem Event Name: StartupRepairOffline Problem Signature 01: 6.1.7600.16385 Problem Signature 02: 6.1.7600.16385 Problem Signature 03: unknown Problem Signature 04: 21201049 Problem Signature 05: AutoFailover Problem Signature 06: 7 Problem Signature 07: CorruptRegistry OS Version: 6.1.7600.2.0.0.256.1 Locale ID: 1033 A month ago when I booted my computer it'd bluescreen and force a system repair after the windows logo. This happened on about 20% of bootups back then. System repair would work, I could run it as normal after restarting. Then system repair started failing (and I could see the error log above), and I had to agree to system restore when it prompted to get it to run after restarting (although it never actually restored it to a previous time, I always had to agree to it or else the bluescreen loop would happen again). Then it would happen on like 50-60% of bootups and sometimes system repair + restore would fail once or twice (had to loop 1-2 times to start). Now it happens 90-100% of the time and just today, system repair + restore failed about 10 times in a row until I gave up, came back to the computer like 4 hours later and started it. I have hard drive sentinel but it always gives me a "this hdd is 100% perfect" check despite it being like 5-6 years old now, so I think it's inaccurate. My PC's overall performance in nearly everything from gaming to productivity has tanked in the past year, so I'm sure it's simply a hardware issue Anyway I don't think it's malware related (most googling points towards it being HDD failure/malfunction). Thanks for the help!

Fixlog attached Sophos found nothing. Did another scan with MBAM just in case and it found nothing. Apologies for late reply, computer is in its last days and I couldn't get it to boot for a while (apparently registry is corrupt, but hdd is probably just dying) Fixlog.txt

MBAM and adwarecleaner found nothing. JRT loads, opens a cmd box and closes it mbam log.txt Addition.txt FRST.txt

Here's the files. Addition.txt FRST.txt RK.txt

Hey, A year ago I got infected with a cocktail of viruses from a download, and ever since then although most of it has been removed, Adware.Linkury and Adware.Elex continuously pop up I figured I'd just make a new post since it's been a few months since the last post on that thread ( These are the same files each time so I'm sure something is causing them to reappear I have attached an MBAM log from today, as well as one from 14 Feb, both of which show the same adwares MBAMLog.txt MBAMLog14-2.txt

Nothing found. mbam log 3.txt

That was a brainfart, I ran TFC Any updates?

Here's the FRST files, running JRT now FRST.txt Addition.txt

Ugh, sorry for not replying for so long, but I forgot about this thread. Anyway I rescanned and found two PUPs.. this is getting on my nerves lol. Pretty sure I haven't been downloading as much recently, I'm still convinced that these are from my initial infection, since one of them specifically mentions trotux, which the original infection redirected my browser to. Is there a chance that it's opened up some sort of hocus pocus back door in my computer or something? MBAMLog.txt

