JimSablon Posted November 12, 2016 ID:1071714 Share Posted November 12, 2016 Hi there, so i keep on getting the exact same warning from Malware Anti Bytes. It does keep blocking the item that appears its sunlongo from my powershell.exe . I did a farbar scan and it came up with this, what should i do now? Addition.txt FRST.txt Link to post Share on other sites More sharing options...
kevinf80 Posted November 13, 2016 ID:1071803 Share Posted November 13, 2016 Hello JimSablon and welcome to Malwarebytes, See if you can do the following: Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Please open Malwarebytes Anti-Malware. On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits". Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button. A Threat Scan will begin. When the Scan is complete Apply Actions to any found entries. Wait for the prompt to restart the computer to appear (if applicable), then click on Yes. After the restart once you are back at your desktop, open MBAM once more. To get the log from Malwarebytes do the following: Click on the History tab > Application Logs. Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have three options:Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your replyText file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to replyXML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply… Next, Download AdwCleaner by Xplode onto your Desktop. Double click on Adwcleaner.exe to run the tool. Click on the Scan in the Actions box Please wait fot the scan to finish.. When "Waiting for action.Please uncheck elements you want to keep" shows in top line.. Click on the Cleaning box. Next click OK on the "Closing Programs" pop up box. Click OK on the Information box & again OK to allow the necessary reboot After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed... Next, Download Sophos Free Virus Removal Tool and save it to your desktop. If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete..... Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View log file... (bottom left hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found please confirm that result.... Let me see those logs, also tell me if there are any remaining issues or concerns... Thank you, Kevin... Fixlist.txt Link to post Share on other sites More sharing options...
JimSablon Posted November 13, 2016 Author ID:1071822 Share Posted November 13, 2016 Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 13/11/2016 Scan Time: 02:35 Logfile: Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.11.13.01 Rootkit Database: v2016.10.31.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 10 CPU: x64 File System: NTFS User: dcc Scan Type: Threat Scan Result: Completed Objects Scanned: 319446 Time Elapsed: 3 min, 29 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) # AdwCleaner v6.030 - Logfile created 13/11/2016 at 15:50:17 # Updated on 19/10/2016 by Malwarebytes # Database : 2016-11-13.1 [Server] # Operating System : Windows 10 Home (X64) # Username : dcc - DESKTOP-GMLNL53 # Running from : C:\Users\dcc\Downloads\AdwCleaner.exe # Mode: Clean # Support : hxxps://www.malwarebytes.com/support ***** [ Services ] ***** ***** [ Folders ] ***** ***** [ Files ] ***** [-] File deleted: C:\END ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Registry ] ***** [-] Key deleted: HKU\S-1-5-21-1387963663-3661341753-2789403185-1001\Software\Classes\AppXrh6feys59dqfzsv9p3s9p6aep0hwtb23 [#] Key deleted on reboot: HKCU\Software\Classes\AppXrh6feys59dqfzsv9p3s9p6aep0hwtb23 [#] Key deleted on reboot: [x64] HKCU\Software\Classes\AppXrh6feys59dqfzsv9p3s9p6aep0hwtb23 [-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\cmptch.com [-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.cmptch.com [-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\cmptch.com [-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.cmptch.com [#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\cmptch.com [#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.cmptch.com [#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\cmptch.com [#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.cmptch.com ***** [ Web browsers ] ***** [-] [C:\Users\dcc\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: uk.ask.com ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [2947 Bytes] - [13/11/2016 15:50:17] C:\AdwCleaner\AdwCleaner[S0].txt - [3113 Bytes] - [13/11/2016 15:49:46] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3093 Bytes] ########## Nothing else game out of it. Link to post Share on other sites More sharing options...
kevinf80 Posted November 13, 2016 ID:1071823 Share Posted November 13, 2016 What about the log from FRST fix? Link to post Share on other sites More sharing options...
JimSablon Posted November 16, 2016 Author ID:1072634 Share Posted November 16, 2016 FRST.txt Link to post Share on other sites More sharing options...
kevinf80 Posted November 16, 2016 ID:1072635 Share Posted November 16, 2016 That is a log from a scan, not from a fix. Link to post Share on other sites More sharing options...
JimSablon Posted November 21, 2016 Author ID:1073738 Share Posted November 21, 2016 Fixlog.txt Link to post Share on other sites More sharing options...
kevinf80 Posted November 21, 2016 ID:1073746 Share Posted November 21, 2016 What is happening with your system, are there any remaining issues or concerns...? Link to post Share on other sites More sharing options...
JimSablon Posted November 22, 2016 Author ID:1073988 Share Posted November 22, 2016 There is one thing, on original startup my sound system fails to work. After restarting my pc it works but it does get annoying. Link to post Share on other sites More sharing options...
kevinf80 Posted November 22, 2016 ID:1074004 Share Posted November 22, 2016 Open Device Manager, expand sound, video and game controllers.. Righr click on your audio device and check for updates... Link to post Share on other sites More sharing options...
JimSablon Posted November 23, 2016 Author ID:1074215 Share Posted November 23, 2016 Link to post Share on other sites More sharing options...
kevinf80 Posted November 23, 2016 ID:1074217 Share Posted November 23, 2016 Try uninstalling the driver, then re-boot.. Let windows attribute a fresh driver... Link to post Share on other sites More sharing options...
JimSablon Posted November 23, 2016 Author ID:1074224 Share Posted November 23, 2016 How do i do that? Link to post Share on other sites More sharing options...
kevinf80 Posted November 23, 2016 ID:1074225 Share Posted November 23, 2016 Open Device Manager, scroll to and expand "Sound, Video and Game Controllers" right click on your Sound Device, select "Uninstall" confirm that action then reboot when complete.. Windows will see the Hardware and attribute a fresh driver... Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted November 30, 2016 Root Admin ID:1075714 Share Posted November 30, 2016 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts