DanteYoda Posted July 28, 2016 Hello to everyone, I believe my system is heavily infected yet i cannot see anything, i can use my system fine, but odd things keep happening, re-directions in web browsers, my system randomly linking to russian and chinese ips and every single Antivirus scan comes back clean, like they just cannot see this thing.. I've tried running a lot, I've reformatted 3 times, i've cleaned my master boot record and reset my modem/router to factory 3 times (all at once) i've scanned my drives on external caddy.. Nothing. Today i'm seeing this in Superantispyware VirusTrigger 1.2.lnk Its doesn't remove it, just scans past it like its not there. When i search for the file nothing, I decided i'd seek help from you as your far more in the know than i am these days. Added a screenshot of what i've seen. Share this post Link to post Share on other sites
GuiltySpark Posted July 28, 2016 Hi Dante Please download and run a scan with ADWCleaner select clean and attach the log file back here Thanks. Share this post Link to post Share on other sites
DanteYoda Posted July 29, 2016 Hello thanks for the assist, i'm Australian so my time difference is out a bit. Here is the log Seems quite empty.. AdwCleanerC1.txt Share this post Link to post Share on other sites
GuiltySpark Posted July 29, 2016 Does seem clean. Download and run Hitman Pro and post the logs (you don't need to activate a full license the trial is fine). Download and run TDSSKiller and post the logs. Download and run MBAM and post log files. Your original picture is not working are you sure it was attached? Do you still get re-directs when in Safe Mode with Networking? Share this post Link to post Share on other sites
DanteYoda Posted July 29, 2016 Hi yes i get all sorts of odd stuff in safe mode, i even tried Kaspersky rescue disk and after it loads GUI, as soon as i touch my mouse to go to scan it shuts down and turns off my PC.. every time.. I've never seen anything like that before. Here are the Logs you requested, I think. When i try to upload the hitman log i get this Error You aren't permitted to upload this kind of file As per the first picture it seems my PC wont allow me to upload it..when i click browse and choose the picture the open changes instantly and no picture is selected.. Ok i zipped it up, please scan it well... Hitman Log HitmanPro 3.7.14.265 www.hitmanpro.com Computer name . . . . : ANT-PC Windows . . . . . . . : 6.1.1.7601.X64/4 User name . . . . . . : Ant-PC\Ant UAC . . . . . . . . . : Enabled License . . . . . . . : Free Scan date . . . . . . : 2016-07-30 00:16:33 Scan mode . . . . . . : Normal Scan duration . . . . : 41s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 1 Objects scanned . . . : 1,145,580 Files scanned . . . . : 48,087 Remnants scanned . . : 260,850 files / 836,643 keys Cookies _____________________________________________________________________ C:\Users\Ant\AppData\Roaming\Mozilla\Firefox\Profiles\wef2my4y.default\cookies.sqlite:2o7.net Virus Trigger.zip Mbam Log.txt TDSSKiller.3.1.0.9_30.07.2016_00.35.24_log.txt Share this post Link to post Share on other sites
GuiltySpark Posted July 29, 2016 There does seem to be a remnant of Virus Trigger which should not be there in the Quick launch although it is in the Roaming folder which can be removed manually if you'd prefer by typing into the search bar on the Windows menu: C:\Users\Dante(or whatever your username for the computer is)\AppData\ You should then get a list of folders such as Local, Local Low, Roaming Open up the Roaming folder and see what's inside (you may have to select "view all files from the Folder Options menu". As there seems to be nothing being picked up by the other scans I would like you to Download FRST Run it in Safe Mode (save it to the desktop log files will be collected in that folder). You will be presented with two log files please attach those here using the attach function under the More Reply Options in the text box (bottom right) We may be able to find out what is causing the redirects through this. Also, what extensions (add-ons) are you using in your browser(s)? Share this post Link to post Share on other sites