JRT does not run, it just briefly shows a small box which disappears as well as a cmd-like box which disappears. Sophos found 4 viruses/trojans in my windows.old folder, of which I'm pretty sure there are a few false positives (InjectorGadget&PerX = cheat injectors, used to inject DLLs into games, War3 = warcraft 3) Also what is windows.old? I haven't had those files since I installed Windows 7 on my computer in 2013, does that mean reformatting doesn't actually remove viruses? ------------------------------------------------------------ 2016-09-13 06:09:30.786 Sophos Virus Removal Tool version 2.5.6 2016-09-13 06:09:30.786 Copyright (c) 2009-2016 Sophos Limited. All rights reserved. 2016-09-13 06:09:30.786 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them. 2016-09-13 06:09:30.786 Windows version 6.1 SP 0.0 build 7600 SM=0x300 PT=0x1 WOW64 2016-09-13 06:09:30.786 Checking for updates... 2016-09-13 06:09:31.608 Update progress: proxy server not available 2016-09-13 06:10:02.473 Option all = no 2016-09-13 06:10:02.473 Option recurse = yes 2016-09-13 06:10:02.473 Option archive = no 2016-09-13 06:10:02.473 Option service = yes 2016-09-13 06:10:02.473 Option confirm = yes 2016-09-13 06:10:02.473 Option sxl = yes 2016-09-13 06:10:02.473 Option max-data-age = 35 2016-09-13 06:10:02.473 Option vdl-logging = yes 2016-09-13 06:10:02.536 Customer ID: 094260ca9b3af99f9d4a3909fc47a743 2016-09-13 06:10:02.536 Machine ID: 57062fe65ba445889754de0c022199a0 2016-09-13 06:10:02.551 Component SVRTcli.exe version 2.5.6 2016-09-13 06:10:02.551 Component control.dll version 2.5.6 2016-09-13 06:10:02.551 Component SVRTservice.exe version 2.5.6 2016-09-13 06:10:02.551 Component engine\osdp.dll version 1.44.1.2252 2016-09-13 06:10:02.551 Component engine\veex.dll version 3.65.2.2252 2016-09-13 06:10:02.567 Component engine\savi.dll version 9.0.1.2252 2016-09-13 06:10:02.583 Component rkdisk.dll version 1.5.30.0 2016-09-13 06:10:02.583 Version info: Product version 2.5.6 2016-09-13 06:10:02.583 Version info: Detection engine 3.65.2 2016-09-13 06:10:02.583 Version info: Detection data 5.31 2016-09-13 06:10:02.583 Version info: Build date 6/09/2016 2016-09-13 06:10:02.583 Version info: Data files added 177 2016-09-13 06:10:02.583 Version info: Last successful update 13/09/2016 1:54:26 PM 2016-09-13 06:10:07.696 Downloading updates... 2016-09-13 06:10:07.696 Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1 2016-09-13 06:10:07.696 Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path= 2016-09-13 06:10:07.696 Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path= 2016-09-13 06:10:07.696 Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=] 2016-09-13 06:10:07.696 Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path= 2016-09-13 06:10:07.696 Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path= 2016-09-13 06:10:07.696 Update progress: [I49502] sdds.data0910.xml: found supplement IDE532 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=] 2016-09-13 06:10:07.696 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE532 LATEST path= 2016-09-13 06:10:07.696 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE532 LATEST path= 2016-09-13 06:10:07.696 Update progress: [I49502] sdds.data0910.xml: found supplement IDE533 LATEST path= baseVersion= [included from product IDE532 LATEST path=] 2016-09-13 06:10:07.696 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE533 LATEST path= 2016-09-13 06:10:07.696 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE533 LATEST path= 2016-09-13 06:10:07.696 Update progress: [I49502] sdds.data0910.xml: found supplement IDE534 LATEST path= baseVersion= [included from product IDE533 LATEST path=] 2016-09-13 06:10:07.696 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE534 LATEST path= 2016-09-13 06:10:07.696 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE534 LATEST path= 2016-09-13 06:10:07.696 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path= 2016-09-13 06:10:07.862 Update progress: [I19463] Syncing product SAVIW32 LATEST path= 2016-09-13 06:10:08.439 Update progress: [I19463] Syncing product IDE532 LATEST path= 2016-09-13 06:10:09.422 Update progress: [I19463] Syncing product IDE533 LATEST path= 2016-09-13 06:10:09.422 Update progress: [I19463] Product download size 10871 bytes 2016-09-13 06:10:09.453 Update progress: [I19463] Syncing product IDE534 LATEST path= 2016-09-13 06:10:09.547 Installing updates... 