Jump to content

Do i have a virus or not?


Recommended Posts

So yesterday as i played with my gamepad both my keyboard and gamepad started to press buttons randomly so i started to search for something suspicious in my task manager and found 2 dllhost.exe processes, one was located at C:/Windows/system32 and one at C:/Windows/SySWOW64....now after some research i found out the SySWOW64 one seems to be a trojan but after asking for help and scanning with recommended software at malwaretips.com they said my pc seems clean but i highly doubt it...

Heres some logs i got from scanning with FRST:

Addition.txt

FRST.txt

Link to post
Share on other sites

Hello Vekuli and welcome to Malwarebytes...

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

My screen name is kevinf80, i`m here to help clean up your system, continue as follows please:

The folder you mention C:\Windows\Syswow64 is not malicious, it is a system folder for 64 bit operating systems, it aint present in 32 bit systems......

Is your system infected, well there are a couple of suspicious files running from the Temp folder, not sure why they are there or what produced them... Lets continue, run the following please and post the produced logs...

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Please open Malwarebytes Anti-Malware.
 
  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete Apply Actions to any found entries.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:
 
  • Click on the History tab > Application Logs.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download AdwCleaner by Xplode onto your Desktop.

 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...

Next,

Download Sophos Free Virus Removal Tool
and save it to your desktop.
 
  • Double click the icon and select Run
Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View log file... (bottom left hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found please confirm that result....

Let me see those logs in your reply, also give an update on any remaining issues or concerns...

Thank you,

Kevin...

 

Fixlist.txt

Link to post
Share on other sites

Heres the FRST fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version:03-06-2016
Ran by User (2016-06-04 13:46:33) Run:1
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
S1 eqcpqxgh; \??\C:\Windows\system32\drivers\eqcpqxgh.sys [x]
S1 rgqxleuo; \??\C:\Windows\system32\drivers\rgqxleuo.sys [x]
C:\$Recycle.Bin\S-1-5-20\$7f423d6bb8301d0cfc6ddd327d766fda
C:\Windows\svchost.exe
C:\ProgramData\0949343.pad
C:\ProgramData\4v7x6c2B2.dat
C:\Users\Fabian Zayas\AppData\Local\Temp
DeleteJunctionsIndirectory: C:\Windows\system64

*****************

eqcpqxgh => service not found.
rgqxleuo => service not found.
"C:\$Recycle.Bin\S-1-5-20\$7f423d6bb8301d0cfc6ddd327d766fda" => not found.
"C:\Windows\svchost.exe" => not found.
"C:\ProgramData\0949343.pad" => not found.
"C:\ProgramData\4v7x6c2B2.dat" => not found.
"C:\Users\Fabian Zayas\AppData\Local\Temp" => not found.
"C:\Windows\system64" => not found

==== End of Fixlog 13:46:33 ====

 

Then the Malwarebytes log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4.6.2016
Scan Time: 13:48
Logfile: 
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.06.04.03
Rootkit Database: v2016.05.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: User

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 413311
Time Elapsed: 9 min, 3 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

And finally the Sophos log:

