Jump to content

Recommended Posts

A few times a day everyday malwarebytes has been blocking an outgoing connection to "osshuadong0.oss-cn-shanghai.aliyuncs.com."  When I try to investigate it, I find nothing in the "File" field of the malwarebytes report.  It started around May 13, 2017 but the only thing I can remember installing around that time is an Nvidia driver.  I use Windows Defender in combination with Malwarebytes but both of them find nothing with their scans.  The other day I downloaded Spybot Search and Destroy, but that too is not finding whatever is causing this.

Addition.txt

FRST.txt

Edited by Xyes
Link to post
Share on other sites

  • 2 weeks later...

Hi Velvet, I had utorrent (Version 2.2.1), the same adobe apps, f.lux, chrome, google drive, java (I think), k-lite, LAME, msi afterburner, nvidia stuff, QuickTime, and Samsung Magician. 

 

A lot of the same stuff. Among that list the only thing I can think of that's recent is LAME and nvidia driver updates. 

Edited by Xyes
Link to post
Share on other sites

  • Root Admin

Hello @Xyes and :welcome:

 

Please restart the computer first and then run the following steps and post back the logs when ready.

STEP 01
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

STEP 02

 

 

adwcleaner_new.png Fix with AdwCleaner

 

Please download AdwCleaner by Xplode and save the file to your Desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now.
  • After reboot, logfile will be opened. Copy its content into your next reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner

STEP 03
Download Sophos Free Virus Removal Tool and save it to your desktop.
 

  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View Log file (bottom left-hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found, please confirm that result.

STEP 04
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Link to post
Share on other sites

JRT Log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Home x64 
Ran by Lloyd (Administrator) on Fri 06/02/2017 at  2:29:24.93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 0 


Registry: 0 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 06/02/2017 at  2:30:37.92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

AdwCleaner Log

 

# AdwCleaner v6.047 - Logfile created 02/06/2017 at 02:40:34
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-05-31.2 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Lloyd - DESKTOP-IF0GQE1
# Running from : C:\Users\Lloyd\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

[-] [C:\Users\Lloyd\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: pilplloabdedfmialnfchjomjmpjcoej


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [873 Bytes] - [02/06/2017 02:40:34]
C:\AdwCleaner\AdwCleaner[S0].txt - [1461 Bytes] - [02/06/2017 02:38:55]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1018 Bytes] ##########
 

Sophos Log

 

2017-06-02 06:45:51.085    Sophos Virus Removal Tool version 2.6.0
2017-06-02 06:45:51.085    Copyright (c) 2009-2017 Sophos Limited. All rights reserved.

