thebigeasytraveler

CLOSED Possible infection, help needed

Recommended Posts

Hello,

I need the 2 logs produced by FRST.  If you did not run FRST please do so.

Download to your Desktop:

  • Farbar Recovery Scan Tool
    NOTE: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    NOTE: If you are unable to download FRST from the infected system, FRST can be saved to and run from a USB flash drive.

  • Run Farbar Recovery Scan Tool (FRST):

    • Double-click to run it. When the tool opens click Yes to the disclaimer.
      NOTE: DO NOT change any of the default settings. If you do we will just close your logs and ask for new ones ran with FRST's default settings.
    • Press Scan button.
    • Farbar Recovery Scan Tool will produce the following logs:
      • FRST.txt
      • Addition.txt
  • Attach those logs to your reply.

Share this post


Link to post
Share on other sites

AVAST and Emsisoft are not compatible, uninstall AVAST. Uninstall Spybot as well.

Please run FRST again. Next, select and copy the following text, including the words Start:: and End::. Switch back to the FRST program window, and click the Fix button. It should read the fix directly from the clipboard and run the fix. When it is finished, please attach the fixlog.txt file it created in the same folder the FRST program is in.

Start::
HKU\S-1-5-21-44191542-1518720996-1327910612-1002\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\S-1-5-21-44191542-1518720996-1327910612-1004\...\MountPoints2: {9c5eb0c2-e484-11e5-825d-806e6f6e6963} - "D:\StartClickFreeBackup.exe"
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-44191542-1518720996-1327910612-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-44191542-1518720996-1327910612-501 -> DefaultScope {8F3E64F0-AB5C-46EF-BB92-37935EF8D9BE} URL =
SearchScopes: HKU\S-1-5-21-44191542-1518720996-1327910612-501 -> {8F3E64F0-AB5C-46EF-BB92-37935EF8D9BE} URL =
2018-10-23 23:24 - 2018-08-18 03:48 - 000000353 _____ C:\Program Files (x86)\eXeScope.ini
2018-10-23 23:24 - 2010-01-11 06:05 - 000035154 _____ C:\Program Files (x86)\uninstall.exe
2018-10-23 23:24 - 2004-06-17 22:37 - 000994984 _____ () C:\Program Files (x86)\eXeScope.exe
2018-10-23 23:24 - 2004-06-16 09:23 - 000113664 _____ C:\Program Files (x86)\eXeBat.exe
2018-10-23 23:24 - 2003-07-22 20:31 - 000058797 _____ C:\Program Files (x86)\EXESCENG.HLP
2018-10-22 16:37 - 2016-03-12 04:45 - 000000000 ____D C:\Users\Chris\AppData\Local\SweetLabs App Platform
2018-10-23 23:24 - 2017-04-04 04:43 - 000016958 _____ () C:\Program Files (x86)\64X64.ico
2018-10-23 23:24 - 2004-06-16 09:23 - 000113664 _____ () C:\Program Files (x86)\eXeBat.exe
2018-10-23 23:24 - 2003-07-22 20:31 - 000058797 _____ () C:\Program Files (x86)\EXESCENG.HLP
2018-10-23 23:24 - 2004-06-17 22:37 - 000994984 _____ () C:\Program Files (x86)\eXeScope.exe
2018-10-23 23:24 - 2018-08-18 03:48 - 000000353 _____ () C:\Program Files (x86)\eXeScope.ini
2018-10-23 23:24 - 2017-04-04 04:42 - 000081810 _____ () C:\Program Files (x86)\logoamerigotransparente.png
2018-10-23 23:24 - 2018-10-11 03:42 - 000067646 _____ () C:\Program Files (x86)\phonebook_128px_1165510_easyicon.net.ico
2018-10-23 23:24 - 2010-01-11 06:05 - 000035154 _____ () C:\Program Files (x86)\uninstall.exe
2016-03-12 04:47 - 2018-11-13 20:47 - 000603003 _____ () C:\Users\Chris\AppData\Local\BTServer.log
2018-09-26 04:36 - 2018-09-26 04:36 - 000000000 _____ () C:\Users\Chris\AppData\Local\oobelibMkey.log
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {608A199A-8348-46E4-A114-A9EA9EA581CD} - System32\Tasks\SweetLabs App Platform => C:\Users\Chris\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe [2018-10-04] (Pokki)
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {C72C11FF-1FA3-45F4-B492-8D3F7D05E8B7} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe [2014-09-10] (Maxthon International ltd.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
AlternateDataStreams: C:\windows:nlsPreferences [386]
C:\Users\Chris\AppData\Local\SweetLabs App Platform
C:\Users\Chris\AppData\Local\Pokki
C:\Program Files (x86)\Common Files\System Sll\ygport.exe
C:\Program Files (x86)\Common Files\System Sll
End::

Share this post


Link to post
Share on other sites

Let's take a fresh look.

