Javi21

No redirects at all. Although it seems that I have been logged out of websites after the fix. (I am assuming that is part of the fix.) Everything seems to be fine now. Thank you so much for your time and help. I'll be sending a donation soon for your help. Again, I really do appreciate the help. Thank you. Javier.

Here's the fresh scan. FRST.txt

Here are the logs requested. ROGUEKILLER LOG: RogueKiller V12.11.29.0 (x64) [Dec 18 2017] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 8.1 (6.3.9600) 64 bits version Started in : Normal mode User : JavierEsquedaH [Administrator] Started from : C:\Users\JavierEsquedaH\Downloads\RogueKiller_portable64.exe Mode : Scan -- Date : 12/20/2017 12:18:35 (Duration : 00:10:51) ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 0 ¤¤¤ ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: WDC WD10EZEX-08WN4A0 +++++ --- User --- [MBR] 09f761b9bf260de84d212189eb6c669a [BSP] 2f264f9f04296da269ebdc8892ef0fd7 : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 953516 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: SanDisk SDSSDA240G +++++ --- User --- [MBR] 3bd601101a50915ec7e6eb5e09829fc6 [BSP] 5369aa481ad8f8909e57952d49ada50f : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 228934 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK Also, It seems that the only executable remaining is NvstLink. That seems to be a Nvidia executable but it does not have a publisher. Should I be worried? Or is it legitamate? Fixlog.txt

Here are the new logs. Addition.txt FRST.txt

So I ran the fix and it seemed to delete the folders in question. But in the task manager, there are still some "irredeemable" and "Rhymed" executables. Here is the fixlog. .exe in question: "Chrome" "Irredeemable" "Nvstlink" "Rhymed" Fixlog.txt Thank you.

Also, when I open task manager and click on the "startup" tab there are still .exe files listed. "Irredeemable" and "Rhymed" amd "Lecherous." These were executables/adware running sound ads when I first got infected with the virus. When I go to right click them, some say disable and some say enable. What should I do with these? Is there a way to remove them completely?

Hey Kevin. Here are the logs requested. EXPORT SUMMARY: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/19/17 Scan Time: 6:09 PM Log File: 7f34f827-e522-11e7-b9ca-fcaa14576a43.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.262 Update Package Version: 1.0.3523 License: Free -System Information- OS: Windows 8.1 CPU: x64 File System: NTFS User: JAVIERSPC\JavierEsquedaH -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 260989 Threats Detected: 0 (No malicious items detected) Threats Quarantined: 0 (No malicious items detected) Time Elapsed: 1 min, 47 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) (end) MBAM LOG: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/19/17 Scan Time: 6:09 PM Log File: 7f34f827-e522-11e7-b9ca-fcaa14576a43.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.262 Update Package Version: 1.0.3523 License: Free -System Information- OS: Windows 8.1 CPU: x64 File System: NTFS User: JAVIERSPC\JavierEsquedaH -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 260989 Threats Detected: 0 (No malicious items detected) Threats Quarantined: 0 (No malicious items detected) Time Elapsed: 1 min, 47 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) (end) ADWCLEANER LOG: # AdwCleaner 7.0.5.0 - Logfile created on Wed Dec 20 01:15:48 2017 # Updated on 2017/29/11 by Malwarebytes # Database: 12-19-2017.1 # Running on Windows 8.1 Pro (X64) # Mode: scan # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries. ************************* C:/AdwCleaner/AdwCleaner[C0].txt - [1993 B] - [2017/12/18 21:36:25] C:/AdwCleaner/AdwCleaner[S0].txt - [1996 B] - [2017/12/18 21:36:1] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########\ MSRT LOG: --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.55, December 2017 (build 5.55.14421.1) Started On Tue Dec 19 18:18:53 2017 Engine: 1.1.14405.2 Signatures: 1.257.1160.0 Run Mode: Interactive Graphical Mode Quick Scan Results: ------------------- Threat Detected: BrowserModifier:Win32/Soctuseer!excl and Removed! Action: Remove, Result: 0x00000000 regkeyvalue://HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\\C:\Windows\26325214ac02082f69ec05413f5dc897.exe SigSeq: 0x000005554A1D9F60 regkeyvalue://HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\\c:\program files\4c26469f829b7e888ce0cc73ec4158e0\ SigSeq: 0x000005554A1D9F60 Results Summary: ---------------- Found BrowserModifier:Win32/Soctuseer!excl and Removed! Microsoft Windows Malicious Software Removal Tool Finished On Tue Dec 19 18:21:36 2017 Return code: 6 (0x6) I Have a question, in the top of the previous post, you had me put the fixlist file into the same folder as FRST. But it did not say that I should run the program. Should I open FRST and run the fix? or is that not a part of the fix. By the way, it seems that I now have full access to the two folders titled "reconhb" and "sccgonh." (The folders that I could not access before and were the origin of the "Windows Process Manager (32 bit).") I believe I should delete these, correct?

Here are the logs. I have a few not-so-important questions. Is this virus the infected me the so-called "s5mark"? and what is it doing, is it spyware, strictly adware? BELLOW IS THE EXPORTSUMMARY: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/19/17 Scan Time: 7:55 AM Log File: 9e8e7946-e4cc-11e7-ae6a-fcaa14576a43.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.262 Update Package Version: 1.0.3521 License: Free -System Information- OS: Windows 8.1 CPU: x64 File System: NTFS User: JAVIERSPC\JavierEsquedaH -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 260890 Threats Detected: 5 Threats Quarantined: 5 Time Elapsed: 1 min, 46 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 1 Adware.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarantined, [452], [-1],0.0.0 Registry Value: 3 Adware.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [452], [-1],0.0.0 Adware.Wajam, HKU\S-1-5-21-3177479126-454972335-2971366226-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [452], [-1],0.0.0 Adware.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [452], [-1],0.0.0 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Adware.Wajam, C:\WINDOWS\TEMP\WJM2083.TMP\UPDATE.EXE, Quarantined, [452], [471140],1.0.3521 Physical Sector: 0 (No malicious items detected) (end) BELLOW IS THE MBAM LOG: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/19/17 Scan Time: 7:55 AM Log File: 9e8e7946-e4cc-11e7-ae6a-fcaa14576a43.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.262 Update Package Version: 1.0.3521 License: Free -System Information- OS: Windows 8.1 CPU: x64 File System: NTFS User: JAVIERSPC\JavierEsquedaH -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 260890 Threats Detected: 5 Threats Quarantined: 5 Time Elapsed: 1 min, 46 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 1 Adware.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarantined, [452], [-1],0.0.0 Registry Value: 3 Adware.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [452], [-1],0.0.0 Adware.Wajam, HKU\S-1-5-21-3177479126-454972335-2971366226-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [452], [-1],0.0.0 Adware.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [452], [-1],0.0.0 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Adware.Wajam, C:\WINDOWS\TEMP\WJM2083.TMP\UPDATE.EXE, Quarantined, [452], [471140],1.0.3521 Physical Sector: 0 (No malicious items detected) (end) Not sure if these are different, but they were acquired from the methods in #5. Again, thank you for your help. FRST.txt

Thank you so much for your help. I truly appreciate it. I also have a USB drive greater than 4 GB, and a spare machine [hopefully a chromebook works just as well.] to format the USB. (I'm not sure if I need to use it like in Xabarax's case.) I just wanted to let you know that I have it handy if I do need it. Here are the files after scanning with FRST64: Addition.txt FRST.txt

Here are the files asked for. mbar-log-2017-12-18 (22-05-30).txt system-log.txt Fixlog.txt