2017-06-02 06:45:51.086    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2017-06-02 06:45:51.086    Windows version 6.2 SP 0.0  build 9200 SM=0x300 PT=0x1 WOW64
2017-06-02 06:45:51.086    Checking for updates...
2017-06-02 06:45:51.117    Update progress: proxy server not available
2017-06-02 06:45:59.295    Option all = no
2017-06-02 06:45:59.295    Option recurse = yes
2017-06-02 06:45:59.295    Option archive = no
2017-06-02 06:45:59.295    Option service = yes
2017-06-02 06:45:59.295    Option confirm = yes
2017-06-02 06:45:59.295    Option sxl = yes
2017-06-02 06:45:59.296    Option max-data-age = 35
2017-06-02 06:45:59.296    Option vdl-logging = yes
2017-06-02 06:45:59.304    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2017-06-02 06:45:59.304    Machine ID:    f83a1c2927c54fb4aa2b373766cbda89
2017-06-02 06:45:59.304    Component SVRTcli.exe version 2.6.0
2017-06-02 06:45:59.305    Component control.dll version 2.6.0
2017-06-02 06:45:59.305    Component SVRTservice.exe version 2.6.0
2017-06-02 06:45:59.305    Component engine\osdp.dll version 1.44.1.2285
2017-06-02 06:45:59.305    Component engine\veex.dll version 3.68.5.2285
2017-06-02 06:45:59.305    Component engine\savi.dll version 9.0.7.2285
2017-06-02 06:45:59.306    Component rkdisk.dll version 1.5.31.1
2017-06-02 06:45:59.306    Version info:    Product version    2.6.0
2017-06-02 06:45:59.306    Version info:    Detection engine    3.68.5
2017-06-02 06:45:59.306    Version info:    Detection data    5.39
2017-06-02 06:45:59.306    Version info:    Build date    5/2/2017
2017-06-02 06:45:59.306    Version info:    Data files added    282
2017-06-02 06:45:59.306    Version info:    Last successful update    (not yet updated)
2017-06-02 06:46:03.682    Downloading updates...
2017-06-02 06:46:03.684    Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2017-06-02 06:46:03.684    Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-06-02 06:46:03.684    Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-06-02 06:46:03.684    Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2017-06-02 06:46:03.684    Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path=
2017-06-02 06:46:03.684    Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path=
2017-06-02 06:46:03.684    Update progress: [I49502] sdds.data0910.xml: found supplement IDE540 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=]
2017-06-02 06:46:03.684    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE540 LATEST path=
2017-06-02 06:46:03.684    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE540 LATEST path=
2017-06-02 06:46:03.684    Update progress: [I49502] sdds.data0910.xml: found supplement IDE541 LATEST path= baseVersion= [included from product IDE540 LATEST path=]
2017-06-02 06:46:03.684    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE541 LATEST path=
2017-06-02 06:46:03.684    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE541 LATEST path=
2017-06-02 06:46:03.684    Update progress: [I49502] sdds.data0910.xml: found supplement IDE542 LATEST path= baseVersion= [included from product IDE541 LATEST path=]
2017-06-02 06:46:03.684    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE542 LATEST path=
2017-06-02 06:46:03.684    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE542 LATEST path=
2017-06-02 06:46:03.684    Update progress: [I49502] sdds.data0910.xml: found supplement IDE543 LATEST path= baseVersion= [included from product IDE542 LATEST path=]
2017-06-02 06:46:03.684    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE543 LATEST path=
2017-06-02 06:46:03.684    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE543 LATEST path=
2017-06-02 06:46:03.684    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-06-02 06:46:03.857    Update progress: [I19463] Syncing product SAVIW32 LATEST path=
2017-06-02 06:46:03.857    Update progress: [I19463] Product download size 165113825 bytes
2017-06-02 06:46:06.805    Update progress: [I19463] Syncing product IDE540 LATEST path=
2017-06-02 06:46:06.806    Update progress: [I19463] Product download size 1784068 bytes
2017-06-02 06:46:07.582    Update progress: [I19463] Syncing product IDE541 LATEST path=
2017-06-02 06:46:07.582    Update progress: [I19463] Product download size 2265483 bytes
2017-06-02 06:46:08.310    Update progress: [I19463] Syncing product IDE542 LATEST path=
2017-06-02 06:46:08.310    Update progress: [I19463] Product download size 206789 bytes
2017-06-02 06:46:08.419    Update progress: [I19463] Syncing product IDE543 LATEST path=
2017-06-02 06:46:08.454    Installing updates...
2017-06-02 06:46:09.056    Error level 1
2017-06-02 06:46:13.264    Update successful
2017-06-02 06:46:21.286    Option all = no
2017-06-02 06:46:21.286    Option recurse = yes
2017-06-02 06:46:21.286    Option archive = no
2017-06-02 06:46:21.286    Option service = yes
2017-06-02 06:46:21.286    Option confirm = yes
2017-06-02 06:46:21.286    Option sxl = yes
2017-06-02 06:46:21.287    Option max-data-age = 35
2017-06-02 06:46:21.287    Option vdl-logging = yes
2017-06-02 06:46:21.296    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2017-06-02 06:46:21.296    Machine ID:    f83a1c2927c54fb4aa2b373766cbda89
2017-06-02 06:46:21.297    Component SVRTcli.exe version 2.6.0
2017-06-02 06:46:21.298    Component control.dll version 2.6.0
2017-06-02 06:46:21.298    Component SVRTservice.exe version 2.6.0
2017-06-02 06:46:21.298    Component engine\osdp.dll version 1.44.1.2285
2017-06-02 06:46:21.298    Component engine\veex.dll version 3.68.5.2285
2017-06-02 06:46:21.299    Component engine\savi.dll version 9.0.7.2285
2017-06-02 06:46:21.299    Component rkdisk.dll version 1.5.31.1
2017-06-02 06:46:21.299    Version info:    Product version    2.6.0
2017-06-02 06:46:21.299    Version info:    Detection engine    3.68.5
2017-06-02 06:46:21.299    Version info:    Detection data    5.39
2017-06-02 06:46:21.299    Version info:    Build date    5/2/2017
2017-06-02 06:46:21.299    Version info:    Data files added    283
2017-06-02 06:46:21.299    Version info:    Last successful update    6/2/2017 2:46:13 AM