2016-06-04 11:15:17.413    Sophos Virus Removal Tool version 2.5.5
2016-06-04 11:15:17.413    Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2016-06-04 11:15:17.413    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2016-06-04 11:15:17.413    Windows version 6.2 SP 0.0  build 9200 SM=0x300 PT=0x1 WOW64
2016-06-04 11:15:17.414    Checking for updates...
2016-06-04 11:15:17.425    Update progress: proxy server not available
2016-06-04 11:15:25.129    Option all = no
2016-06-04 11:15:25.129    Option recurse = yes
2016-06-04 11:15:25.131    Option archive = no
2016-06-04 11:15:25.131    Option service = yes
2016-06-04 11:15:25.131    Option confirm = yes
2016-06-04 11:15:25.131    Option sxl = yes
2016-06-04 11:15:25.131    Option max-data-age = 35
2016-06-04 11:15:25.131    Option EnableSafeClean = yes
2016-06-04 11:15:26.457    Option vdl-logging = yes
2016-06-04 11:15:26.461    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2016-06-04 11:15:26.461    Machine ID:    8f74d09f56bd4412bf7f624dc0c62b83
2016-06-04 11:15:26.461    Component SVRTcli.exe version 2.5.5
2016-06-04 11:15:26.461    Component control.dll version 2.5.5
2016-06-04 11:15:26.461    Component SVRTservice.exe version 2.5.5
2016-06-04 11:15:26.462    Component engine\osdp.dll version 1.44.1.2250
2016-06-04 11:15:26.462    Component engine\veex.dll version 3.65.0.2250
2016-06-04 11:15:26.462    Component engine\savi.dll version 9.0.1.2250
2016-06-04 11:15:26.462    Component rkdisk.dll version 1.5.30.0
2016-06-04 11:15:26.462    Version info:    Product version    2.5.5
2016-06-04 11:15:26.463    Version info:    Detection engine    3.65.0
2016-06-04 11:15:26.463    Version info:    Detection data    5.26
2016-06-04 11:15:26.463    Version info:    Build date    5.4.2016
2016-06-04 11:15:26.463    Version info:    Data files added    416
2016-06-04 11:15:26.463    Version info:    Last successful update    (not yet updated)
2016-06-04 11:15:43.202    Downloading updates...
2016-06-04 11:15:43.205    Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0 
2016-06-04 11:15:43.205    Update progress: [I49502] Found supplement SAVIW32 LATEST 
2016-06-04 11:15:43.205    Update progress: [I49502] Found supplement IDE527 LATEST 
2016-06-04 11:15:43.205    Update progress: [I49502] Found supplement IDE528 LATEST 
2016-06-04 11:15:43.205    Update progress: [I49502] Found supplement IDE529 LATEST 
2016-06-04 11:15:43.205    Update progress: [I49502] Found supplement IDE530 LATEST 
2016-06-04 11:15:43.205    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2016-06-04 11:15:43.205    Update progress: [I19463] Syncing product SAVIW32 70
2016-06-04 11:15:43.503    Update progress: [E83521] Cannot create stream http://d1.sophosupd.com/update/6f8393b828fab0dd34cee799cabe1b0dx000.dat
2016-06-04 11:15:43.503    Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0 
2016-06-04 11:15:43.503    Update progress: [I49502] Found supplement SAVIW32 LATEST 
2016-06-04 11:15:43.503    Update progress: [I49502] Found supplement IDE527 LATEST 
2016-06-04 11:15:43.503    Update progress: [I49502] Found supplement IDE528 LATEST 
2016-06-04 11:15:43.503    Update progress: [I49502] Found supplement IDE529 LATEST 
2016-06-04 11:15:43.503    Update progress: [I49502] Found supplement IDE530 LATEST 
2016-06-04 11:15:43.503    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2016-06-04 11:15:43.503    Update progress: [I19463] Syncing product SAVIW32 70
2016-06-04 11:15:58.281    Update progress: [I19463] Syncing product IDE527 142
2016-06-04 11:15:59.160    Installing updates...
2016-06-04 11:15:59.764    Error level 1
2016-06-04 11:15:59.780    Update progress: [I19463] Syncing product IDE528 127
2016-06-04 11:15:59.780    Update progress: [I19463] Syncing product IDE529 135
2016-06-04 11:15:59.780    Update progress: [I19463] Syncing product IDE530 18
2016-06-04 11:16:04.021    Update successful
2016-06-04 11:16:11.724    Option all = no
2016-06-04 11:16:11.724    Option recurse = yes
2016-06-04 11:16:11.724    Option archive = no
2016-06-04 11:16:11.724    Option service = yes
2016-06-04 11:16:11.724    Option confirm = yes
2016-06-04 11:16:11.724    Option sxl = yes
2016-06-04 11:16:11.726    Option max-data-age = 35
2016-06-04 11:16:11.726    Option EnableSafeClean = yes
2016-06-04 11:16:12.117    Option vdl-logging = yes
2016-06-04 11:16:12.120    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2016-06-04 11:16:12.120    Machine ID:    8f74d09f56bd4412bf7f624dc0c62b83
2016-06-04 11:16:12.121    Component SVRTcli.exe version 2.5.5
2016-06-04 11:16:12.121    Component control.dll version 2.5.5
2016-06-04 11:16:12.121    Component SVRTservice.exe version 2.5.5
2016-06-04 11:16:12.121    Component engine\osdp.dll version 1.44.1.2250
2016-06-04 11:16:12.121    Component engine\veex.dll version 3.65.0.2250
2016-06-04 11:16:12.121    Component engine\savi.dll version 9.0.1.2250
2016-06-04 11:16:12.121    Component rkdisk.dll version 1.5.30.0
2016-06-04 11:16:12.121    Version info:    Product version    2.5.5
2016-06-04 11:16:12.122    Version info:    Detection engine    3.65.0
2016-06-04 11:16:12.122    Version info:    Detection data    5.26
2016-06-04 11:16:12.122    Version info:    Build date    5.4.2016
2016-06-04 11:16:12.122    Version info:    Data files added    416
2016-06-04 11:16:12.122    Version info:    Last successful update    4.6.2016 14:16:04

2016-06-04 11:57:10.971    Could not open C:\hiberfil.sys
2016-06-04 11:57:11.258    Could not open C:\pagefile.sys
2016-06-04 12:04:25.725    Could not open C:\swapfile.sys
2016-06-04 12:04:38.991    Could not open C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Current Session
2016-06-04 12:04:38.991    Could not open C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
2016-06-04 12:09:13.058    Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2016-06-04 12:09:13.059    Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2016-06-04 12:09:14.528    Could not open C:\Windows\System32\config\BBI
2016-06-04 12:09:14.576    Could not open C:\Windows\System32\config\RegBack\DEFAULT
2016-06-04 12:09:14.577    Could not open C:\Windows\System32\config\RegBack\SAM
2016-06-04 12:09:14.578    Could not open C:\Windows\System32\config\RegBack\SECURITY
2016-06-04 12:09:14.579    Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2016-06-04 12:09:14.580    Could not open C:\Windows\System32\config\RegBack\SYSTEM
2016-06-04 12:17:17.481    Could not open LOGICAL:0004:00000000
2016-06-04 12:17:17.492    Could not open E:\
2016-06-04 12:34:42.677    >>> Virus 'Mal/Scribble-D' found in file F:\Other games\Crysis 3\Bin32\Crysis3.exe
2016-06-04 12:34:42.677    Disinfection not offered
2016-06-04 12:34:50.053    >>> Virus 'Troj/Agent-AJTU' found in file F:\Other games\Crysis 3\Bin32\rld.dll
2016-06-04 13:07:15.519    Could not open PHYSICAL:0082:0000:0000:0001
2016-06-04 13:07:15.520    The following items will be cleaned up:
2016-06-04 13:07:15.520    Troj/Agent-AJTU
2016-06-04 13:07:15.520    Mal/Scribble-D
 

