Kidchojin

Sorry for the wait, but that seem to have fixed the problem Thank you

I have this malware on my computer where every 10 - 15 minutes chrome (even if not already open) opens up a new tab with malware on it. This has occurred after having some extension and programs named Mail.ru. FRST.txt Addition.txt MB-CheckResult.txt

I think this might be it. mbscan.txt

Ok, I did the scan but i am not sure what log you are talking about.

Ok, when i try to open Malwarebytes, I get an error that read "Unable to connect the Service"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.1 (02.11.2017) Operating System: Windows 10 Home x64 Ran by Kyle (Administrator) on Thu 03/02/2017 at 20:01:31.18 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 41 Failed to delete: C:\WINDOWS\Tasks\Traffic Exchange Updater.job (Task) Successfully deleted: C:\ProgramData\microleaves (Folder) Successfully deleted: C:\ProgramData\mntemp (File) Successfully deleted: C:\Users\Kyle\AppData\Roaming\microleaves (Folder) Successfully deleted: C:\Users\Kyle\AppData\Roaming\proxygate (Folder) Successfully deleted: C:\WINDOWS\system32\Tasks\Online Application Guard (Task) Successfully deleted: C:\WINDOWS\system32\Tasks\Online Application Guardian (Task) Successfully deleted: C:\WINDOWS\system32\Tasks\Online Application Updater (Task) Successfully deleted: C:\WINDOWS\system32\Tasks\Online Application v2 Guard (Task) Successfully deleted: C:\WINDOWS\system32\Tasks\Online Application v2 Guardian (Task) Successfully deleted: C:\WINDOWS\system32\Tasks\Online Application v2 (Task) Successfully deleted: C:\WINDOWS\system32\Tasks\Online Application v209 Guard (Task) Successfully deleted: C:\WINDOWS\system32\Tasks\Online Application v209 Guardian (Task) Successfully deleted: C:\WINDOWS\system32\Tasks\Online Application v209 (Task) Successfully deleted: C:\WINDOWS\system32\Tasks\Online Application (Task) Successfully deleted: C:\WINDOWS\system32\Tasks\Traffic Exchange Guard (Task) Successfully deleted: C:\WINDOWS\system32\Tasks\Traffic Exchange Guardian (Task) Successfully deleted: C:\WINDOWS\system32\Tasks\Traffic Exchange Updater (Task) Successfully deleted: C:\WINDOWS\system32\Tasks\Traffic Exchange v2 - 1 (Task) Successfully deleted: C:\WINDOWS\system32\Tasks\Traffic Exchange v2 - 2 (Task) Successfully deleted: C:\WINDOWS\system32\Tasks\Traffic Exchange v2 - 3 (Task) Successfully deleted: C:\WINDOWS\system32\Tasks\Traffic Exchange v209 - 1 (Task) Successfully deleted: C:\WINDOWS\system32\Tasks\Traffic Exchange v209 - 2 (Task) Successfully deleted: C:\WINDOWS\system32\Tasks\Traffic Exchange v209 - 3 (Task) Successfully deleted: C:\WINDOWS\system32\Tasks\Traffic Exchange (Task) Successfully deleted: C:\WINDOWS\Tasks\Online Application Updater.job (Task) Successfully deleted: C:\WINDOWS\Tasks\Online Application v2 Guard.job (Task) Successfully deleted: C:\WINDOWS\Tasks\Online Application v2 Guardian.job (Task) Successfully deleted: C:\WINDOWS\Tasks\Online Application v2.job (Task) Successfully deleted: C:\WINDOWS\Tasks\Online Application v209 Guard.job (Task) Successfully deleted: C:\WINDOWS\Tasks\Online Application v209 Guardian.job (Task) Successfully deleted: C:\WINDOWS\Tasks\Online Application v209.job (Task) Successfully deleted: C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job (Task) Successfully deleted: C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job (Task) Successfully deleted: C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job (Task) Successfully deleted: C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job (Task) Successfully deleted: C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job (Task) Successfully deleted: C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job (Task) Successfully deleted: C:\Program Files (x86)\dataup (Folder) Successfully deleted: C:\Program Files (x86)\microleaves (Folder) Successfully deleted: C:\Program Files (x86)\regtool (Folder) Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Thu 03/02/2017 at 20:03:49.22 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v6.044 - Logfile created 02/03/2017 at 20:09:02 # Updated on 28/02/2017 by Malwarebytes # Database : 2017-03-02.1 [Server] # Operating System : Windows 10 Home (X64) # Username : Kyle - DESKTOP-30O29DK # Running from : C:\Users\Kyle\Desktop\AdwCleaner.exe # Mode: Clean # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder deleted: C:\Users\Kyle\.proxycheck [-] Folder deleted: C:\Users\Kyle\.AnonymizerLauncher [-] Folder deleted: C:\Users\Kyle\AppData\Local\AnonymizerLauncher [-] Folder deleted: C:\Users\kidch\AppData\Local\AdvinstAnalytics [-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget [-] Folder deleted: C:\Program Files (x86)\S5 [-] Folder deleted: C:\Program Files (x86)\AnonymizerGadget [-] Folder deleted: C:\Users\Kyle\AppData\Roaming\AGData ***** [ Files ] ***** [-] File deleted: C:\Users\Kyle\AppData\Local\uninstallro.exe ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled Tasks ] ***** [-] Task deleted: Traffic Exchange Guardian [-] Task deleted: Traffic Exchange Updater [-] Task deleted: Traffic Exchange [-] Task deleted: Traffic Exchange Guard ***** [ Registry ] ***** [-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Dataup [#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Dataup [-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowService [#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowService [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C} [-] Key deleted: HKU\S-1-5-21-2454241543-2566665723-3639746684-1002\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1 [-] Key deleted: HKU\S-1-5-21-2454241543-2566665723-3639746684-1002\Software\Microsoft\Windows\CurrentVersion\Uninstall\REOptimizer [-] Key deleted: HKLM\SOFTWARE\Microleaves [#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1 [#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\REOptimizer [-] Key deleted: [x64] HKLM\SOFTWARE\Microleaves [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1 [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\REOptimizer [-] Value deleted: HKU\S-1-5-21-2454241543-2566665723-3639746684-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [ProxyGate] ***** [ Web browsers ] ***** [-] [C:\Users\kidch\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com [-] [C:\Users\kidch\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [3162 Bytes] - [02/03/2017 20:09:02] C:\AdwCleaner\AdwCleaner[S0].txt - [3191 Bytes] - [02/03/2017 20:08:36] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3308 Bytes] ########## 2017-03-03 01:34:20.920 Sophos Virus Removal Tool version 2.5.6 2017-03-03 01:34:20.920 Copyright (c) 2009-2016 Sophos Limited. All rights reserved. 2017-03-03 01:34:20.920 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them. 2017-03-03 01:34:20.920 Windows version 6.2 SP 0.0 build 9200 SM=0x300 PT=0x1 WOW64 2017-03-03 01:34:20.920 Checking for updates... 2017-03-03 01:34:21.030 Update progress: proxy server not available 2017-03-03 01:34:31.434 Option all = no 2017-03-03 01:34:31.434 Option recurse = yes 2017-03-03 01:34:31.434 Option archive = no 2017-03-03 01:34:31.434 Option service = yes 2017-03-03 01:34:31.434 Option confirm = yes 2017-03-03 01:34:31.434 Option sxl = yes 2017-03-03 01:34:31.434 Option max-data-age = 35 2017-03-03 01:34:31.434 Option vdl-logging = yes 2017-03-03 01:34:31.434 Customer ID: 094260ca9b3af99f9d4a3909fc47a743 2017-03-03 01:34:31.434 Machine ID: 703c15924f834aa785a83732b9aa49c6 2017-03-03 01:34:31.434 Component SVRTcli.exe version 2.5.6 2017-03-03 01:34:31.434 Component control.dll version 2.5.6 2017-03-03 01:34:31.434 Component SVRTservice.exe version 2.5.6 2017-03-03 01:34:31.434 Component engine\osdp.dll version 1.44.1.2280 2017-03-03 01:34:31.434 Component engine\veex.dll version 3.68.0.2280 2017-03-03 01:34:31.434 Component engine\savi.dll version 9.0.7.2280 2017-03-03 01:34:31.434 Component rkdisk.dll version 1.5.31.1 2017-03-03 01:34:31.434 Version info: Product version 2.5.6 2017-03-03 01:34:31.450 Version info: Detection engine 3.68.0 2017-03-03 01:34:31.450 Version info: Detection data 5.36 2017-03-03 01:34:31.450 Version info: Build date 2/7/2017 2017-03-03 01:34:31.450 Version info: Data files added 233 2017-03-03 01:34:31.450 Version info: Last successful update (not yet updated) 2017-03-03 01:34:34.072 Downloading updates... 2017-03-03 01:34:34.074 Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1 2017-03-03 01:34:34.074 Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path= 2017-03-03 01:34:34.074 Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path= 2017-03-03 01:34:34.074 Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=] 2017-03-03 01:34:34.075 Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path= 2017-03-03 01:34:34.075 Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path= 2017-03-03 01:34:34.075 Update progress: [I49502] sdds.data0910.xml: found supplement IDE537 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=] 2017-03-03 01:34:34.075 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE537 LATEST path= 2017-03-03 01:34:34.075 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE537 LATEST path= 2017-03-03 01:34:34.075 Update progress: [I49502] sdds.data0910.xml: found supplement IDE538 LATEST path= baseVersion= [included from product IDE537 LATEST