RavenSpawn

Great, will do. Thanks again!

Yes, everything is working fine, was able to shut down and boot back up without a problem, checked all browsers and working just fine no redirects at all. Thank you so much for all your help.

I complete all the steps and so far everything looks good, here are the three reports Malewarebytes Scan Report Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/28/17 Scan Time: 3:57 PM Log File: 29aa35c8-bc1a-11e7-8c16-64d4da5e438a.json Administrator: Yes -Software Information- Version: 3.2.2.2018 Components Version: 1.0.212 Update Package Version: 1.0.3118 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Lexy-HP\Lexy -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 527180 Threats Detected: 0 (No malicious items detected) Threats Quarantined: 0 (No malicious items detected) Time Elapsed: 29 min, 37 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) (end) AdwCleaner Report: # AdwCleaner 7.0.4.0 - Logfile created on Sat Oct 28 20:43:06 2017 # Updated on 2017/27/10 by Malwarebytes # Running on Windows 7 Home Premium (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services deleted. ***** [ Folders ] ***** Deleted: C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe} Deleted: C:\Users\Lexy\AppData\Local\NativeMessaging Deleted: C:\Users\Lexy\AppData\LocalLow\Zynga Deleted: C:\ProgramData\Ask Deleted: C:\Users\Lexy\AppData\Roaming\SoftwareUpdater ***** [ Files ] ***** No malicious files deleted. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks deleted. ***** [ Registry ] ***** Deleted: [Key] - HKU\S-1-5-21-3217872594-2325639934-1021615291-1000\Software\Appscion Deleted: [Key] - HKCU\Software\Appscion Deleted: [Key] - HKLM\SOFTWARE\NpApp Deleted: [Key] - HKLM\SOFTWARE\APN Deleted: [Key] - HKU\S-1-5-21-3217872594-2325639934-1021615291-1000\Software\APN Deleted: [Key] - HKCU\Software\APN Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{3AE26843-9171-4F23-A8E5-5421701276A4} Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{B00FE392-639D-4688-976E-A1BFF368CB96} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96 Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8 Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852 Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2 Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01 Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59 Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6 Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7 Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296 Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472 Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0 Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966d4C29D35B1C9 Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966d4C29D35B1C9 Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888 Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024 Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509 Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Deleted: [Value] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|StormWatchApp.exe Deleted: [Key] - HKLM\SOFTWARE\AskToolbar Deleted: [Key] - HKU\S-1-5-21-3217872594-2325639934-1021615291-1000\Software\Ask.com Deleted: [Key] - HKCU\Software\Ask.com Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044} ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** Plugin deleted: ImTranslator: Translator, Dictionary, TTS - ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [6979 B] - [2017/10/28 20:42:14] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ########## Microsoft Scan Report --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.53, October 2017 (build 5.53.14306.0) Started On Sat Oct 28 16:51:33 2017 Engine: 1.1.14104.0 Signatures: 1.251.1312.0 Run Mode: Interactive Graphical Mode Results Summary: ---------------- No infection found. Successfully Submitted Heartbeat Report Microsoft Windows Malicious Software Removal Tool Finished On Sat Oct 28 16:56:55 2017 Return code: 0 (0x0)

Pleas disregard, I was waiting for about an hour for it Malewarebytes to open and the second I post about it, it pops up. I will follow the rest of the steps now, thank you

Hi Kevin, thank you for your help, I've done the first part and attached is the fixlog, but I was not able to go any further. When I try to open my Malewarebytes it won't open, and since I didn't want to skip a step I haven't done any of the others, so not sure what to do now. Fixlog.txt

Hello, my last scan with Malewarebytes found that I was infected with Trojan:Win32/Tilken.B!cl after the scan I was given the option to remove the threat which I did and restarted my computer. After I did that, when using Chrome, FireFox and Opera it shows that I am not connected to the internet, so besides removing it, it changes some settings, however Internet Explorer connects just fine, I did a system restore to an earlier time, which go me back online but the virus is still on my computer, and I have no idea how to remove it. Attached I have the FRST and Addition file as well as the Report scan from Malewarebytes that I saved when it first came up. Thank you Addition.txt FRST.txt Report scan 10.26.17.txt