Link to post
Share on other sites

Yeah sorry looks like i messed up the fixlist but this one should be correct:

C:\Users\User\AppData\Local\Temp\SetupUtil.exe
C:\Users\User\AppData\Local\Temp\SEUHHHCMC.exe
C:\Users\User\AppData\Local\Temp\tmpCA4E.exe
C:\Users\User\AppData\Local\Temp\VTJGVGW.exe
Task: {0E8EB71E-0BFA-4F87-A2E8-CDAEF23AE7DE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {1E86F5F1-C69B-4FC5-BF40-83E623B5F2C0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {21C591DF-04DF-4A23-8BB8-357F2ED4D916} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {28A485AA-5061-46FA-9A6F-AD75F03018F4} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {61FCEE17-703A-4BE8-ABFF-7684652601AB} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {7FDE7FC5-56AB-4335-AB0C-49CD90C52E0D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {A0DA9AFC-E298-43F9-9F80-D3BCBEA822DF} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {AA491438-2549-4466-B660-D2E7D29FC795} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {BCB1A8DF-954B-4FEE-8610-9FC67720704D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {DB47069B-3A0C-4B6D-BD66-2222CCF33437} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {DC9953C4-9818-41FB-8779-86FBB0EA7DB0} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {F4E3FA5A-ED08-498B-AB52-B25DBA6517F0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
CMD: ipconfig /flushdns
EmptyTemp:
end

*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
idsvc => service removed successfully
wpcsvc => service removed successfully
C:\Users\User\AppData\Roaming\uninst.log => moved successfully
C:\Users\User\AppData\Roaming\uninst45.log => moved successfully
C:\ProgramData\temp25.log => moved successfully
C:\ProgramData\temp54.log => moved successfully
C:\Users\User\AppData\Local\Temp\KADILEBHV.exe => moved successfully
C:\Users\User\AppData\Local\Temp\mediaget-uninstaller.exe => moved successfully
C:\Users\User\AppData\Local\Temp\Nexus Mod Manager-0.61.14.exe => moved successfully
C:\Users\User\AppData\Local\Temp\SetupUtil.exe => moved successfully
C:\Users\User\AppData\Local\Temp\SEUHHHCMC.exe => moved successfully
C:\Users\User\AppData\Local\Temp\tmpCA4E.exe => moved successfully
C:\Users\User\AppData\Local\Temp\VTJGVGW.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E8EB71E-0BFA-4F87-A2E8-CDAEF23AE7DE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E8EB71E-0BFA-4F87-A2E8-CDAEF23AE7DE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1E86F5F1-C69B-4FC5-BF40-83E623B5F2C0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E86F5F1-C69B-4FC5-BF40-83E623B5F2C0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{21C591DF-04DF-4A23-8BB8-357F2ED4D916}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21C591DF-04DF-4A23-8BB8-357F2ED4D916}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{28A485AA-5061-46FA-9A6F-AD75F03018F4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{28A485AA-5061-46FA-9A6F-AD75F03018F4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{61FCEE17-703A-4BE8-ABFF-7684652601AB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61FCEE17-703A-4BE8-ABFF-7684652601AB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7FDE7FC5-56AB-4335-AB0C-49CD90C52E0D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FDE7FC5-56AB-4335-AB0C-49CD90C52E0D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A0DA9AFC-E298-43F9-9F80-D3BCBEA822DF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0DA9AFC-E298-43F9-9F80-D3BCBEA822DF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AA491438-2549-4466-B660-D2E7D29FC795}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA491438-2549-4466-B660-D2E7D29FC795}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BCB1A8DF-954B-4FEE-8610-9FC67720704D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BCB1A8DF-954B-4FEE-8610-9FC67720704D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB47069B-3A0C-4B6D-BD66-2222CCF33437}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB47069B-3A0C-4B6D-BD66-2222CCF33437}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DC9953C4-9818-41FB-8779-86FBB0EA7DB0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC9953C4-9818-41FB-8779-86FBB0EA7DB0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F4E3FA5A-ED08-498B-AB52-B25DBA6517F0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4E3FA5A-ED08-498B-AB52-B25DBA6517F0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => 1.6 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 18:52:46 ====

 

The Sophos scan will take a while tho ill propably get it done for tomorrow as im quite busy right now.

Link to post
Share on other sites

So Sophos found 2 viruses and managed to delete on of them. Then it said it had found more threats and i should scan again and i did but it onyl found that same virus that it couldnt remove. Heres the log:

