thebigeasytraveler Posted November 14, 2018 Report Share Posted November 14, 2018 I think I have an infection and would like guided help to remove. Please see attached as requested and let me know the next steps. Thank you in advance emergency scan 181113-174933.txt Link to comment Share on other sites More sharing options...
ShadowPuterDude Posted November 14, 2018 Report Share Posted November 14, 2018 Hello, I need the 2 logs produced by FRST. If you did not run FRST please do so. Download to your Desktop: Farbar Recovery Scan ToolNOTE: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. NOTE: If you are unable to download FRST from the infected system, FRST can be saved to and run from a USB flash drive. Run Farbar Recovery Scan Tool (FRST): Double-click to run it. When the tool opens click Yes to the disclaimer.NOTE: DO NOT change any of the default settings. If you do we will just close your logs and ask for new ones ran with FRST's default settings. Press Scan button. Farbar Recovery Scan Tool will produce the following logs: FRST.txt Addition.txt Attach those logs to your reply. Link to comment Share on other sites More sharing options...
thebigeasytraveler Posted November 14, 2018 Author Report Share Posted November 14, 2018 Got it. Attached. Thank you frst.txt frst1.txt Link to comment Share on other sites More sharing options...
ShadowPuterDude Posted November 15, 2018 Report Share Posted November 15, 2018 AVAST and Emsisoft are not compatible, uninstall AVAST. Uninstall Spybot as well. Please run FRST again. Next, select and copy the following text, including the words Start:: and End::. Switch back to the FRST program window, and click the Fix button. It should read the fix directly from the clipboard and run the fix. When it is finished, please attach the fixlog.txt file it created in the same folder the FRST program is in. Start::HKU\S-1-5-21-44191542-1518720996-1327910612-1002\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGONHKU\S-1-5-21-44191542-1518720996-1327910612-1004\...\MountPoints2: {9c5eb0c2-e484-11e5-825d-806e6f6e6963} - "D:\StartClickFreeBackup.exe"SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKU\S-1-5-21-44191542-1518720996-1327910612-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKU\S-1-5-21-44191542-1518720996-1327910612-501 -> DefaultScope {8F3E64F0-AB5C-46EF-BB92-37935EF8D9BE} URL =SearchScopes: HKU\S-1-5-21-44191542-1518720996-1327910612-501 -> {8F3E64F0-AB5C-46EF-BB92-37935EF8D9BE} URL =2018-10-23 23:24 - 2018-08-18 03:48 - 000000353 _____ C:\Program Files (x86)\eXeScope.ini2018-10-23 23:24 - 2010-01-11 06:05 - 000035154 _____ C:\Program Files (x86)\uninstall.exe2018-10-23 23:24 - 2004-06-17 22:37 - 000994984 _____ () C:\Program Files (x86)\eXeScope.exe2018-10-23 23:24 - 2004-06-16 09:23 - 000113664 _____ C:\Program Files (x86)\eXeBat.exe2018-10-23 23:24 - 2003-07-22 20:31 - 000058797 _____ C:\Program Files (x86)\EXESCENG.HLP2018-10-22 16:37 - 2016-03-12 04:45 - 000000000 ____D C:\Users\Chris\AppData\Local\SweetLabs App Platform2018-10-23 23:24 - 2017-04-04 04:43 - 000016958 _____ () C:\Program Files (x86)\64X64.ico2018-10-23 23:24 - 2004-06-16 09:23 - 000113664 _____ () C:\Program Files (x86)\eXeBat.exe2018-10-23 23:24 - 2003-07-22 20:31 - 000058797 _____ () C:\Program Files (x86)\EXESCENG.HLP2018-10-23 23:24 - 2004-06-17 22:37 - 000994984 _____ () C:\Program Files (x86)\eXeScope.exe2018-10-23 23:24 - 2018-08-18 03:48 - 000000353 _____ () C:\Program Files (x86)\eXeScope.ini2018-10-23 23:24 - 2017-04-04 04:42 - 000081810 _____ () C:\Program Files (x86)\logoamerigotransparente.png2018-10-23 23:24 - 2018-10-11 03:42 - 000067646 _____ () C:\Program Files (x86)\phonebook_128px_1165510_easyicon.net.ico2018-10-23 23:24 - 2010-01-11 06:05 - 000035154 _____ () C:\Program Files (x86)\uninstall.exe2016-03-12 04:47 - 2018-11-13 20:47 - 000603003 _____ () C:\Users\Chris\AppData\Local\BTServer.log2018-09-26 04:36 - 2018-09-26 04:36 - 000000000 _____ () C:\Users\Chris\AppData\Local\oobelibMkey.logTask: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTIONTask: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTIONTask: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTIONTask: {608A199A-8348-46E4-A114-A9EA9EA581CD} - System32\Tasks\SweetLabs App Platform => C:\Users\Chris\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe [2018-10-04] (Pokki)Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTIONTask: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTIONTask: {C72C11FF-1FA3-45F4-B492-8D3F7D05E8B7} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe [2014-09-10] (Maxthon International ltd.)Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTIONAlternateDataStreams: C:\windows:nlsPreferences [386]C:\Users\Chris\AppData\Local\SweetLabs App PlatformC:\Users\Chris\AppData\Local\PokkiC:\Program Files (x86)\Common Files\System Sll\ygport.exeC:\Program Files (x86)\Common Files\System SllEnd:: Link to comment Share on other sites More sharing options...
thebigeasytraveler Posted November 15, 2018 Author Report Share Posted November 15, 2018 As instructed, here's the file. Fixlog.txt Link to comment Share on other sites More sharing options...