path=] 2017-03-03 01:34:34.075 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE538 LATEST path= 2017-03-03 01:34:34.075 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE538 LATEST path= 2017-03-03 01:34:34.075 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path= 2017-03-03 01:34:34.381 Update progress: [I19463] Syncing product SAVIW32 LATEST path= 2017-03-03 01:34:34.381 Update progress: [I19463] Product download size 158884372 bytes 2017-03-03 01:34:40.361 Update progress: [I19463] Syncing product IDE537 LATEST path= 2017-03-03 01:34:40.361 Update progress: [I19463] Product download size 2537599 bytes 2017-03-03 01:34:43.540 Update progress: [I19463] Syncing product IDE538 LATEST path= 2017-03-03 01:34:43.540 Update progress: [I19463] Product download size 1969045 bytes 2017-03-03 01:34:45.775 Installing updates... 2017-03-03 01:34:46.384 Error level 1 2017-03-03 01:35:12.723 Update successful 2017-03-03 01:35:23.577 Option all = no 2017-03-03 01:35:23.593 Option recurse = yes 2017-03-03 01:35:23.593 Option archive = no 2017-03-03 01:35:23.593 Option service = yes 2017-03-03 01:35:23.593 Option confirm = yes 2017-03-03 01:35:23.593 Option sxl = yes 2017-03-03 01:35:23.593 Option max-data-age = 35 2017-03-03 01:35:23.593 Option vdl-logging = yes 2017-03-03 01:35:23.593 Customer ID: 094260ca9b3af99f9d4a3909fc47a743 2017-03-03 01:35:23.593 Machine ID: 703c15924f834aa785a83732b9aa49c6 2017-03-03 01:35:23.593 Component SVRTcli.exe version 2.5.6 2017-03-03 01:35:23.593 Component control.dll version 2.5.6 2017-03-03 01:35:23.593 Component SVRTservice.exe version 2.5.6 2017-03-03 01:35:23.593 Component engine\osdp.dll version 1.44.1.2280 2017-03-03 01:35:23.593 Component engine\veex.dll version 3.68.0.2280 2017-03-03 01:35:23.593 Component engine\savi.dll version 9.0.7.2280 2017-03-03 01:35:23.593 Component rkdisk.dll version 1.5.31.1 2017-03-03 01:35:23.593 Version info: Product version 2.5.6 2017-03-03 01:35:23.593 Version info: Detection engine 3.68.0 2017-03-03 01:35:23.593 Version info: Detection data 5.36 2017-03-03 01:35:23.593 Version info: Build date 2/7/2017 2017-03-03 01:35:23.593 Version info: Data files added 233 2017-03-03 01:35:23.593 Version info: Last successful update 3/2/2017 8:35:12 PM 2017-03-03 04:27:05.898 >>> Virus 'Mal/VMProtBad-A' found in file C:\Games\Dont.Starve.Together.Rev.202070\bin\steam_api.dll 2017-03-03 04:27:50.697 >>> Virus 'Mal/VMProtBad-A' found in file C:\Games\Dungeon.Defenders.v8.2.1.Incl.All.DLC\Binaries\Win32\steam_api.dll 2017-03-03 04:28:10.943 >>> Virus 'Mal/VMProtBad-A' found in file C:\Games\Geometry.Dash.v2.01\steam_api.dll 2017-03-03 04:28:21.102 >>> Virus 'Mal/VMProtBad-A' found in file C:\Games\Happy.Room.v10.01.2017\steam_api.dll 2017-03-03 04:28:38.371 >>> Virus 'Mal/VMProtBad-A' found in file C:\Games\IGG-AdventurTimeExplorthDungeBecaIDONKNOW\executable\steam_api.dll 2017-03-03 04:28:50.774 >>> Virus 'Mal/VMProtBad-A' found in file C:\Games\IGG-Cannon.Brawl.v1.26\steam_api.dll 2017-03-03 04:31:43.796 Could not open C:\hiberfil.sys 2017-03-03 04:31:47.328 Could not open C:\pagefile.sys 2017-03-03 05:14:50.499 Could not open C:\swapfile.sys 2017-03-03 05:15:59.265 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} 2017-03-03 05:15:59.265 Could not open C:\System Volume Information\{a9825e65-ff9e-11e6-9d30-7c5cf8d573e2}{3808876b-c176-4e48-b7ae-04046e6cc752} 2017-03-03 05:17:39.972 Could not open C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Current Session 2017-03-03 05:17:39.972 Could not open C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Current Tabs 2017-03-03 05:38:49.612 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb 2017-03-03 05:38:49.612 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb 2017-03-03 05:38:53.862 Could not open C:\Windows\System32\config\BBI 2017-03-03 05:38:54.252 Could not open C:\Windows\System32\config\RegBack\DEFAULT 2017-03-03 05:38:54.268 Could not open C:\Windows\System32\config\RegBack\SAM 2017-03-03 05:38:54.268 Could not open C:\Windows\System32\config\RegBack\SECURITY 2017-03-03 05:38:54.268 Could not open C:\Windows\System32\config\RegBack\SOFTWARE 2017-03-03 05:38:54.268 Could not open C:\Windows\System32\config\RegBack\SYSTEM 2017-03-03 06:08:10.345 The following items will be cleaned up: 2017-03-03 06:08:10.345 Mal/VMProtBad-A FRST.txt Addition.txt

Here is the fixlog Fixlog.txt

OK so here are those FRST logs FRST.txt

I get a problem that says The requested resource is in use. But i need to use malwarebytes to scan for this winvmx client that is eating my cpu. FRST_28-02-2017 15.52.03.txt Addition_28-02-2017 15.52.02.txt MB-CheckResult.txt

I am also having this problem