2017-06-02 08:20:36.040    Could not open C:\hiberfil.sys
2017-06-02 08:20:48.564    Could not open C:\pagefile.sys
2017-06-02 08:26:00.264    Could not open C:\swapfile.sys
2017-06-02 08:26:00.354    Could not open C:\System Volume Information\{1e7d86b2-3f43-11e7-9607-6245b4e73f7c}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-06-02 08:26:00.354    Could not open C:\System Volume Information\{20caa699-3c1c-11e7-9602-6245b4e73f7c}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-06-02 08:26:00.354    Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-06-02 08:26:00.355    Could not open C:\System Volume Information\{55317bd9-475b-11e7-9617-d43d7eba9110}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-06-02 08:26:00.355    Could not open C:\System Volume Information\{5531805e-475b-11e7-9617-d43d7eba9110}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-06-02 08:26:00.355    Could not open C:\System Volume Information\{73a91c88-39c2-11e7-95fd-6245b4e73f7c}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-06-02 08:26:00.356    Could not open C:\System Volume Information\{afacac82-44bb-11e7-9610-6245b4e73f7c}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-06-02 08:26:00.356    Could not open C:\System Volume Information\{c9e296ab-3a8c-11e7-95ff-6245b4e73f7c}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-06-02 08:26:09.118    Could not open C:\Users\Lloyd\AppData\Local\Google\Chrome\User Data\Default\Current Session
2017-06-02 08:26:09.118    Could not open C:\Users\Lloyd\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
2017-06-02 08:32:28.009    >>> Virus 'Mal/Generic-S' found in file C:\Users\Lloyd\Documents\Xyes\Visual Novel Reader\Library\Frameworks\Sakura\bin\browser.exe
2017-06-02 08:32:28.010    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2017-06-02 08:32:28.010    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2017-06-02 08:32:28.010    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-170916421-1993251242-1440443298-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2017-06-02 08:32:28.010    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-170916421-1993251242-1440443298-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2017-06-02 08:33:52.872    Could not open C:\Windows\System32\config\BBI
2017-06-02 08:33:52.880    Could not open C:\Windows\System32\config\DRIVERS
2017-06-02 08:33:52.887    Could not open C:\Windows\System32\config\RegBack\DEFAULT
2017-06-02 08:33:52.888    Could not open C:\Windows\System32\config\RegBack\SAM
2017-06-02 08:33:52.888    Could not open C:\Windows\System32\config\RegBack\SECURITY
2017-06-02 08:33:52.889    Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2017-06-02 08:33:52.890    Could not open C:\Windows\System32\config\RegBack\SYSTEM
2017-06-02 08:39:26.969    >>> Virus 'Mal/MSIL-LL' found in file D:\KISS\CM3D2\ModEditor\CM3D2ModTool.exe
2017-06-02 08:39:26.969    >>> Virus 'Mal/MSIL-LL' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2017-06-02 08:39:26.969    >>> Virus 'Mal/MSIL-LL' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2017-06-02 08:39:26.969    >>> Virus 'Mal/MSIL-LL' found in file HKU\S-1-5-21-170916421-1993251242-1440443298-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2017-06-02 08:39:26.969    >>> Virus 'Mal/MSIL-LL' found in file HKU\S-1-5-21-170916421-1993251242-1440443298-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2017-06-02 08:44:14.747    Could not open D:\WindowsApps\Microsoft.SpartaUWP_9.9.0.2_x64__8wekyb3d8bbwe\Engine\Binaries\ThirdParty\Bink\UWP64\bink2winrt_x64.uni10.dll