ShadowPuterDude Posted November 16, 2018 Report Share Posted November 16, 2018 Let's take a fresh look. Run fresh scans with Emsisoft Emergency Kit (EEK) and FRST, attach the new EEK and FRST scans to your reply. Be sure to let me know how things are running. Link to comment Share on other sites More sharing options...
thebigeasytraveler Posted November 16, 2018 Author Report Share Posted November 16, 2018 Kevin, things appear to be running smoother. The logs are attached. Thanks for all your help with this mess. frst 11.16.txt frst1 11.16.txt scan_11.15.18.txt Link to comment Share on other sites More sharing options...
ShadowPuterDude Posted November 17, 2018 Report Share Posted November 17, 2018 Please run FRST again. Next, select and copy the following text, including the words Start:: and End::. Switch back to the FRST program window, and click the Fix button. It should read the fix directly from the clipboard and run the fix. When it is finished, please attach the fixlog.txt file it created in the same folder the FRST program is in. Start::() C:\Program Files (x86)\Common Files\System Sll\sllsrv.exeS2 avast; "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /svc [X]S3 avastm; "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /medsvc [X]R2 sllPdSrv; C:\Program Files (x86)\Common Files\System Sll\sllsrv.exe [X]S3 IOjsys2018; \??\C:\Program Files (x86)\Common Files\System Sll\DomainJump\drivers\sys864.sys [X]2018-10-25 23:56 - 2018-11-14 20:23 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 22018-10-25 23:56 - 2018-11-14 20:08 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy2018-10-25 23:56 - 2018-10-25 23:56 - 000000000 ____D C:\windows\System32\Tasks\Safer-Networking2018-10-23 23:25 - 2018-10-23 23:26 - 000000000 ____D C:\ProgramData\OfficeGuardianV22018-10-23 23:24 - 2018-10-28 12:37 - 000003442 _____ C:\windows\System32\Tasks\System Sll2018-11-14 19:55 - 2018-05-20 08:23 - 000000000 ____D C:\Users\Chris\AppData\Local\AVAST Software2018-11-14 19:53 - 2018-05-20 08:23 - 000000000 ____D C:\Program Files (x86)\AVAST Software2018-11-07 15:04 - 2016-03-12 13:27 - 000000000 ____D C:\windows\System32\Tasks\AVAST SoftwareShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No FileShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No FileTask: {22A5FF81-8E0D-4EE7-8D6A-3C09BC0AB66E} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exeTask: {612904BB-37F2-4DB6-816C-2943D6D09D8F} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exeTask: {6DDEAAD6-F86C-4E34-8E63-614E26184FCD} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-10-28] (AVAST Software) <==== ATTENTIONTask: {6F59F951-4E31-420F-A7F4-3B0627E8055C} - System32\Tasks\System Sll => C:\Program Files (x86)\Common Files\System Sll\TaskSetter.exeTask: {D3EDE944-1A15-4414-B142-A5AFF46A3213} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exeEnd:: Link to comment Share on other sites More sharing options...
thebigeasytraveler Posted November 18, 2018 Author Report Share Posted November 18, 2018 Got it. Attached FRST 11.17.txt Link to comment Share on other sites More sharing options...
ShadowPuterDude Posted November 20, 2018 Report Share Posted November 20, 2018 OK, Run a fresh scan with FRST, attach the new FRST scan logs to your reply. Link to comment Share on other sites More sharing options...
thebigeasytraveler Posted November 20, 2018 Author Report Share Posted November 20, 2018 Hi Kevin, attached. I used the instructions for above to include the copied text. Fixlog attached Fixlog 11.19.txt Link to comment Share on other sites More sharing options...
thebigeasytraveler Posted November 20, 2018 Author Report Share Posted November 20, 2018 Scan Logs attached frst 11.20.txt FRST1 11.20.txt Link to comment Share on other sites More sharing options...
ShadowPuterDude Posted November 21, 2018 Report Share Posted November 21, 2018 Your logs look fine. How are things running? Link to comment Share on other sites More sharing options...
thebigeasytraveler Posted November 21, 2018 Author Report Share Posted November 21, 2018 Kevin, Thank you. All appears well at this point. Please provide your recommendations on all protection needed to keep us safe. Link to comment Share on other sites More sharing options...
ShadowPuterDude Posted November 22, 2018 Report Share Posted November 22, 2018 It is not recommended that you run more than one Anit-Virus solution on a computer. Doing so can create conflicts, cause performance issues and render a system vulnerable to infection. Now to remove most of the tools that we have used in fixing your machine: Download Delfix from here and save it to your Desktop. Ensure Remove disinfection tools is checked. Also place a checkmark next to: Create registry backup Purge system restore Click the Run button. When the tool is finished, a log will open in notepad. I do not need the log. You can close Notepad. Empty the Recycle Bin You can delete and uninstall any programs I had you download, that you do not wish to keep on the system. To Remove EEK simple delete the EEK for in the of your System Drive, normally C:\EEK Run Windows Update and update your Windows Operating System. Articles to Read:How to Protect Your Computer From MalwareHow to keep you and your Windows PC happyWeb, email, chat, password and kids safetyHow Did I Get Infected? That should take care of everything. Safe Surfing! Link to comment Share on other sites More sharing options...
thebigeasytraveler Posted November 22, 2018 Author Report Share Posted November 22, 2018 Thank you Kevin and Happy Thanksgiving Link to comment Share on other sites More sharing options...
ShadowPuterDude Posted November 23, 2018 Report Share Posted November 23, 2018 You are Welcome. Happy Thanksgiving. Thread Closed Reason: Resolved PM either Kevin, Elise, or Arthur to have this thread reopened. The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on a system, other than the one they were written for, could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread Link to comment Share on other sites More sharing options...
Recommended Posts