2016-09-13 06:10:10.358 Error level 1 2016-09-13 06:10:11.372 Update successful 2016-09-13 06:10:20.963 Option all = no 2016-09-13 06:10:20.963 Option recurse = yes 2016-09-13 06:10:20.963 Option archive = no 2016-09-13 06:10:20.963 Option service = yes 2016-09-13 06:10:20.963 Option confirm = yes 2016-09-13 06:10:20.963 Option sxl = yes 2016-09-13 06:10:20.963 Option max-data-age = 35 2016-09-13 06:10:20.963 Option vdl-logging = yes 2016-09-13 06:10:20.963 Customer ID: 094260ca9b3af99f9d4a3909fc47a743 2016-09-13 06:10:20.963 Machine ID: 57062fe65ba445889754de0c022199a0 2016-09-13 06:10:20.963 Component SVRTcli.exe version 2.5.6 2016-09-13 06:10:20.963 Component control.dll version 2.5.6 2016-09-13 06:10:20.963 Component SVRTservice.exe version 2.5.6 2016-09-13 06:10:20.963 Component engine\osdp.dll version 1.44.1.2252 2016-09-13 06:10:20.963 Component engine\veex.dll version 3.65.2.2252 2016-09-13 06:10:20.963 Component engine\savi.dll version 9.0.1.2252 2016-09-13 06:10:20.963 Component rkdisk.dll version 1.5.30.0 2016-09-13 06:10:20.963 Version info: Product version 2.5.6 2016-09-13 06:10:20.963 Version info: Detection engine 3.65.2 2016-09-13 06:10:20.963 Version info: Detection data 5.31 2016-09-13 06:10:20.963 Version info: Build date 6/09/2016 2016-09-13 06:10:20.963 Version info: Data files added 178 2016-09-13 06:10:20.963 Version info: Last successful update 13/09/2016 4:10:11 PM 2016-09-13 06:36:55.507 Could not open C:\Boot\BCD 2016-09-13 06:36:57.207 Could not open C:\hiberfil.sys 2016-09-13 06:38:56.301 Could not open C:\pagefile.sys 2016-09-13 07:01:10.760 Could not open C:\System Volume Information\{1c862054-6a65-11e6-8cf5-485b3937bcca}{3808876b-c176-4e48-b7ae-04046e6cc752} 2016-09-13 07:01:10.760 Could not open C:\System Volume Information\{2a466e14-7964-11e6-bfbf-485b3937bcca}{3808876b-c176-4e48-b7ae-04046e6cc752} 2016-09-13 07:01:10.760 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} 2016-09-13 07:01:10.760 Could not open C:\System Volume Information\{839e4bd1-6f21-11e6-b056-485b3937bcca}{3808876b-c176-4e48-b7ae-04046e6cc752} 2016-09-13 07:01:10.760 Could not open C:\System Volume Information\{f8b31eef-7335-11e6-833d-485b3937bcca}{3808876b-c176-4e48-b7ae-04046e6cc752} 2016-09-13 07:01:10.760 Could not open C:\System Volume Information\{f8b31f39-7335-11e6-833d-485b3937bcca}{3808876b-c176-4e48-b7ae-04046e6cc752} 2016-09-13 07:01:10.760 Could not open C:\System Volume Information\{f8b31f3d-7335-11e6-833d-485b3937bcca}{3808876b-c176-4e48-b7ae-04046e6cc752} 2016-09-13 07:13:47.411 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb 2016-09-13 07:13:47.411 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb 2016-09-13 07:13:49.838 Could not open C:\Windows\System32\config\RegBack\DEFAULT 2016-09-13 07:13:49.838 Could not open C:\Windows\System32\config\RegBack\SAM 2016-09-13 07:13:49.853 Could not open C:\Windows\System32\config\RegBack\SECURITY 2016-09-13 07:13:49.853 Could not open C:\Windows\System32\config\RegBack\SOFTWARE 2016-09-13 07:13:49.853 Could not open C:\Windows\System32\config\RegBack\SYSTEM 2016-09-13 07:24:28.323 >>> Virus 'Mal/Generic-S' found in file C:\Windows.old\Documents and Settings\Alvin\Desktop\Maple Hacks\Sep 2012\InjectorGadget.exe 2016-09-13 07:24:28.323 >>> Virus 'Mal/Generic-S' found in file C:\Windows.old\Documents and Settings\Alvin\Desktop\Maple Hacks\Sep 2012\InjectorGadget.exe 2016-09-13 07:25:55.186 >>> Virus 'Mal/VMProtBad-A' found in file C:\Windows.old\Documents and Settings\Alvin\My Documents\Downloads\File.exe 2016-09-13 07:26:14.628 >>> Virus 'Troj/WOW-KK' found in file C:\Windows.old\Documents and Settings\Alvin\My Documents\Downloads\OLD\cache\1204\War3.exe 2016-09-13 07:26:22.243 >>> Virus 'Troj/WOW-KK' found in file C:\Windows.old\Documents and Settings\Alvin\My Documents\Downloads\OLD\Copy of VersionSwitcher\cache\1204\War3.exe 2016-09-13 07:26:38.453 >>> Virus 'Mal/VMProtBad-A' found in file C:\Windows.old\Documents and Settings\Alvin\My Documents\Downloads\OLD\gamecam.dll 2016-09-13 07:26:42.917 >>> Virus 'Mal/Generic-S' found in file C:\Windows.old\Documents and Settings\Alvin\My Documents\Downloads\OLD\GSYSLoader.exe 2016-09-13 07:26:56.803 >>> Virus 'Mal/Generic-E' found in file C:\Windows.old\Documents and Settings\Alvin\My Documents\Downloads\OLD\PerX.exe 2016-09-13 07:27:01.235 >>> Virus 'Troj/WOW-KK' found in file C:\Windows.old\Documents and Settings\Alvin\My Documents\Downloads\OLD\VersionSwitcher\cache\1204\War3.exe 2016-09-13 07:27:18.631 >>> Virus 'Mal/VMProtBad-A' found in file C:\Windows.old\Documents and Settings\Alvin\My Documents\Downloads\Stealth.dll 2016-09-13 07:38:52.947 Could not open LOGICAL:0003:00000000 2016-09-13 07:38:52.978 Could not open D:\ 2016-09-13 07:38:53.072 The following items will be cleaned up: 2016-09-13 07:38:53.072 Mal/Generic-S 2016-09-13 07:38:53.072 Mal/VMProtBad-A 2016-09-13 07:38:53.072 Troj/WOW-KK 2016-09-13 07:38:53.072 Mal/Generic-E AdwCleaner[C3].txt FRST.txt

