Jump to content

AGuyCalledJack

Members
  • Posts

    3
  • Joined

Reputation

0 Neutral
  1. I've completed the process above and below is the log. Sadly the symptoms mentioned in my original message are persisting. Fix result of Farbar Recovery Scan Tool (x64) Version: 02-12-2016 Ran by Jack (03-12-2016 02:57:09) Run:1 Running from C:\Users\Jack\Desktop Loaded Profiles: Jack (Available Profiles: Jack & Administrator) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: RemoveProxy: hosts: EmptyTemp: Reboot: ***************** Processes closed successfully. Restore point was successfully created. ========= RemoveProxy: ========= HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully HKU\S-1-5-21-2762593419-3716735177-4266425204-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\S-1-5-21-2762593419-3716735177-4266425204-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully ========= End of RemoveProxy: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 0 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 1353368536 B Java, Flash, Steam htmlcache => 506 B Windows/system/drivers => 50111606 B Edge => 1523939 B Chrome => 460900586 B Firefox => 86212946 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 21274 B NetworkService => 88624 B Jack => 1048481740 B Administrator => 21550361 B RecycleBin => 738571037 B EmptyTemp: => 3.5 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 03:11:02 ====
  2. Many thanks for the intial information, I've completed the steps above and posted/attached the logs. Sadly the symptoms mentioned in my original message are persisting. Log from Junkware Removal Tool ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.9 (09.30.2016) Operating System: Windows 10 Home x64 Ran by Jack (Administrator) on 30-Nov-16 at 23:40:08.64 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 2 Successfully deleted: C:\Users\Jack\AppData\Local\crashrpt (Folder) Successfully deleted: C:\Users\Jack\AppData\Roaming\9595 (Folder) Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 30-Nov-16 at 23:44:45.42 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Log from AdwCleaner # AdwCleaner v6.030 - Logfile created 30/11/2016 at 23:48:19 # Updated on 19/10/2016 by Malwarebytes # Database : 2016-11-29.1 [Server] # Operating System : Windows 10 Home (X64) # Username : Jack - JACK-PC # Running from : C:\Users\Jack\Desktop\AdwCleaner.exe # Mode: Scan # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious keys found. ***** [ Shortcuts ] ***** No infected shortcut found. ***** [ Scheduled Tasks ] ***** No malicious task found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Web browsers ] ***** No malicious Firefox based browser items found. Chrome pref Found: [C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Web data] - uk.ask.com Chrome pref Found: [C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] - uk.ask.com ************************* Log from Sophos 2016-12-01 09:29:47.665 Sophos Virus Removal Tool version 2.5.6 2016-12-01 09:29:47.665 Copyright (c) 2009-2016 Sophos Limited. All rights reserved. 2016-12-01 09:29:47.665 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them. 2016-12-01 09:29:47.665 Windows version 6.2 SP 0.0 build 9200 SM=0x300 PT=0x1 WOW64 2016-12-01 09:29:47.665 Checking for updates... 2016-12-01 09:29:47.681 Update progress: proxy server not available 2016-12-01 09:29:51.228 Downloading updates... 2016-12-01 09:29:51.228 Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1 2016-12-01 09:29:51.228 Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path= 2016-12-01 09:29:51.228 Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path= 2016-12-01 09:29:51.228 Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=] 2016-12-01 09:29:51.228 Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path= 2016-12-01 09:29:51.244 Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path= 2016-12-01 09:29:51.244 Update progress: [I49502] sdds.data0910.xml: found supplement IDE533 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=] 2016-12-01 09:29:51.244 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE533 LATEST path= 2016-12-01 09:29:51.244 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE533 LATEST path= 2016-12-01 09:29:51.244 Update progress: [I49502] sdds.data0910.xml: found supplement IDE534 LATEST path= baseVersion= [included from product IDE533 LATEST path=] 2016-12-01 09:29:51.244 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE534 LATEST path= 2016-12-01 09:29:51.244 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE534 LATEST path= 2016-12-01 09:29:51.244 Update progress: [I49502] sdds.data0910.xml: found supplement IDE535 LATEST path= baseVersion= [included from product IDE534 LATEST path=] 2016-12-01 09:29:51.244 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE535 LATEST path= 2016-12-01 09:29:51.244 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE535 LATEST path= 2016-12-01 09:29:51.244 Update progress: [I49502] sdds.data0910.xml: found supplement IDE536 LATEST path= baseVersion= [included from product IDE535 LATEST path=] 2016-12-01 09:29:51.244 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE536 LATEST path= 2016-12-01 09:29:51.244 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE536 LATEST path= 2016-12-01 09:29:51.244 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path= 2016-12-01 09:29:51.275 Update progress: [I19463] Syncing product SAVIW32 LATEST path= 2016-12-01 09:29:51.306 Update progress: [I19463] Syncing product IDE533 LATEST path= 2016-12-01 09:29:51.322 Update progress: [I19463] Syncing product IDE534 LATEST path= 2016-12-01 09:29:51.353 Update progress: [I19463] Syncing product IDE535 LATEST path= 2016-12-01 09:29:51.353 Update progress: [I19463] Syncing product IDE536 LATEST path= 2016-12-01 09:29:51.431 Installing updates... 2016-12-01 09:29:58.854 Option all = no 2016-12-01 09:29:59.682 Option recurse = yes 2016-12-01 09:29:59.682 Option archive = no 2016-12-01 09:29:59.682 Option service = yes 2016-12-01 09:29:59.682 Option confirm = yes 2016-12-01 09:29:59.682 Option sxl = yes 2016-12-01 09:29:59.682 Option max-data-age = 35 2016-12-01 09:29:59.682 Option vdl-logging = yes 2016-12-01 09:29:59.682 Customer ID: 094260ca9b3af99f9d4a3909fc47a743 2016-12-01 09:29:59.682 Machine ID: dfca7e97d9aa4c8bbdd5aa8aff4de363 2016-12-01 09:29:59.682 Component SVRTcli.exe version 2.5.6 2016-12-01 09:29:59.682 Component control.dll version 2.5.6 2016-12-01 09:29:59.682 Component SVRTservice.exe version 2.5.6 2016-12-01 09:29:59.682 Component engine\osdp.dll version 1.44.1.2270 2016-12-01 09:29:59.682 Component engine\veex.dll version 3.67.0.2270 2016-12-01 09:29:59.682 Component engine\savi.dll version 9.0.5.2270 2016-12-01 09:29:59.682 Component rkdisk.dll version 1.5.31.1 2016-12-01 09:29:59.682 Version info: Product version 2.5.6 2016-12-01 09:29:59.682 Version info: Detection engine 3.67.0 2016-12-01 09:29:59.682 Version info: Detection data 5.32 2016-12-01 09:29:59.682 Version info: Build date 04/10/2016 2016-12-01 09:29:59.682 Version info: Data files added 428 2016-12-01 09:29:59.682 Version info: Last successful update 01/12/2016 09:28:41 2016-12-01 09:29:59.682 Error level 1 2016-12-01 09:30:00.323 Update successful 2016-12-01 09:30:11.324 Option all = no 2016-12-01 09:30:11.324 Option recurse = yes 2016-12-01 09:30:11.324 Option archive = no 2016-12-01 09:30:11.324 Option service = yes 2016-12-01 09:30:11.324 Option confirm = yes 2016-12-01 09:30:11.324 Option sxl = yes 2016-12-01 09:30:11.324 Option max-data-age = 35 2016-12-01 09:30:11.324 Option vdl-logging = yes 2016-12-01 09:30:11.324 Customer ID: 094260ca9b3af99f9d4a3909fc47a743 2016-12-01 09:30:11.324 Machine ID: dfca7e97d9aa4c8bbdd5aa8aff4de363 2016-12-01 09:30:11.324 Component SVRTcli.exe version 2.5.6 2016-12-01 09:30:11.324 Component control.dll version 2.5.6 2016-12-01 09:30:11.324 Component SVRTservice.exe version 2.5.6 2016-12-01 09:30:11.324 Component engine\osdp.dll version 1.44.1.2270 2016-12-01 09:30:11.324 Component engine\veex.dll version 3.67.0.2270 2016-12-01 09:30:11.324 Component engine\savi.dll version 9.0.5.2270 2016-12-01 09:30:11.324 Component rkdisk.dll version 1.5.31.1 2016-12-01 09:30:11.324 Version info: Product version 2.5.6 2016-12-01 09:30:11.324 Version info: Detection engine 3.67.0 2016-12-01 09:30:11.324 Version info: Detection data 5.32 2016-12-01 09:30:11.324 Version info: Build date 04/10/2016 2016-12-01 09:30:11.324 Version info: Data files added 428 2016-12-01 09:30:11.324 Version info: Last successful update 01/12/2016 09:30:00 2016-12-01 10:59:10.755 Could not open C:\hiberfil.sys 2016-12-01 11:00:28.969 Could not open C:\pagefile.sys 2016-12-01 11:15:29.177 Could not open C:\swapfile.sys 2016-12-01 11:15:29.395 Could not open C:\System Volume Information\{21750ed2-b5e3-11e6-aa41-f04da25f222a}{3808876b-c176-4e48-b7ae-04046e6cc752} 2016-12-01 11:15:29.395 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} 2016-12-01 11:15:29.395 Could not open C:\System Volume Information\{b26bf214-b755-11e6-aa42-f04da25f222a}{3808876b-c176-4e48-b7ae-04046e6cc752} 2016-12-01 11:18:16.862 >>> Virus 'Mal/Phish-A' found in file C:\Users\Jack\AppData\Local\Mozilla\Firefox\Profiles\4a7va4aj.default\cache2\entries\EA515B6FE69E3193E393A07CA3BFBE0DF2F14A46 2016-12-01 11:18:16.862 >>> Virus 'Mal/Phish-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin 2016-12-01 11:18:16.862 >>> Virus 'Mal/Phish-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin 2016-12-01 11:18:16.862 >>> Virus 'Mal/Phish-A' found in file HKU\S-1-5-21-2762593419-3716735177-4266425204-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2103 2016-12-01 11:18:16.862 >>> Virus 'Mal/Phish-A' found in file HKU\S-1-5-21-2762593419-3716735177-4266425204-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2103 2016-12-01 11:18:16.862 >>> Virus 'Mal/Phish-A' found in file HKU\S-1-5-21-2762593419-3716735177-4266425204-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208 2016-12-01 11:18:16.862 >>> Virus 'Mal/Phish-A' found in file HKU\S-1-5-21-2762593419-3716735177-4266425204-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208 2016-12-01 12:05:57.189 Could not open C:\Windows\System32\config\BBI 2016-12-01 12:05:57.282 Could not open C:\Windows\System32\config\DRIVERS 2016-12-01 12:05:57.345 Could not open C:\Windows\System32\config\RegBack\DEFAULT 2016-12-01 12:05:57.360 Could not open C:\Windows\System32\config\RegBack\SAM 2016-12-01 12:05:57.360 Could not open C:\Windows\System32\config\RegBack\SECURITY 2016-12-01 12:05:57.360 Could not open C:\Windows\System32\config\RegBack\SOFTWARE 2016-12-01 12:05:57.360 Could not open C:\Windows\System32\config\RegBack\SYSTEM 2016-12-01 12:24:49.298 The following items will be cleaned up: 2016-12-01 12:24:49.298 Mal/Phish-A FRST.txt Addition.txt
  3. I accidentally infected my computer last week. I immediately updated Malwarebytes, unplugged my ethernet and completed a scan. Many items were removed as you will see in my initial scan. I restarted my computer and performed the scan again but a pattern appear no matter how many times I restarted my computer. PUP.Optional.Trotux is always found and reappears. My taskbar is largely non-responsive apart from my ability to close and open windows e.g. Windows 10 start button, volume control and the notifications button are all inactive. If I try and use them nothing happens and occasionally a Windows 10 system sound is made if I keep trying. This Windows 10 system sound is also made at random intervals whilst I use my computer. The 'Photos' app doesn't open, if I'm viewing a photo for instance. I'm required to use another program. Another user's account has appeared on the logon screen. This account is a local administator, cannot be deleted and has the same limited taskbar functionality that my user account does. I am still an administrator but appear to be more restricted in the overall hierarchy than the other local administrator. Despite clearing Chrome's settings, clearing all browser data, reinstalling the browser - it uses an automated system to login to my Facebook account. I have attached my logs from Farbar, along with my initial virus scan after getting the virus, and finally the standard virus scan I receive now that the problems above still occur despite PUP.Optional.Trotux reappearing. Any guidance would be very much appreciated JF - FRST.txt JF - Addition.txt LOG after first scan following virus.txt LOG of a typical scan now.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.