DanteYoda Posted July 30, 2016 Hi thanks for looking into this. I had to sleep last night it was 1:00am. Here are the files as per requested. The issue with the Virus Trigger is Superantispyware can see it apparently but when i navigate there, there is nothing in the folder, even if i show hidden files and operating system files.. Pretty sure its hidden some how as SAS can still see it. My Default web browser is Firefox using Noscript 2.9.0.12 Ad block plus 2.7.3 Classic Theme Restorer 1.5.4.2 Download Status Bar 13.4.2.2 Element hiding helper for Adblock plus 1.3.8 Kaspersky Protection 4.6.3-7 For some reason it wont let me upload the addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-07-2016Ran by Ant (2016-07-30 18:09:29)Running from C:\Users\Ant\DesktopWindows 7 Home Premium Service Pack 1 (X64) (2016-07-14 02:10:47)Boot Mode: Safe Mode (minimal)============================================================================== Accounts: =============================Administrator (S-1-5-21-1135079375-1989960327-2245839541-500 - Administrator - Disabled)Ant (S-1-5-21-1135079375-1989960327-2245839541-1000 - Administrator - Enabled) => C:\Users\AntGuest (S-1-5-21-1135079375-1989960327-2245839541-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-1135079375-1989960327-2245839541-1002 - Limited - Enabled)==================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}==================== Installed Programs ======================(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.1.0 - Asmedia Technology)CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform)Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)GlassWire 1.2 (remove only) (HKLM-x32\...\GlassWire 1.2) (Version: 1.2.71 - SecureMix LLC)HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.265 - SurfRight B.V.)Intel® Network Connections 15.6.25.0 (HKLM\...\PROSetDX) (Version: 15.6.25.0 - Intel)Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{F575F386-57EF-4943-B003-A13F13B05EEB}) (Version: 16.0.1.445 - Kaspersky Lab)Kaspersky Internet Security (x32 Version: 16.0.1.445 - Kaspersky Lab) HiddenLogitech Gaming Software 8.83 (HKLM\...\Logitech Gaming Software) (Version: 8.83.85 - Logitech Inc.)Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)Mozilla Firefox 47.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1 - Mozilla)MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team)NetSpeedMonitor 2.5.4.0 x64 (HKLM\...\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}) (Version: 2.5.4.0 - Florian Gilles)Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.23 - Black Tree Gaming)NVIDIA Graphics Driver 364.47 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.47 - NVIDIA Corporation)NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.9.7 - Samsung Electronics)SteelSeries Engine 3.8.3 (HKLM\...\SteelSeries Engine 3) (Version: 3.8.3 - SteelSeries ApS)SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1222 - SUPERAntiSpyware.com)Windows Driver Package - Microsoft (xusb21) XnaComposite (08/13/2009 2.1.0.1349) (HKLM\...\0AEBEF6F936CFE16E003F7E141631FAB754D9816) (Version: 08/13/2009 2.1.0.1349 - Microsoft)==================== Custom CLSID (Whitelisted): ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== Scheduled Tasks (Whitelisted) =============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)Task: {989F730D-9DB7-4079-BE70-07D788672176} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2016-05-13] (Samsung Electronics.)Task: {DE3BD765-43FB-4F09-8F35-8877F38EC1B8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-07-14] (Piriform Ltd)(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)==================== Shortcuts =============================(The entries could be listed to be restored or removed.)==================== Loaded Modules (Whitelisted) ================================== Alternate Data Streams (Whitelisted) =========(If an entry is included in the fixlist, only the ADS will be removed.)==================== Safe Mode (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"==================== Association (Whitelisted) ===============(If an entry is included in the fixlist, the registry item will be restored to default or removed.)==================== Internet Explorer trusted/restricted ===============(If an entry is included in the fixlist, it will be removed from the registry.)==================== Hosts content: ===============================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2009-07-14 12:34 - 2016-07-28 18:32 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost==================== Other Areas ============================(Currently there is no automatic fix for this section.)HKU\S-1-5-21-1135079375-1989960327-2245839541-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ant\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpgDNS Servers: Media is not connected to internet.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)==================== MSCONFIG/TASK MANAGER disabled items ==(Currently there is no automatic fix for this section.)