Run fresh scans with Emsisoft Emergency Kit (EEK) and FRST, attach the new EEK and FRST scans to your reply.

Be sure to let me know how things are running.

Share this post


Link to post
Share on other sites

Please run FRST again. Next, select and copy the following text, including the words Start:: and End::. Switch back to the FRST program window, and click the Fix button. It should read the fix directly from the clipboard and run the fix. When it is finished, please attach the fixlog.txt file it created in the same folder the FRST program is in.

Start::
() C:\Program Files (x86)\Common Files\System Sll\sllsrv.exe
S2 avast; "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /svc [X]
S3 avastm; "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /medsvc [X]
R2 sllPdSrv; C:\Program Files (x86)\Common Files\System Sll\sllsrv.exe [X]
S3 IOjsys2018; \??\C:\Program Files (x86)\Common Files\System Sll\DomainJump\drivers\sys864.sys [X]
2018-10-25 23:56 - 2018-11-14 20:23 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-10-25 23:56 - 2018-11-14 20:08 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-10-25 23:56 - 2018-10-25 23:56 - 000000000 ____D C:\windows\System32\Tasks\Safer-Networking
2018-10-23 23:25 - 2018-10-23 23:26 - 000000000 ____D C:\ProgramData\OfficeGuardianV2
2018-10-23 23:24 - 2018-10-28 12:37 - 000003442 _____ C:\windows\System32\Tasks\System Sll
2018-11-14 19:55 - 2018-05-20 08:23 - 000000000 ____D C:\Users\Chris\AppData\Local\AVAST Software
2018-11-14 19:53 - 2018-05-20 08:23 - 000000000 ____D C:\Program Files (x86)\AVAST Software
2018-11-07 15:04 - 2016-03-12 13:27 - 000000000 ____D C:\windows\System32\Tasks\AVAST Software
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Task: {22A5FF81-8E0D-4EE7-8D6A-3C09BC0AB66E} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
Task: {612904BB-37F2-4DB6-816C-2943D6D09D8F} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {6DDEAAD6-F86C-4E34-8E63-614E26184FCD} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-10-28] (AVAST Software) <==== ATTENTION
Task: {6F59F951-4E31-420F-A7F4-3B0627E8055C} - System32\Tasks\System Sll => C:\Program Files (x86)\Common Files\System Sll\TaskSetter.exe
Task: {D3EDE944-1A15-4414-B142-A5AFF46A3213} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
End::

Share this post


Link to post
Share on other sites

It is not recommended that you run more than one Anit-Virus solution on a computer.  Doing so can create conflicts, cause performance issues and render a system vulnerable to infection.

Now to remove most of the tools that we have used in fixing your machine:

Download Delfix from here and save it to your Desktop.

  • Ensure Remove disinfection tools is checked.
  • Also place a checkmark next to:
    • Create registry backup
    • Purge system restore
  • Click the Run button.

When the tool is finished, a log will open in notepad. I do not need the log. You can close Notepad.

Empty the Recycle Bin

You can delete and uninstall any programs I had you download, that you do not wish to keep on the system.

To Remove EEK simple delete the EEK for in the of your System Drive, normally C:\EEK

Run Windows Update and update your Windows Operating System.

Articles to Read:
How to Protect Your Computer From Malware
How to keep you and your Windows PC happy
Web, email, chat, password and kids safety
How Did I Get Infected?

That should take care of everything.

Safe Surfing!

Share this post


Link to post
Share on other sites

You are Welcome.

Happy Thanksgiving.

Thread Closed

Reason: Resolved

PM either Kevin, Elise, or Arthur to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on a system, other than the one they were written for, could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.