MBAM detected nothing on the 7th, however I ran an adware cleaner beforehand and it found a few files (attached). Running another MBAM scan just in case AdwCleaner[S6].txt MBAM Log.txt

update = nothing found in second MBAM scan. I should also note that I scanned with MBAM between my first Youndoo infection and now about 2-3 times, and hicosmea never came up, so it's possible that it was from a recent download or something

Hey, 2 months ago I downloaded a malicious file containing a cocktail of adware in this thread = https://forums.malwarebytes.org/topic/185247-fix-for-snynx/. Though it was resolved back then, I now have a PUP displaying when I scan with MBAM. I removed it with MBAM, ran Zoek using a script by TwinHeadedEagle in this thread = createsrpoint; autoclean; emptyclsid; emptyalltemp; ipconfig /flushdns >>"%temp%\log.txt";b and then FRST. However I have been googling around and searching, and it appears that this PUP is rather persistent, similar to Youndoo. I'm really paranoid about viruses so I would like to know if my computer is still infected. I am running a second MBAM scan right now. I have attached FRST, Zoek and MBAM logs For what it's worth I recently installed a few games (AVA, Soldat, Prison Architect). Xhunter1 looked really suspicious to me but it was a part of AVA. zoek-results.txt MBAM Log.txt FRST.txt

*FRST logs, not fix logs Regardless, thanks for the help - solved the pinned chrome box problem on my own (just had to unpin & repin).

I do not have firefox installed, why did that show up on the fix logs?

No objects found I'm still paranoid, are there any further tools to make sure I don't have viruses? For what it's worth, I did an MBAM scan ~2 weeks ago (before I got this virus) and found nothing, but in the other thread, OP mentioned that this hijacker infects other files

Nothing found in the registry (where the scan picked it up before) Thanks for the swift help, I was legitimately panicking. Will update if the rest of the scan finds something. Also, do you know why my chrome is now opening a new box on the taskbar rather than on its own? Hard to explain what I mean, but before I got the virus just 2 hours ago, whenever I clicked on chrome, it would look like this on its own But now when I click on the pinned chrome window, it opens a new box, like this The one on the left is the pinned program, the one on the right appears when I click on the left. Normally it just makes a box around the original pinned picture. Doesn't seem like much but I'm paranoid that it means malware is still around. I reset chrome settings before, uninstalled and reinstalled.

Performing threat scan now, will update ASAP

Here's the file. Fixlog.txt

Is it okay if I hijack this thread? I have literally the same issue - registry Youndoo PUP persists, same directory, but no other malware-y effects. MBAM does not clean it. I've attached the MBAM log, the FRST, and addition I got the virus/adwares about 2 hours ago, initially MBAM detected 48 objects but now it's just that 1 registry object it fails to remove Addition.txt FRST.txt MBAM Log.txt