-
Let's get system restore turned back on.
https://www.tenforums.com/tutorials/...dows-10-a.html
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Start Farbar Recovery Scan Tool with Administrator privileges
or Right click on the FRST icon and select Run as administrator
Right click/highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
Start::
CloseProcesses:
CreateRestorePoint:
Handler: WSKVAllmytubechrome - {91AB862D-07B8-4A85 - No File
S3 WsDrvInst; "E:\Keepvid\KeepVid Pro (Desktop)\DriverInstall.exe" [X]
S1 cycgorla; \??\C:\WINDOWS\system32\drivers\cycgorla.sys [X]
2017-12-19 21:07 - 2017-06-20 00:10 - 001930320 _____ (Microsoft Corporation) C:\Users\Jay\AppData\Local\Temp\dllnt_dump.dll
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ShortcutWithArgument: C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gооglе Plаy Мusiс.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat () -> --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
ShortcutWithArgument: C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\еSpоrt Тоurnаmеnts Fоr Моnеy ⚡ Неаrth.._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat () -> --profile-directory=Default --app-id=ldnihfekhncchmljjkikeondcdehkbee
ShortcutWithArgument: C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Оvеrwаtсh Pеrfоrmаnсе Тrасkеr (Вlаnk).._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat () -> --profile-directory=Default --app-id=amemnopljkanfileagmgohnmfnflikdo
ShortcutWithArgument: C:\Users\Jay\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\еSpоrt Тоurnаmеnts Fоr Моnеy ⚡ Неаrth.._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat () -> --profile-directory=Default --app-id=ldnihfekhncchmljjkikeondcdehkbee
ShortcutWithArgument: C:\Users\Jay\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Оvеrwаtсh Pеrfоrmаnсе Тrасkеr (Вlаnk).._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat () -> --profile-directory=Default --app-id=amemnopljkanfileagmgohnmfnflikdo
Emptytemp:
End::
Press the Fix button.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
~~~~~~~~~~~~~~~~~~~~~~~``
Please open Malwarebytes Anti-Malware.
On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete Apply Actions to any found entries.
Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
After the restart once you are back at your desktop, open MBAM once more.
To get the log from Malwarebytes do the following:
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click Export > From export you have three options: > From export you have three options:
Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…
Please post these 2 logs when finished.
-
what device is connected to Drive f:
-
Drive F: is a virtual drive through PowerISO.
Here are the logs requested:
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 12/25/17
Scan Time: 9:25 AM
Log File: c648d0de-e987-11e7-b191-902b341033e8.json
Administrator: Yes
-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3560
License: Free
-System Information-
OS: Windows 10 (Build 16299.125)
CPU: x64
File System: NTFS
User: JAY-PC\Jay
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 305902
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 3 min, 9 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 0
(No malicious items detected)
Physical Sector: 0
(No malicious items detected)
(end)
Fix result of Farbar Recovery Scan Tool (x64) Version: 23-12-2017 01
Ran by Jay (25-12-2017 09:13:54) Run:1
Running from C:\Users\Jay\Desktop
Loaded Profiles: Jay (Available Profiles: Jay)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
Handler: WSKVAllmytubechrome - {91AB862D-07B8-4A85 - No File
S3 WsDrvInst; "E:\Keepvid\KeepVid Pro (Desktop)\DriverInstall.exe" [X]
S1 cycgorla; \??\C:\WINDOWS\system32\drivers\cycgorla.sys [X]
2017-12-19 21:07 - 2017-06-20 00:10 - 001930320 _____ (Microsoft Corporation) C:\Users\Jay\AppData\Local\Temp\dllnt_dump.dll
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ShortcutWithArgument: C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gооglе Plаy Мusiс.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat () -> --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
ShortcutWithArgument: C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\еSpоrt Тоurnаmеnts Fоr Моnеy ⚡ Неаrth.._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat () -> --profile-directory=Default --app-id=ldnihfekhncchmljjkikeondcdehkbee
ShortcutWithArgument: C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Оvеrwаtсh Pеrfоrmаnсе Тrасkеr (Вlаnk).._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat () -> --profile-directory=Default --app-id=amemnopljkanfileagmgohnmfnflikdo
ShortcutWithArgument: C:\Users\Jay\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\еSpоrt Тоurnаmеnts Fоr Моnеy ⚡ Неаrth.._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat () -> --profile-directory=Default --app-id=ldnihfekhncchmljjkikeondcdehkbee
ShortcutWithArgument: C:\Users\Jay\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Оvеrwаtсh Pеrfоrmаnсе Тrасkеr (Вlаnk).._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat () -> --profile-directory=Default --app-id=amemnopljkanfileagmgohnmfnflikdo
Emptytemp:
*****************
Processes closed successfully.