2016-06-04 11:15:17.413    Sophos Virus Removal Tool version 2.5.5
2016-06-04 11:15:17.413    Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2016-06-04 11:15:17.413    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2016-06-04 11:15:17.413    Windows version 6.2 SP 0.0  build 9200 SM=0x300 PT=0x1 WOW64
2016-06-04 11:15:17.414    Checking for updates...
2016-06-04 11:15:17.425    Update progress: proxy server not available
2016-06-04 11:15:25.129    Option all = no
2016-06-04 11:15:25.129    Option recurse = yes
2016-06-04 11:15:25.131    Option archive = no
2016-06-04 11:15:25.131    Option service = yes
2016-06-04 11:15:25.131    Option confirm = yes
2016-06-04 11:15:25.131    Option sxl = yes
2016-06-04 11:15:25.131    Option max-data-age = 35
2016-06-04 11:15:25.131    Option EnableSafeClean = yes
2016-06-04 11:15:26.457    Option vdl-logging = yes
2016-06-04 11:15:26.461    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2016-06-04 11:15:26.461    Machine ID:    8f74d09f56bd4412bf7f624dc0c62b83
2016-06-04 11:15:26.461    Component SVRTcli.exe version 2.5.5
2016-06-04 11:15:26.461    Component control.dll version 2.5.5
2016-06-04 11:15:26.461    Component SVRTservice.exe version 2.5.5
2016-06-04 11:15:26.462    Component engine\osdp.dll version 1.44.1.2250
2016-06-04 11:15:26.462    Component engine\veex.dll version 3.65.0.2250
2016-06-04 11:15:26.462    Component engine\savi.dll version 9.0.1.2250
2016-06-04 11:15:26.462    Component rkdisk.dll version 1.5.30.0
2016-06-04 11:15:26.462    Version info:    Product version    2.5.5
2016-06-04 11:15:26.463    Version info:    Detection engine    3.65.0
2016-06-04 11:15:26.463    Version info:    Detection data    5.26
2016-06-04 11:15:26.463    Version info:    Build date    5.4.2016
2016-06-04 11:15:26.463    Version info:    Data files added    416
2016-06-04 11:15:26.463    Version info:    Last successful update    (not yet updated)
2016-06-04 11:15:43.202    Downloading updates...
2016-06-04 11:15:43.205    Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0 
2016-06-04 11:15:43.205    Update progress: [I49502] Found supplement SAVIW32 LATEST 
2016-06-04 11:15:43.205    Update progress: [I49502] Found supplement IDE527 LATEST 
2016-06-04 11:15:43.205    Update progress: [I49502] Found supplement IDE528 LATEST 
2016-06-04 11:15:43.205    Update progress: [I49502] Found supplement IDE529 LATEST 
2016-06-04 11:15:43.205    Update progress: [I49502] Found supplement IDE530 LATEST 
2016-06-04 11:15:43.205    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2016-06-04 11:15:43.205    Update progress: [I19463] Syncing product SAVIW32 70
2016-06-04 11:15:43.503    Update progress: [E83521] Cannot create stream http://d1.sophosupd.com/update/6f8393b828fab0dd34cee799cabe1b0dx000.dat
2016-06-04 11:15:43.503    Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0 
2016-06-04 11:15:43.503    Update progress: [I49502] Found supplement SAVIW32 LATEST 
2016-06-04 11:15:43.503    Update progress: [I49502] Found supplement IDE527 LATEST 
2016-06-04 11:15:43.503    Update progress: [I49502] Found supplement IDE528 LATEST 
2016-06-04 11:15:43.503    Update progress: [I49502] Found supplement IDE529 LATEST 
2016-06-04 11:15:43.503    Update progress: [I49502] Found supplement IDE530 LATEST 
2016-06-04 11:15:43.503    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2016-06-04 11:15:43.503    Update progress: [I19463] Syncing product SAVIW32 70
2016-06-04 11:15:58.281    Update progress: [I19463] Syncing product IDE527 142
2016-06-04 11:15:59.160    Installing updates...
2016-06-04 11:15:59.764    Error level 1
2016-06-04 11:15:59.780    Update progress: [I19463] Syncing product IDE528 127
2016-06-04 11:15:59.780    Update progress: [I19463] Syncing product IDE529 135
2016-06-04 11:15:59.780    Update progress: [I19463] Syncing product IDE530 18
2016-06-04 11:16:04.021    Update successful
2016-06-04 11:16:11.724    Option all = no
2016-06-04 11:16:11.724    Option recurse = yes
2016-06-04 11:16:11.724    Option archive = no
2016-06-04 11:16:11.724    Option service = yes
2016-06-04 11:16:11.724    Option confirm = yes
2016-06-04 11:16:11.724    Option sxl = yes
2016-06-04 11:16:11.726    Option max-data-age = 35
2016-06-04 11:16:11.726    Option EnableSafeClean = yes
2016-06-04 11:16:12.117    Option vdl-logging = yes
2016-06-04 11:16:12.120    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2016-06-04 11:16:12.120    Machine ID:    8f74d09f56bd4412bf7f624dc0c62b83
2016-06-04 11:16:12.121    Component SVRTcli.exe version 2.5.5
2016-06-04 11:16:12.121    Component control.dll version 2.5.5
2016-06-04 11:16:12.121    Component SVRTservice.exe version 2.5.5
2016-06-04 11:16:12.121    Component engine\osdp.dll version 1.44.1.2250
2016-06-04 11:16:12.121    Component engine\veex.dll version 3.65.0.2250
2016-06-04 11:16:12.121    Component engine\savi.dll version 9.0.1.2250
2016-06-04 11:16:12.121    Component rkdisk.dll version 1.5.30.0
2016-06-04 11:16:12.121    Version info:    Product version    2.5.5
2016-06-04 11:16:12.122    Version info:    Detection engine    3.65.0
2016-06-04 11:16:12.122    Version info:    Detection data    5.26
2016-06-04 11:16:12.122    Version info:    Build date    5.4.2016
2016-06-04 11:16:12.122    Version info:    Data files added    416
2016-06-04 11:16:12.122    Version info:    Last successful update    4.6.2016 14:16:04