2017-06-02 08:44:14.750    Could not open D:\WindowsApps\Microsoft.SpartaUWP_9.9.0.2_x64__8wekyb3d8bbwe\Engine\Binaries\ThirdParty\Ogg\UWP64\VS2015\libogg_64.dll
2017-06-02 08:44:14.755    Could not open D:\WindowsApps\Microsoft.SpartaUWP_9.9.0.2_x64__8wekyb3d8bbwe\Engine\Binaries\ThirdParty\PhysX\APEX-1.3\UWP64\VS2015\ApexFramework_x64.dll
2017-06-02 08:44:14.756    Could not open D:\WindowsApps\Microsoft.SpartaUWP_9.9.0.2_x64__8wekyb3d8bbwe\Engine\Binaries\ThirdParty\PhysX\APEX-1.3\UWP64\VS2015\APEX_Clothing_x64.dll
2017-06-02 08:44:14.756    Could not open D:\WindowsApps\Microsoft.SpartaUWP_9.9.0.2_x64__8wekyb3d8bbwe\Engine\Binaries\ThirdParty\PhysX\APEX-1.3\UWP64\VS2015\APEX_Destructible_x64.dll
2017-06-02 08:44:14.757    Could not open D:\WindowsApps\Microsoft.SpartaUWP_9.9.0.2_x64__8wekyb3d8bbwe\Engine\Binaries\ThirdParty\PhysX\APEX-1.3\UWP64\VS2015\APEX_Legacy_x64.dll
2017-06-02 08:44:14.758    Could not open D:\WindowsApps\Microsoft.SpartaUWP_9.9.0.2_x64__8wekyb3d8bbwe\Engine\Binaries\ThirdParty\PhysX\APEX-1.3\UWP64\VS2015\APEX_Loader_x64.dll
2017-06-02 08:44:14.762    Could not open D:\WindowsApps\Microsoft.SpartaUWP_9.9.0.2_x64__8wekyb3d8bbwe\Engine\Binaries\ThirdParty\PhysX\PhysX-3.3\UWP64\VS2015\PhysX3CharacterKinematic_x64.dll
2017-06-02 08:44:14.762    Could not open D:\WindowsApps\Microsoft.SpartaUWP_9.9.0.2_x64__8wekyb3d8bbwe\Engine\Binaries\ThirdParty\PhysX\PhysX-3.3\UWP64\VS2015\PhysX3Common_x64.dll
2017-06-02 08:44:14.763    Could not open D:\WindowsApps\Microsoft.SpartaUWP_9.9.0.2_x64__8wekyb3d8bbwe\Engine\Binaries\ThirdParty\PhysX\PhysX-3.3\UWP64\VS2015\PhysX3Cooking_x64.dll
2017-06-02 08:44:14.763    Could not open D:\WindowsApps\Microsoft.SpartaUWP_9.9.0.2_x64__8wekyb3d8bbwe\Engine\Binaries\ThirdParty\PhysX\PhysX-3.3\UWP64\VS2015\PhysX3_x64.dll
2017-06-02 08:44:14.766    Could not open D:\WindowsApps\Microsoft.SpartaUWP_9.9.0.2_x64__8wekyb3d8bbwe\Engine\Binaries\ThirdParty\Vorbis\UWP64\VS2015\libvorbisfile_64.dll
2017-06-02 08:44:14.767    Could not open D:\WindowsApps\Microsoft.SpartaUWP_9.9.0.2_x64__8wekyb3d8bbwe\Engine\Binaries\ThirdParty\Vorbis\UWP64\VS2015\libvorbis_64.dll
2017-06-02 08:44:14.772    Could not open D:\WindowsApps\Microsoft.SpartaUWP_9.9.0.2_x64__8wekyb3d8bbwe\Engine\Content\Stats\FPSChart_Postamble.html
2017-06-02 08:44:14.773    Could not open D:\WindowsApps\Microsoft.SpartaUWP_9.9.0.2_x64__8wekyb3d8bbwe\Engine\Content\Stats\FPSChart_Preamble.html
2017-06-02 08:44:14.773    Could not open D:\WindowsApps\Microsoft.SpartaUWP_9.9.0.2_x64__8wekyb3d8bbwe\Engine\Content\Stats\FPSChart_Row.html
2017-06-02 08:44:14.777    Could not open D:\WindowsApps\Microsoft.SpartaUWP_9.9.0.2_x64__8wekyb3d8bbwe\GearGame\Binaries\UWP64\commonEventLoggingLibrary_Release.dll
2017-06-02 08:44:14.777    Could not open D:\WindowsApps\Microsoft.SpartaUWP_9.9.0.2_x64__8wekyb3d8bbwe\GearGame\Binaries\UWP64\GearGame.exe
2017-06-02 08:44:14.778    Could not open D:\WindowsApps\Microsoft.SpartaUWP_9.9.0.2_x64__8wekyb3d8bbwe\GearGame\Binaries\UWP64\Microsoft.Xbox.ChatAudio.dll