Restore point was successfully created.
"HKLM\Software\Classes\PROTOCOLS\Handler\WSKVAllmytubechrome" => removed successfully
WsDrvInst => service not found.
cycgorla => service not found.
"C:\Users\Jay\AppData\Local\Temp\dllnt_dump.dll" => not found.
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gооglе Plаy Мusiс.lnk => Shortcut argument removed successfully
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\еSpоrt Тоurnаmеnts Fоr Моnеy ⚡ Неаrth.._.lnk => Shortcut argument removed successfully
C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Оvеrwаtсh Pеrfоrmаnсе Тrасkеr (Вlаnk).._.lnk => Shortcut argument removed successfully
C:\Users\Jay\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\еSpоrt Тоurnаmеnts Fоr Моnеy ⚡ Неаrth.._.lnk => Shortcut argument removed successfully
C:\Users\Jay\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Оvеrwаtсh Pеrfоrmаnсе Тrасkеr (Вlаnk).._.lnk => Shortcut argument removed successfully
=========== EmptyTemp: ==========
BITS transfer queue => 6053888 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9525271 B
Java, Flash, Steam htmlcache => 561628175 B
Windows/system/drivers => 946005 B
Edge => 2521795 B
Chrome => 41155253 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 822 B
NetworkService => 0 B
Jay => 10869553 B
RecycleBin => 0 B
EmptyTemp: => 603.4 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 09:14:18 ====
-
http://i.imgur.com/G0tu5D9.pngEmsisoft Emergency Kit - Fix Mode
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
- Download the Emsisoft Emergency Kit and execute it. From there, click on the Install button to extract the program in the EEK folder;
- Once the extraction is complete, the EEK folder will open. Right-click on http://i.imgur.com/G0tu5D9.pngstart emergency kit scanner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
- EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
- After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
- Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
- If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
- After the restart, open EEK again (in the C:\EEK folder);
- This time, click on Logs;
- From there, go under the Quarantine Log tab, and click on the Export button;
- Save the log on your desktop, then open it, and copy/paste its content in your next reply;
created by Aura
After finishing the above scan please tell me how the computer is now.
-
Drive F
what did you mount or use since it was so small?
-
How is your computer now?
-
Sorry for the delay, been away from home for the holidays.
Here's the log after the emisoft scan:
Emsisoft Emergency Kit - Version 2017.11
Last update: 1/1/2018 8:46:29 PM
User account: JAY-PC\Jay
Computer name: JAY-PC
OS version: Windows 10x64
Scan settings:
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
Detect PUPs: On
Scan archives: Off
Scan mail archives: Off
ADS Scan: On
File extension filter: Off
Direct disk access: Off
Scan start: 1/1/2018 8:46:56 PM
Scanned 101012
Found 0
Scan end: 1/1/2018 8:48:00 PM
Scan time: 0:01:04
Everything appears to be back up and running as expected! No more CPU spikes and no more redirects :)
I think it's safe to say we're good. Thank you for all your help.
-
Good to hear.
DelFix
- Please download DelFix or from Here and save the file to your Desktop.
- Double-click DelFix.exe to run the programme.
- Place a checkmark next to the following items:
- Activate UAC
- Remove disinfection tools
- Click the Run button.
- -- This will remove the specialized tools we used to disinfect your system.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
*********
-
Glad we could help. http://i.imgur.com/SakDYGv.gif
Since this issue appears resolved ... this Topic is closed.