2016-06-04 11:57:10.971    Could not open C:\hiberfil.sys
2016-06-04 11:57:11.258    Could not open C:\pagefile.sys
2016-06-04 12:04:25.725    Could not open C:\swapfile.sys
2016-06-04 12:04:38.991    Could not open C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Current Session
2016-06-04 12:04:38.991    Could not open C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
2016-06-04 12:09:13.058    Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2016-06-04 12:09:13.059    Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2016-06-04 12:09:14.528    Could not open C:\Windows\System32\config\BBI
2016-06-04 12:09:14.576    Could not open C:\Windows\System32\config\RegBack\DEFAULT
2016-06-04 12:09:14.577    Could not open C:\Windows\System32\config\RegBack\SAM
2016-06-04 12:09:14.578    Could not open C:\Windows\System32\config\RegBack\SECURITY
2016-06-04 12:09:14.579    Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2016-06-04 12:09:14.580    Could not open C:\Windows\System32\config\RegBack\SYSTEM
2016-06-04 12:17:17.481    Could not open LOGICAL:0004:00000000
2016-06-04 12:17:17.492    Could not open E:\
2016-06-04 12:34:42.677    >>> Virus 'Mal/Scribble-D' found in file F:\Other games\Crysis 3\Bin32\Crysis3.exe
2016-06-04 12:34:42.677    Disinfection not offered
2016-06-04 12:34:50.053    >>> Virus 'Troj/Agent-AJTU' found in file F:\Other games\Crysis 3\Bin32\rld.dll
2016-06-04 13:07:15.519    Could not open PHYSICAL:0082:0000:0000:0001
2016-06-04 13:07:15.520    The following items will be cleaned up:
2016-06-04 13:07:15.520    Troj/Agent-AJTU
2016-06-04 13:07:15.520    Mal/Scribble-D
2016-06-04 13:13:42.082    Threat 'Troj/Agent-AJTU' has been cleaned up.
2016-06-04 13:13:42.082    File "F:\Other games\Crysis 3\Bin32\rld.dll" belongs to 'Troj/Agent-AJTU'.
2016-06-04 13:13:42.082    File "F:\Other games\Crysis 3\Bin32\rld.dll" has been cleaned up.
2016-06-04 13:13:42.082    Removal successful
2016-06-04 13:13:43.332    >>> Virus 'Mal/Scribble-D' found in file F:\Other games\Crysis 3\Bin32\Crysis3.exe
2016-06-04 13:13:43.332    Disinfection not offered
2016-06-04 13:13:43.332    Disinfection failed [0xa0040208]
2016-06-04 13:13:43.333    Error: cleanup failed.
2016-06-04 13:13:43.525    Contents of SafeClean bin directory:
2016-06-04 13:13:43.528    {
2016-06-04 13:13:43.528        RecordID   : "0000000000000001",
2016-06-04 13:13:43.528        ItemType   : "1",
2016-06-04 13:13:43.528        Location   : "F:\Other games\Crysis 3\Bin32\",
2016-06-04 13:13:43.528        FileName   : "rld.dll",
2016-06-04 13:13:43.528        ThreatName : "Troj/Agent-AJTU",
2016-06-04 13:13:43.528        Checksum   : "b918551649f77035a61d2b807859fa8bc227d675a3f2856c5ceb8c80f4788a71",
2016-06-04 13:13:43.528        TimeStamp  : "Sat Jun 04 16:13:35 2016"
2016-06-04 13:13:43.528    }
2016-06-04 13:13:44.198    Error level 0

2016-06-04 13:16:02.928    

------------------------------------------------------------

2016-06-04 13:16:06.809    Sophos Virus Removal Tool version 2.5.5
2016-06-04 13:16:06.809    Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2016-06-04 13:16:06.809    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2016-06-04 13:16:06.809    Windows version 6.2 SP 0.0  build 9200 SM=0x300 PT=0x1 WOW64
2016-06-04 13:16:06.810    Checking for updates...
2016-06-04 13:16:06.821    Update progress: proxy server not available
2016-06-04 13:16:10.258    Update not required
2016-06-04 13:16:15.281    Option all = no
2016-06-04 13:16:15.281    Option recurse = yes
2016-06-04 13:16:15.281    Option archive = no
2016-06-04 13:16:15.281    Option service = yes
2016-06-04 13:16:15.281    Option confirm = yes
2016-06-04 13:16:15.281    Option sxl = yes
2016-06-04 13:16:15.283    Option max-data-age = 35
2016-06-04 13:16:15.283    Option EnableSafeClean = yes
2016-06-04 13:16:15.680    Option vdl-logging = yes
2016-06-04 13:16:15.683    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2016-06-04 13:16:15.683    Machine ID:    8f74d09f56bd4412bf7f624dc0c62b83
2016-06-04 13:16:15.687    Component SVRTcli.exe version 2.5.5
2016-06-04 13:16:15.687    Component control.dll version 2.5.5
2016-06-04 13:16:15.687    Component SVRTservice.exe version 2.5.5
2016-06-04 13:16:15.687    Component engine\osdp.dll version 1.44.1.2250
2016-06-04 13:16:15.687    Component engine\veex.dll version 3.65.0.2250
2016-06-04 13:16:15.687    Component engine\savi.dll version 9.0.1.2250
2016-06-04 13:16:15.688    Component rkdisk.dll version 1.5.30.0
2016-06-04 13:16:15.688    Version info:    Product version    2.5.5
2016-06-04 13:16:15.689    Version info:    Detection engine    3.65.0
2016-06-04 13:16:15.689    Version info:    Detection data    5.26
2016-06-04 13:16:15.689    Version info:    Build date    5.4.2016
2016-06-04 13:16:15.689    Version info:    Data files added    416
2016-06-04 13:16:15.689    Version info:    Last successful update    4.6.2016 14:16:04