2017-06-02 08:44:14.779    Could not open D:\WindowsApps\Microsoft.SpartaUWP_9.9.0.2_x64__8wekyb3d8bbwe\GearGame\Binaries\UWP64\Microsoft.Xbox.GameChat.dll
2017-06-02 08:44:14.879    Could not open D:\WindowsApps\Microsoft.SpartaUWP_9.9.0.2_x64__8wekyb3d8bbwe\UWPEngine.ini
2017-06-02 08:44:14.880    Could not open D:\WindowsApps\Microsoft.SpartaUWP_9.9.0.2_x64__8wekyb3d8bbwe\UWPGame.ini
2017-06-02 08:44:14.881    Could not open D:\WindowsApps\Microsoft.SpartaUWP_9.9.0.2_x64__8wekyb3d8bbwe\UWPInput.ini
2017-06-02 08:44:14.881    Could not open D:\WindowsApps\Microsoft.SpartaUWP_9.9.0.2_x64__8wekyb3d8bbwe\UWPScalability.ini
2017-06-02 08:55:50.183    >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2017-06-02 08:55:50.183    >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2017-06-02 08:55:50.183    >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-170916421-1993251242-1440443298-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2017-06-02 08:55:50.183    >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-170916421-1993251242-1440443298-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2017-06-02 09:16:59.475    >>> Virus 'Troj/Agent-AEEN' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2017-06-02 09:16:59.475    >>> Virus 'Troj/Agent-AEEN' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2017-06-02 09:16:59.475    >>> Virus 'Troj/Agent-AEEN' found in file HKU\S-1-5-21-170916421-1993251242-1440443298-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2017-06-02 09:16:59.475    >>> Virus 'Troj/Agent-AEEN' found in file HKU\S-1-5-21-170916421-1993251242-1440443298-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2017-06-02 09:39:34.581    Could not open LOGICAL:0013:00000000
2017-06-02 09:39:34.586    Could not open T:\
2017-06-02 09:39:38.631    Could not open PHYSICAL:0085:0000:0000:0001
2017-06-02 09:39:38.633    The following items will be cleaned up:
2017-06-02 09:39:38.633    Mal/Generic-S
2017-06-02 09:39:38.633    Mal/MSIL-LL
2017-06-02 09:39:38.633    Mal/VMProtBad-A
2017-06-02 09:39:38.633    Troj/Agent-AEEN
2017-06-02 09:44:51.682    Threat 'Mal/Generic-S' has been cleaned up.
2017-06-02 09:44:51.683    File "C:\Users\Lloyd\Documents\Xyes\Visual Novel Reader\Library\Frameworks\Sakura\bin\browser.exe" belongs to malware 'Mal/Generic-S'.
2017-06-02 09:44:51.683    File "C:\Users\Lloyd\Documents\Xyes\Visual Novel Reader\Library\Frameworks\Sakura\bin\browser.exe" has been cleaned up.
2017-06-02 09:44:51.683    Removal successful
2017-06-02 09:44:56.527    Threat 'Mal/MSIL-LL' has been cleaned up.
2017-06-02 09:44:56.527    File "D:\KISS\CM3D2\ModEditor\CM3D2ModTool.exe" belongs to malware 'Mal/MSIL-LL'.
2017-06-02 09:44:56.527    File "D:\KISS\CM3D2\ModEditor\CM3D2ModTool.exe" has been cleaned up.
2017-06-02 09:44:56.527    Removal successful
2017-06-02 09:45:06.474    Error level 0
 

 

Here are all the logs.  Hopefully I didn't miss anything.  Now to wait and see if those daily pop ups are gone.

Addition.txt

FRST.txt

Link to post
Share on other sites

Hello again.  It would seem that the issue is still here.  As usual, I got a green popup from malwarebytes saying it blocked a malicious website.  The log file still shows nothing under the file entry.  Considering nothing has worked up until now, I think it would just be simpler to reformat.  I appreciate the help you've given me.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.