==================== FirewallRules (Whitelisted) ===============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)FirewallRules: [{7D2E6F0C-B027-4BEA-B8C6-533F8E22CF03}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exeFirewallRules: [{6A0500E5-ADC9-4F83-92F6-C14611FB84B4}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exeFirewallRules: [{D44C29EB-3D8D-444C-922C-FAD9445C220E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exeFirewallRules: [{53C9C4F0-760C-4D00-9786-29404C867DB2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exeFirewallRules: [{5AEC7C13-C183-4DFD-ACDB-2EA32195CAF1}] => (Allow) E:\Program Files (x86)\Steam\Steam.exeFirewallRules: [{8C8C37AD-5AF9-4CB0-9498-6CD733717D02}] => (Allow) E:\Program Files (x86)\Steam\Steam.exeFirewallRules: [{A72FFBDB-2780-4B2B-8422-635585A1AE9E}] => (Allow) E:\Program Files (x86)\Steam\bin\steamwebhelper.exeFirewallRules: [{63166BFD-5D87-4843-96DC-E2CA335F2958}] => (Allow) E:\Program Files (x86)\Steam\bin\steamwebhelper.exeFirewallRules: [{ADBC105B-1304-45B6-9428-A09A1A8BE201}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Fallout 4\Fallout4Launcher.exeFirewallRules: [{D7DE8F79-0F8A-44AC-B354-62909C76B6C2}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Fallout 4\Fallout4Launcher.exeStandardProfile\AuthorizedApplications: [C:\Users\Ant\Downloads\adsfix_3_24.07.2016.1.exe] => Enabled:adsfix_3_24.07.2016.1==================== Restore Points =========================28-07-2016 19:04:04 ComboFix created restore point29-07-2016 23:42:18 Installed DirectX==================== Faulty Device Manager Devices =============Name: Kaspersky Lab power events providerDescription: Kaspersky Lab power events providerClass Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}Manufacturer: KLService: klhkProblem: : Windows cannot initialize the device driver for this hardware. (Code 37)Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.Name: Security Processor Loader DriverDescription: Security Processor Loader DriverClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: spldrProblem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.Devices stay in this state if they have been prepared for removal.After you remove the device, this error disappears.Remove the device, and this error should be resolved.==================== Event log errors: =========================Application errors:==================Error: (07/30/2016 06:02:26 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (07/29/2016 11:12:49 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (07/29/2016 03:33:42 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (07/29/2016 01:44:00 PM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.Please use sxstrace.exe for detailed diagnosis.Error: (07/29/2016 11:31:19 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (07/29/2016 12:11:49 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (07/28/2016 07:18:09 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (07/28/2016 06:33:46 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (07/28/2016 06:19:32 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (07/28/2016 04:46:07 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003System errors:=============Error: (07/30/2016 06:08:48 PM) (Source: DCOM) (EventID: 10005) (User: )Description: 1084NVSvc{DCAB0989-1301-4319-BE5F-ADE89F88581C}Error: (07/30/2016 06:08:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:%%1068 = The dependency service or group failed to start.Error: (07/30/2016 06:08:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:%%1068 = The dependency service or group failed to start.Error: (07/30/2016 06:08:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:%%1068 = The dependency service or group failed to start.Error: (07/30/2016 06:08:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:%%1068 = The dependency service or group failed to start.Error: (07/30/2016 06:08:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:%%1068 = The dependency service or group failed to start.Error: (07/30/2016 06:08:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:%%1068 = The dependency service or group failed to start.Error: (07/30/2016 06:08:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:%%1068 = The dependency service or group failed to start.Error: (07/30/2016 06:08:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:%%1068 = The dependency service or group failed to start.Error: (07/30/2016 06:08:09 PM) (Source: DCOM) (EventID: 10005) (User: )Description: 1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89}CodeIntegrity:=================================== Date: 2016-07-19 14:35:14.934 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-07-19 14:35:14.919 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-07-14 19:05:42.016 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2016-07-14 19:05:42.016 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2016-07-14 19:05:42.016 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2016-07-14 19:05:42.016 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.