2016-06-04 13:50:35.753    Could not open C:\hiberfil.sys
2016-06-04 13:50:35.909    Could not open C:\pagefile.sys
2016-06-04 13:56:38.829    Could not open C:\swapfile.sys
2016-06-04 13:56:50.101    Could not open C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Current Session
2016-06-04 13:56:50.101    Could not open C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
2016-06-04 14:00:49.391    Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2016-06-04 14:00:49.392    Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2016-06-04 14:00:50.637    Could not open C:\Windows\System32\config\BBI
2016-06-04 14:00:50.679    Could not open C:\Windows\System32\config\RegBack\DEFAULT
2016-06-04 14:00:50.680    Could not open C:\Windows\System32\config\RegBack\SAM
2016-06-04 14:00:50.681    Could not open C:\Windows\System32\config\RegBack\SECURITY
2016-06-04 14:00:50.682    Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2016-06-04 14:00:50.683    Could not open C:\Windows\System32\config\RegBack\SYSTEM
2016-06-04 14:07:54.104    Could not open LOGICAL:0004:00000000
2016-06-04 14:07:54.116    Could not open E:\
2016-06-04 14:24:53.323    >>> Virus 'Mal/Scribble-D' found in file F:\Other games\Crysis 3\Bin32\Crysis3.exe
2016-06-04 14:24:53.323    Disinfection not offered
2016-06-04 14:58:14.613    Could not open PHYSICAL:0082:0000:0000:0001
2016-06-04 14:58:14.613    The following items will be cleaned up:
2016-06-04 14:58:14.613    Mal/Scribble-D
2016-06-04 15:46:31.798    >>> Virus 'Mal/Scribble-D' found in file F:\Other games\Crysis 3\Bin32\Crysis3.exe
2016-06-04 15:46:31.798    Disinfection not offered
2016-06-04 15:46:31.798    Disinfection failed [0xa0040208]
2016-06-04 15:46:31.799    Error: cleanup failed.
2016-06-04 15:46:32.068    Contents of SafeClean bin directory:
2016-06-04 15:46:32.069    {
2016-06-04 15:46:32.069        RecordID   : "0000000000000001",
2016-06-04 15:46:32.069        ItemType   : "1",
2016-06-04 15:46:32.069        Location   : "F:\Other games\Crysis 3\Bin32\",
2016-06-04 15:46:32.069        FileName   : "rld.dll",
2016-06-04 15:46:32.069        ThreatName : "Troj/Agent-AJTU",
2016-06-04 15:46:32.069        Checksum   : "b918551649f77035a61d2b807859fa8bc227d675a3f2856c5ceb8c80f4788a71",
2016-06-04 15:46:32.069        TimeStamp  : "Sat Jun 04 16:13:35 2016"
2016-06-04 15:46:32.069    }
2016-06-04 15:46:32.692    Error level 0

