Jump to content

Vynlendus

Members
  • Posts

    12
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Seems to be working perfectly now, thanks again Ron!
  2. I've reset all of the browsers, though I'm not sure what I should be looking for to make sure it's resolved any issues. I did notice that Chrome still had all of my "Most Visited" tabs, and I did find that a bit weird. It also has all of the suggested searches from when I would search something directly from the address bar.
  3. The problem is very similar to last time, where my connection is fine for 24-48 hours after restarting my PC, but then my connection will crash, and come back with 3-4Mbps, where I usually get 230-240Mbps, so I won't be able to tell if the problem has been resolved immediately. Though, here are the new files from FRST. FRST.txt Addition.txt
  4. I've left out the FRST logs, as I linked them previously. If you need me to re-run the scan, I'll surely do so. # AdwCleaner 7.0.1.0 - Logfile created on Wed Aug 23 17:17:12 2017 # Updated on 2017/05/08 by Malwarebytes # Running on Windows 10 Pro (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services deleted. ***** [ Folders ] ***** Deleted: C:\Users\vynle\Desktop\Controller ***** [ Files ] ***** No malicious files deleted. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks deleted. ***** [ Registry ] ***** Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ak.staticimgfarm.com Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\staticimgfarm.com Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\gamingwonderland.dl.myway.com Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\myway.com ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries deleted. ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[C0].txt - [5082 B] - [2017/7/30 19:32:18] C:/AdwCleaner/AdwCleaner[S0].txt - [5434 B] - [2017/7/30 19:31:36] C:/AdwCleaner/AdwCleaner[S1].txt - [2093 B] - [2017/8/23 17:14:34] ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ########## MalwareBytes Scan.txt
  5. As requested, the logs created by FRST FRST.txt Addition.txt
  6. Just ran a scan, and everything is still looking great! Thank you so much for your help, Ron.
  7. I'm not quite sure yet. Usually after I would run any type of scan and restart my computer it would stop for a few hours, up to 2 days, and then it would randomly start up again. Though, I do believe this is by far the most intrusive scan/removal attempt, so I have high hopes for it being resolved. Would it be alright to keep the thread open for 48 hours, and if anything starts back up for me to just throw in a reply, or would you prefer if we just close the thread and if the problem persists I can PM you.
  8. I did reboot the computer, and there was around 3-5 minutes of it scanning saying "Scanning and repairing C:" followed by the progress. My operating system is on an SSD, so that may be why. The time frame could be incredibly wrong, but I feel it was no more than 20 minutes.
  9. I've uninstalled any versions of Java that I had, along with running the registry file you've sent. I attached the fixlog from FRST64, but I cannot seem to find C:\PROGRA~3\20707362\4f95a8ba.dll anywhere. I searched all of my C drive, and I came up with no results, so I tried searching all of my hard drives and I still came up blank Fixlog.txt
  10. It seems my MalwareBytes3 didn't pick up on anything, as the last time I noticed an issue I did a scan and restarted my computer (after a few hours of my computer being on, it seems the malware returns). Though, last time I did attempt to look up the detected file, and here was the name (if it's any help). "HKU\S-1-5-31-2717128537-3816681412-2988564888-1001\CONSOLE\TASKENG.EXE|WINDOWPOSITION" Here is the export of my AdwCleaner: # AdwCleaner 7.0.0.0 - Logfile created on Sun Jul 30 19:32:18 2017 # Updated on 2017/17/07 by Malwarebytes # Running on Windows 10 Pro (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services deleted. ***** [ Folders ] ***** Deleted: C:\Users\vynle\AppData\Roaming\acestream Deleted: C:\Users\vynle\AppData\LocalLow\.acestream Deleted: C:\Users\vynle\AppData\Roaming\.acestream ***** [ Files ] ***** No malicious files deleted. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks deleted. ***** [ Registry ] ***** Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d10lpsik1i8c69.cloudfront.net Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d10lpsik1i8c69.cloudfront.net Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d10lpsik1i8c69.cloudfront.net Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d10lpsik1i8c69.cloudfront.net Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{245F50C1-5EC0-4126-A297-1B38492E8CA8}C:\users\vynle\appdata\roaming\acestream\engine\ace_engine.exe Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{62BDD16B-7833-429A-9DED-13AEB68BFDF7}C:\users\vynle\appdata\roaming\acestream\engine\ace_engine.exe Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{8E4EEBC9-7F39-4CBB-BFF5-1DE09A63B55E}C:\users\vynle\appdata\roaming\acestream\engine\ace_engine.exe Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{BF94A126-745C-4E56-9ADC-68722B901736}C:\users\vynle\appdata\roaming\acestream\engine\ace_engine.exe Deleted: [Key] - HKU\S-1-5-21-2717128537-3816681413-2988564888-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\REOptimizer Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\REOptimizer Deleted: [Key] - HKLM\SOFTWARE\InterSect Alliance Deleted: [Key] - HKLM\SOFTWARE\msServer Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{59B5A9CD-253D-4C41-A073-B387D4C9672D} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146} Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A} Deleted: [Value] - HKU\S-1-5-21-2717128537-3816681413-2988564888-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|eviddx Deleted: [Key] - HKLM\SOFTWARE\Classes\DesktopBackground\Shell\Add event reminder Deleted: [Key] - HKLM\SOFTWARE\Classes\Directory\Background\shell\Add event reminder Deleted: [Key] - HKLM\SOFTWARE\Classes\Directory\shell\Add event reminder Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing Deleted: [Key] - HKLM\SOFTWARE\Classes\*\shell\Add event reminder Deleted: [Key] - HKLM\SOFTWARE\ScreenShot ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** SearchProvider deleted: AOL - aol.com SearchProvider deleted: AOL - aol.com SearchProvider deleted: Ask - ask.com SearchProvider deleted: Ask - ask.com ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [5434 B] - [2017/7/30 19:31:36] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ########## MyScheduledTasks.txt MyConsoleSettings.txt MalwareBytes Export.txt
  11. It seems as if I can no longer edit my original post, and I forgot to attach my FRST and Addition.txt files, apologies for the bump. Addition.txt FRST.txt
  12. I believe that something is using Windows Powershell to infect my computer. I've tried running scans from MalwareBytes, and many other anti-rootkit providers but I can't seem to get rid of the malware. I believe the malware is using my computer on a botnet, based on this:
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.