Jump to content

Recommended Posts

I have Webroot Secure Anywhere and MBAM free running and neither one detects a problem. Yet I still fairly regularly get Captchas when trying to do a Google search. Looking at Resource Monitor today, I noticed that chrome was connecting to compute-1.amazonaws.com, which appears to be associated with Malware. There's also something going on with normal shutdowns being tagged as "unexpected." A few days ago instead of a straight boot I got "Windows is scanning and repairing drive C." When I try to paste the logs I'm told the post is too long so they're attached.FRST.txtAddition.txt

Link to post
Share on other sites

Hello,

    

 

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

 

     

    

Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

:excl: There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

  warning.gif Rules and policies

 

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

 

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 


51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

createsrpoint;autoclean;emptyclsid;emptyalltemp;ipconfig /flushdns >>"%temp%\log.txt";b
  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.
Link to post
Share on other sites

Not sure if it's connected but it was definitely weird. Just had Chrome go "back" two pages and crash to the desktop on me. Then there was a message on the screen asking me if I wanted to give MBAM permission to open but before I could cleck anything, it went away, and kept flashing on the screen. Any ideas what might be happening? I don't see any errors in Event Viewer that might be associated with it.

Link to post
Share on other sites

If it helps, I rand sfc /scannow to see if there was OS corruption and got these messages at the end:

 

2015-10-21 23:00:36, Info                  CSI    00005120 [sR] Verify complete
2015-10-21 23:00:36, Info                  CSI    00005121 [sR] Repairing 1 components
2015-10-21 23:00:36, Info                  CSI    00005122 [sR] Beginning Verify and Repair transaction
2015-10-21 23:00:36, Info                  CSI    00005123 [sR] Repairing corrupted file [ml:114{57},l:112{56}]"\??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs"\[l:20{10}]"Search.lnk" from store
2015-10-21 23:00:36, Info                  CSI    00005124 [DIRSD OWNER WARNING] Directory [ml:98{49},l:96{48}]"\??\C:\WINDOWS\SystemResources\Windows.UI.Search" is not owned but specifies SDDL in component Microsoft-Windows-UI-Search, pA = amd64, nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}
 
2015-10-21 23:00:36, Info                  CSI    00005125 [DIRSD OWNER WARNING] Directory [ml:112{56},l:110{55}]"\??\C:\WINDOWS\SystemResources\Windows.UI.Search\Images" is not owned but specifies SDDL in component Microsoft-Windows-UI-Search, pA = amd64, nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}
 
2015-10-21 23:00:36, Info                  CSI    00005126 Warning - Overlap: Duplicate ownership for directory [l:96{48}]"\??\C:\WINDOWS\SystemResources\Windows.UI.Search" in component Microsoft-Windows-UI-Search, Version = 10.0.10240.16386, pA = amd64, nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}
 
2015-10-21 23:00:36, Info                  CSI    00005127 Warning - Overlap: Duplicate ownership for directory [l:124{62}]"\??\C:\WINDOWS\SystemResources\Windows.UI.Search\XAMLTemplates" in component Microsoft-Windows-UI-Search, Version = 10.0.10240.16386, pA = amd64, nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}
 
2015-10-21 23:00:36, Info                  CSI    00005128 Warning - Overlap: Duplicate ownership for directory [l:110{55}]"\??\C:\WINDOWS\SystemResources\Windows.UI.Search\Images" in component Microsoft-Windows-UI-Search, Version = 10.0.10240.16386, pA = amd64, nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}
Link to post
Share on other sites

FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content into your next reply.
Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.