2016-06-04 15:46:40.499    

------------------------------------------------------------

2016-06-04 15:47:17.556    Sophos Virus Removal Tool version 2.5.5
2016-06-04 15:47:17.556    Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2016-06-04 15:47:17.556    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2016-06-04 15:47:17.556    Windows version 6.2 SP 0.0  build 9200 SM=0x300 PT=0x1 WOW64
2016-06-04 15:47:17.557    Checking for updates...
2016-06-04 15:47:17.568    Update progress: proxy server not available
2016-06-04 15:47:20.962    Downloading updates...
2016-06-04 15:47:20.972    Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0 
2016-06-04 15:47:20.972    Update progress: [I49502] Found supplement SAVIW32 LATEST 
2016-06-04 15:47:20.972    Update progress: [I49502] Found supplement IDE527 LATEST 
2016-06-04 15:47:20.972    Update progress: [I49502] Found supplement IDE528 LATEST 
2016-06-04 15:47:20.972    Update progress: [I49502] Found supplement IDE529 LATEST 
2016-06-04 15:47:20.972    Update progress: [I49502] Found supplement IDE530 LATEST 
2016-06-04 15:47:20.972    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2016-06-04 15:47:20.972    Update progress: [I19463] Syncing product SAVIW32 70
2016-06-04 15:47:20.972    Update progress: [I19463] Syncing product IDE527 142
2016-06-04 15:47:21.231    Update progress: [I19463] Syncing product IDE528 127
2016-06-04 15:47:21.231    Update progress: [I19463] Syncing product IDE529 135
2016-06-04 15:47:21.231    Update progress: [I19463] Syncing product IDE530 19
2016-06-04 15:47:21.321    Installing updates...
2016-06-04 15:47:26.030    Option all = no
2016-06-04 15:47:27.033    Option recurse = yes
2016-06-04 15:47:27.033    Option archive = no
2016-06-04 15:47:27.033    Option service = yes
2016-06-04 15:47:27.033    Option confirm = yes
2016-06-04 15:47:27.034    Option sxl = yes
2016-06-04 15:47:27.034    Option max-data-age = 35
2016-06-04 15:47:27.034    Option EnableSafeClean = yes
2016-06-04 15:47:27.034    Option vdl-logging = yes
2016-06-04 15:47:27.034    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2016-06-04 15:47:27.034    Machine ID:    8f74d09f56bd4412bf7f624dc0c62b83
2016-06-04 15:47:27.034    Component SVRTcli.exe version 2.5.5
2016-06-04 15:47:27.034    Component control.dll version 2.5.5
2016-06-04 15:47:27.034    Component SVRTservice.exe version 2.5.5
2016-06-04 15:47:27.034    Component engine\osdp.dll version 1.44.1.2250
2016-06-04 15:47:27.034    Component engine\veex.dll version 3.65.0.2250
2016-06-04 15:47:27.034    Component engine\savi.dll version 9.0.1.2250
2016-06-04 15:47:27.034    Component rkdisk.dll version 1.5.30.0
2016-06-04 15:47:27.034    Version info:    Product version    2.5.5
2016-06-04 15:47:27.034    Version info:    Detection engine    3.65.0
2016-06-04 15:47:27.034    Version info:    Detection data    5.26
2016-06-04 15:47:27.034    Version info:    Build date    5.4.2016
2016-06-04 15:47:27.034    Version info:    Data files added    416
2016-06-04 15:47:27.034    Version info:    Last successful update    4.6.2016 14:16:04
2016-06-04 15:47:27.034    Error level 1
2016-06-04 15:47:27.354    Update successful
2016-06-04 15:47:35.189    Option all = no
2016-06-04 15:47:35.189    Option recurse = yes
2016-06-04 15:47:35.189    Option archive = no
2016-06-04 15:47:35.189    Option service = yes
2016-06-04 15:47:35.190    Option confirm = yes
2016-06-04 15:47:35.190    Option sxl = yes
2016-06-04 15:47:35.191    Option max-data-age = 35
2016-06-04 15:47:35.191    Option EnableSafeClean = yes
2016-06-04 15:47:35.581    Option vdl-logging = yes
2016-06-04 15:47:35.584    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2016-06-04 15:47:35.584    Machine ID:    8f74d09f56bd4412bf7f624dc0c62b83
2016-06-04 15:47:35.584    Component SVRTcli.exe version 2.5.5
2016-06-04 15:47:35.584    Component control.dll version 2.5.5
2016-06-04 15:47:35.584    Component SVRTservice.exe version 2.5.5
2016-06-04 15:47:35.584    Component engine\osdp.dll version 1.44.1.2250
2016-06-04 15:47:35.585    Component engine\veex.dll version 3.65.0.2250
2016-06-04 15:47:35.585    Component engine\savi.dll version 9.0.1.2250
2016-06-04 15:47:35.585    Component rkdisk.dll version 1.5.30.0
2016-06-04 15:47:35.585    Version info:    Product version    2.5.5
2016-06-04 15:47:35.586    Version info:    Detection engine    3.65.0
2016-06-04 15:47:35.586    Version info:    Detection data    5.26
2016-06-04 15:47:35.586    Version info:    Build date    5.4.2016
2016-06-04 15:47:35.586    Version info:    Data files added    417
2016-06-04 15:47:35.586    Version info:    Last successful update    4.6.2016 18:47:27
2016-06-05 12:09:35.784    Sophos Virus Removal Tool version 2.5.5
2016-06-05 12:09:35.784    Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2016-06-05 12:09:35.784    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2016-06-05 12:09:35.784    Windows version 6.2 SP 0.0  build 9200 SM=0x300 PT=0x1 WOW64
2016-06-05 12:09:35.784    Checking for updates...
2016-06-05 12:09:35.799    Update progress: proxy server not available
2016-06-05 12:09:39.815    Downloading updates...
2016-06-05 12:09:39.824    Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0 
2016-06-05 12:09:39.824    Update progress: [I49502] Found supplement SAVIW32 LATEST 
2016-06-05 12:09:39.824    Update progress: [I49502] Found supplement IDE527 LATEST 
2016-06-05 12:09:39.824    Update progress: [I49502] Found supplement IDE528 LATEST 
2016-06-05 12:09:39.824    Update progress: [I49502] Found supplement IDE529 LATEST 
2016-06-05 12:09:39.824    Update progress: [I49502] Found supplement IDE530 LATEST 
2016-06-05 12:09:39.824    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2016-06-05 12:09:39.824    Update progress: [I19463] Syncing product SAVIW32 70
2016-06-05 12:09:39.824    Update progress: [I19463] Syncing product IDE527 142
2016-06-05 12:09:40.066    Update progress: [I19463] Syncing product IDE528 127
2016-06-05 12:09:40.066    Update progress: [I19463] Syncing product IDE529 135
2016-06-05 12:09:40.066    Update progress: [I19463] Syncing product IDE530 22
2016-06-05 12:09:40.257    Installing updates...
2016-06-05 12:09:44.501    Option all = no
2016-06-05 12:09:45.705    Option recurse = yes
2016-06-05 12:09:45.705    Option archive = no
2016-06-05 12:09:45.705    Option service = yes
2016-06-05 12:09:45.705    Option confirm = yes
2016-06-05 12:09:45.705    Option sxl = yes
2016-06-05 12:09:45.705    Option max-data-age = 35
2016-06-05 12:09:45.705    Option EnableSafeClean = yes
2016-06-05 12:09:45.706    Option vdl-logging = yes
2016-06-05 12:09:45.706    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2016-06-05 12:09:45.706    Machine ID:    8f74d09f56bd4412bf7f624dc0c62b83
2016-06-05 12:09:45.706    Component SVRTcli.exe version 2.5.5
2016-06-05 12:09:45.706    Component control.dll version 2.5.5
2016-06-05 12:09:45.706    Component SVRTservice.exe version 2.5.5
2016-06-05 12:09:45.706    Component engine\osdp.dll version 1.44.1.2250
2016-06-05 12:09:45.706    Component engine\veex.dll version 3.65.0.2250
2016-06-05 12:09:45.706    Component engine\savi.dll version 9.0.1.2250
2016-06-05 12:09:45.706    Component rkdisk.dll version 1.5.30.0
2016-06-05 12:09:45.706    Version info:    Product version    2.5.5
2016-06-05 12:09:45.706    Version info:    Detection engine    3.65.0
2016-06-05 12:09:45.706    Version info:    Detection data    5.26
2016-06-05 12:09:45.706    Version info:    Build date    5.4.2016
2016-06-05 12:09:45.706    Version info:    Data files added    417
2016-06-05 12:09:45.706    Version info:    Last successful update    4.6.2016 18:47:27
2016-06-05 12:09:45.706    Error level 1
2016-06-05 12:09:46.033    Update successful
2016-06-05 12:09:53.744    Option all = no
2016-06-05 12:09:53.744    Option recurse = yes
2016-06-05 12:09:53.744    Option archive = no
2016-06-05 12:09:53.744    Option service = yes
2016-06-05 12:09:53.744    Option confirm = yes
2016-06-05 12:09:53.744    Option sxl = yes
2016-06-05 12:09:53.746    Option max-data-age = 35
2016-06-05 12:09:53.746    Option EnableSafeClean = yes
2016-06-05 12:09:54.140    Option vdl-logging = yes
2016-06-05 12:09:54.143    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2016-06-05 12:09:54.143    Machine ID:    8f74d09f56bd4412bf7f624dc0c62b83
2016-06-05 12:09:54.144    Component SVRTcli.exe version 2.5.5
2016-06-05 12:09:54.144    Component control.dll version 2.5.5
2016-06-05 12:09:54.144    Component SVRTservice.exe version 2.5.5
2016-06-05 12:09:54.144    Component engine\osdp.dll version 1.44.1.2250
2016-06-05 12:09:54.144    Component engine\veex.dll version 3.65.0.2250
2016-06-05 12:09:54.144    Component engine\savi.dll version 9.0.1.2250
2016-06-05 12:09:54.145    Component rkdisk.dll version 1.5.30.0
2016-06-05 12:09:54.145    Version info:    Product version    2.5.5
2016-06-05 12:09:54.145    Version info:    Detection engine    3.65.0
2016-06-05 12:09:54.145    Version info:    Detection data    5.26
2016-06-05 12:09:54.145    Version info:    Build date    5.4.2016
2016-06-05 12:09:54.145    Version info:    Data files added    420
2016-06-05 12:09:54.145    Version info:    Last successful update    5.6.2016 15:09:46