==================== Memory info ===========================Processor: Intel® Core i5-2500 CPU @ 3.30GHzPercentage of memory in use: 7%Total physical RAM: 16351.14 MBAvailable physical RAM: 15178.09 MBTotal Virtual: 32700.46 MBAvailable Virtual: 31572.41 MB==================== Drives ================================Drive c: () (Fixed) (Total:232.79 GB) (Free:177.29 GB) NTFSDrive e: (New Volume) (Fixed) (Total:931.51 GB) (Free:569.41 GB) NTFSDrive f: (New Volume) (Fixed) (Total:2794.39 GB) (Free:2202.05 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or (Size: 232.9 GB) (Disk ID: EA17CBDD)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)========================================================Disk: 1 (Size: 2794.5 GB) (Disk ID: AF104DC1)Partition: GPT.========================================================Disk: 2 (MBR Code: Windows 7 or (Size: 931.5 GB) (Disk ID: 2988E40C)Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)========================================================Disk: 3 (MBR Code: Windows 7 or (Size: 931.5 GB) (Disk ID: A0E8DCD4)========================================================Disk: 4 (MBR Code: Windows XP) (Size: 596.2 GB) (Disk ID: C48DB665)==================== End of Addition.txt ============================ FRST.txt Share this post Link to post Share on other sites
GuiltySpark Posted July 30, 2016 Ok Dante Before you run this fix I would like you to make sure Combofix has been removed as you seem to have used this tool already (hope you had help as it can brick a machine if not used correctly). Select Start Orb, Enter combofix /uninstall (note the gap between fix and /), Press Enter if combofix uninstall shows up. (You may get a security warning pop up) Click Run. Copy and paste this into Notepad and save as Fixlist.txt within that same FRST folder. Select Fix on the FRST control panel. StartCreateRestorePoint:CloseProcesses:Emptytemp:SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTIONHKU\S-1-5-21-1135079375-1989960327-2245839541-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTIONCMD: ipconfig /flushdnsEnd Paste txt file back here. Share this post Link to post Share on other sites
DanteYoda Posted July 30, 2016 Yes Combofix has been uninstalled. I only ran it as a last ditched effort honestly. Can i ask will i need to do this in safe mode or normal? I ran it in standard windows. I noticed after i restarted i saw a CMD box pop up for a second and my screen went black two or three times.. just mentioning this in case that's not normal. Fixlog.txt Share this post Link to post Share on other sites
GuiltySpark Posted July 30, 2016 It may be the background processes shutting down causing the black screens. Run a full cookie clean with CCleaner. Attempt to use the computer normally and see if there are still issues. Share this post Link to post Share on other sites
DanteYoda Posted July 31, 2016 Hi yes i use Ccleaner already, i noticed last night while using steam my whole monitor was going black for a second randomly like something was taking control.. I'll keep monitoring my issues.. Superantispyware is still seeing VirusTrigger 1.2.lnk in my quick launch yet i cannot see it there, i don't understand that at all, could it be running outside of windows some how.. Tempted just to save up and buy a whole new system honestly.. Share this post Link to post Share on other sites
GuiltySpark Posted July 31, 2016 I can't find anything on the system from those scans that suggest a malware issue, the black screens could be from a driver. If you're still unsure and would like a diagnostic done then create a ticket with SAS www.superantispyware.com/precreateticket.html as there is not much I can do from this end. They will run a diagnostic scan and help you through any problems. Incidentally, is SAS updated fully? Share this post Link to post Share on other sites
DanteYoda Posted August 1, 2016 Hi thanks for your help either way, Yes Superantispyware is updated, or at least looks updated, i wondered if it was actually updating myself, that includes my Malwarebytes and Kaspersky. Again thanks for your time. Share this post Link to post Share on other sites
ezekial52787 Posted December 5, 2016 On 7/31/2016 at 5:07 PM, DanteYoda said: Hi thanks for your help either way, Yes Superantispyware is updated, or at least looks updated, i wondered if it was actually updating myself, that includes my Malwarebytes and Kaspersky. Again thanks for your time. did the sas support fix your problem dante? if not, might I suggest your internet connection may have been infected with a worm type malware. the malware doesn't reside in your your computer, but rather it is directly on your connection. Share this post Link to post Share on other sites