kevinf80

Hello tonyenkiducx and welcome to malwarebytes.... Continue with the following: If you do not have Malwarebytes installed do the following: Download Malwarebytes from the following link: https://www.malwarebytes.com/mwb-download/thankyou/ or, https://downloads.malwarebytes.com/file/mb4_offline Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions.... When the install completes or Malwarebytes is already installed do the following: Open Malwarebytes, select > "settings" > "security tab" Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Go back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes quarantine any found entries... To get the log from Malwarebytes do the following: Single click on the target sight above scanner window. In the new window select Report Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options: Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply Export toTxt - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Export to Txt" then attach the log to your reply... Next, Download AdwCleaner by Malwarebytes onto your Desktop. Or from this Mirror Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Next, Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status... Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Let me see those logs in your reply... Thank you, Kevin....

Hiya rpheus, Your system appears to be infected with some kind of rootkit, FRST did flag it but the entry is locked. I want you to run FRST via the recovery environment and see what that log shows us.. Please download Farbar Recovery Scan Tool from here: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Plug the flash drive into the infected PC. If you are using Windows 8 or 10 consult How to use the Windows 8 or 10 System Recovery Environment Command Prompt Here: http://www.howtogeek.com/126016/three-ways-to-access-the-windows-8-boot-options-menu/ to enter System Recovery Command prompt. Select Command Prompt In the command window type in notepad and press Enter. The notepad opens. Under File menu select Open. Select "Computer" and find your flash drive letter and close the notepad. In the command window type e:\frst64 or e:\frst depending on your version. Press Enter Note: Replace letter e with the drive letter of your flash drive. The tool will start to run. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (frst.txt) on the flash drive. Please copy and paste it to your reply. Thank you, Kevin

Hello joghurtbubi and welcome to Malwarebytes, Continue please: Open Malwarebytes, select > "settings" > "security tab" Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Go back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes quarantine any found entries... To get the log from Malwarebytes do the following: Single click on the target sight above scanner window. In the new window select Report Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options: Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply Export toTxt - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Export to Txt" then attach the log to your reply... Next, I want two fresh logs from FRST, before running rename FRST64.exe by adding the word English so you have EnglishFRST.exe... Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt" Thank you, Kevin...

Hello rpheus and welcome to Malwaebytes, Please download Malwarebytes Anti-Rootkit from here Right click on the tool (select "Run as Administrator) to start the extraction to a convenient location. (Desktop is preferable) Open the folder where the contents were unzipped and run mbar.exe Follow the instructions in the wizard to update and allow the program to scan your computer for threats. Click on the Cleanup button to remove any threats and reboot if prompted to do so. Wait while the system shuts down and the cleanup process is performed. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process. When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt Let me see those logs in your reply.. Thank you, Kevin

Thanks for the update, let me know what happens..

Ok, i`ve had to install Opera to find out how to remove synced data from Opera servers... Go here: https://www.sync.opera.com/ when that link opens select "Reset Passphrase" That will open a new window where you confirm "Reset Passphrase" That action will remove all synced data from Opera servers...... Do not re-sync any data until the issue you have has definitely ceased.... Did that clear the servers..? next, If servers are cleared: Open Opera > select "O" from top lefthand corner > select "Bookmarks" > select "Export Bookmarks" save you bookmarks file to a place of your choice. Next, Open Opera > select "O" from top lefthand corner > select "Settings" > select "Advanced" > select "Browser" > scroll to bottom of page > select "restore settings to original defaults" > confirm the reset on the reset window. Next, If Opera is now behaving correctly and the blocks have ceased you can import your bookmarks: Open Opera > select "O" from top lefthand corner > select "Bookmarks" > select "Import Bookmarks" follow the prompts to import your bookmarks. When you are sure Opera is behaving correctly you can resync data again... Thank you, Kevin

Ok...

There is no reset data button. When you open the the link you will be asked to sign in, unless you are already signed in to Opera browser. If you have any synced data saved you should be given the option to clear data. If you have not activated sync you should be told "you have no synced data stored...