2016-06-05 12:51:12.682    Could not open C:\hiberfil.sys
2016-06-05 12:51:12.823    Could not open C:\pagefile.sys
2016-06-05 12:56:56.477    Could not open C:\swapfile.sys
2016-06-05 12:57:05.336    Could not open C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Current Session
2016-06-05 12:57:05.337    Could not open C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
2016-06-05 13:00:36.396    Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2016-06-05 13:00:36.397    Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2016-06-05 13:00:37.702    Could not open C:\Windows\System32\config\BBI
2016-06-05 13:00:37.744    Could not open C:\Windows\System32\config\RegBack\DEFAULT
2016-06-05 13:00:37.745    Could not open C:\Windows\System32\config\RegBack\SAM
2016-06-05 13:00:37.746    Could not open C:\Windows\System32\config\RegBack\SECURITY
2016-06-05 13:00:37.747    Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2016-06-05 13:00:37.748    Could not open C:\Windows\System32\config\RegBack\SYSTEM
2016-06-05 13:07:27.059    Could not open LOGICAL:0004:00000000
2016-06-05 13:07:27.072    Could not open E:\
2016-06-05 13:23:42.787    >>> Virus 'Mal/Scribble-D' found in file F:\Other games\Crysis 3\Bin32\Crysis3.exe
2016-06-05 13:23:42.787    Disinfection not offered
2016-06-05 13:56:03.877    Could not open PHYSICAL:0082:0000:0000:0001
2016-06-05 13:56:03.877    The following items will be cleaned up:
2016-06-05 13:56:03.877    Mal/Scribble-D
 

The virus named Troj/Agent-AJTU was deleted but Mal/Scribble-D still remains.

Link to post
Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Post that log, also let me know if you have any remaining issues or concerns...

Thank you,

Kevin...

 

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Scan Tool (x64) Version:05-06-2016 02
Ran by User (2016-06-05 18:38:26) Run:3
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
F:\Other games\Crysis 3\Bin32\Crysis3.exe
F:\Other games\Crysis 3
Emptytemp:
end


*****************

Error: (0) Failed to create a restore point.
F:\Other games\Crysis 3\Bin32\Crysis3.exe => moved successfully
F:\Other games\Crysis 3 => moved successfully
EmptyTemp: => 470.8 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 18:40:00 ====

Link to post
Share on other sites

Excellent, just what we like to hear.... Run the following to clean up tools etc..

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
Link to post
Share on other sites

  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.