Hello Emperor and welcome to malwarebytes.... Continue with the following: If you do not have Malwarebytes installed do the following: Download Malwarebytes from the following link: https://www.malwarebytes.com/mwb-download/thankyou/ or, https://downloads.malwarebytes.com/file/mb4_offline Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions.... When the install completes or Malwarebytes is already installed do the following: Open Malwarebytes, select > "settings" > "security tab" Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Go back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes quarantine any found entries... To get the log from Malwarebytes do the following: Single click on the target sight above scanner window. In the new window select Report Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options: Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply Export toTxt - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Export to Txt" then attach the log to your reply... Next, Download AdwCleaner by Malwarebytes onto your Desktop. Or from this Mirror Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Next, Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status... Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Let me see those logs in your reply... Thank you, Kevin....

Hello Loot, Continue please: Upload a File to Virustotal Go to http://www.virustotal.com/ Click the Choose file button Navigate to the file c:\windows\syswow64\astsrv.exe Click the Scan it tab If you get a message saying File has already been analyzed: click Reanalyze file now Copy and paste the URL address back here please. Thank you, Kevin

use the folowing link to clear sync data from servers, you will have to sign in unless you are already signed in through the browser.. http://sync.opera.com/web/

Excellent, just what we like to hear. Regards, Kevin..

Ok thanks...

Hello Loot, Thanks for those logs, continue please: Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix" NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Download "Microsoft's Safety Scanner" and save direct to the desktop Ensure to get the correct version for your system.... https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window In the "Scan Type" window, select Quick Scan Perform a scan and Click Finish when the scan is done. Retrieve the MSRT log as follows, and post it in your next reply: 1) Select the Windows key and R key together to open the "Run" function 2) Type or Copy/Paste the following command to the "Run Line" and Press Enter: notepad c:\windows\debug\mrt.log The log will include log details for each time MSRT has run, we only need the most recent log by date and time.... next, Scan with Autoruns Please download Sysinternals Autoruns from the following link: https://live.sysinternals.com/autoruns.exe save it to your desktop. Note: If using Windows Vista, Windows 7, Windows 8/8.1 or Windows 10 then you also need to do the following: Right-click on Autoruns.exe and select Properties Click on the Compatibility tab Under Privilege Level check the box next to Run this program as an administrator Click on Apply then click OK Double-click Autoruns.exe to run it. Once it starts, please press the Esc key on your keyboard. Now that scanning is stopped, click on the Options button at the top of the program and verify that the following are checked, if they are unchecked, check them: Hide empty locations Hide Windows entries Click on the Options button at the top of the program and select Scan Options... then in the Autoruns Scan Options dialog enable/check the following two options: Verify code signatures Check VirusTotal.com Once that's done click the Rescan button at the bottom of the Autoruns Scan Options dialog and this will start the scan again, this time let it finish. When it's finished and says Ready. on the lower left of the program window, please click on the File button at the top of the program and select Save and save the file to your desktop and close Autoruns. Right click on the file on your desktop that you just saved and hover your mouse over Send To and select Compressed (zipped) Folder Attach the ZIP folder you just created to your next reply Let me see those logs in your reply... Thank you, Kevin.. fixlist.txt

It seems to be down to Opera causing the problem. Continue: Open Opera > select "O" from top lefthand corner > select "Bookmarks" > select "Export Bookmarks" save you bookmarks file to a place of your choice. Next, Open Opera > select "O" from top lefthand corner > select "Settings" > select "Advanced" > select "Browser" > scroll to bottom of page > select "restore settings to original defaults" > confirm the reset on the reset window. Next, Select this link: https://help.opera.com/en/account/ From that link select "I want to clear my synced data" follow those instructions to clear synced data from Opera servers, that will clear any chance of return of the browser hijack. Next, Open Opera > select "O" from top lefthand corner > select "Bookmarks" > select "Import Bookmarks" follow the prompts to import your bookmarks. Does that help..?