Computer Hope
Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: supah_dan on October 30, 2016, 12:25:04 PM
-
A command window pops up every certain time and it says C://Windows/system32/ipconfig.exe on it. It slows down my machine and also kicks me out of games, becoming realy anoying. Can anyone help me please?
I entered a page that asked to turn off my add blocker so i could go in right before this started, that´s why I think it is a malware.
I attached a photo of the command window
[attachment deleted by admin to conserve space]
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please download MiniToolBox (http://download.bleepingcomputer.com/farbar/MiniToolBox.exe) to Desktop and run it.
(http://i424.photobucket.com/albums/pp322/digistar/MiniToolBox.png)
Checkmark the following boxes:
- Flush DNS
- Report IE Proxy Settings
- Reset IE Proxy Settings
- List content of Hosts
- List IP Configuration
- Lst Last 10 Event Viewer Errors
- List Users, Partitions and Memory Size
[/b]
Click Go and copy/paste the log (Result.txt) into your next post.
**********************************************************
Download Security Check by screen317 from the following link and save it to your desktop.
Security Check (http://www.bleepingcomputer.com/download/securitycheck/)
* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
-
Thank you so much for your reply!
Here are the logs
Please, if you need me to translate anything, just ask me to.
MINITOOLBOX LOG
MiniToolBox by Farbar Version: 17-06-2016
Ran by user (administrator) on 31-10-2016 at 16:26:26
Running from "C:\Users\user\AppData\Local\Temp\scoped_dir2580_2321"
Microsoft Windows 8 Pro (X64)
Model: HP Pavilion dv4 Notebook PC Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Configuraci�n IP de Windows
Se vaci� correctamente la cach� de resoluci�n de DNS.
========================= IE Proxy Settings: ==============================
Proxy is enabled.
ProxyServer: http=127.0.0.1:8080;https=127.0.0.1:8080
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
127.0.0.1 localhost
========================= IP Configuration: ================================
Intel(R) Centrino(R) Wireless-N 1030 = Wi-Fi (Connected)
Controladora Gigabit Ethernet Qualcomm Atheros AR8151 PCI-E (NDIS 6.30) = Ethernet (Media disconnected)
Dispositivo Bluetooth (Red de área personal) = Conexión de red Bluetooth (Media disconnected)
# ----------------------------------
# Configuraci¢n de IPv4
# ----------------------------------
pushd interface ipv4
reset
set global icmpredirects=enabled
set interface interface="Conexi¢n de rea local* 9" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Conexi¢n de red Bluetooth" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Conexi¢n de rea local* 12" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="other_1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
add address name="Ethernet" address=100.0.0.1 mask=255.0.0.0
popd
# Fin de la configuraci¢n de IPv4
Configuraci¢n IP de Windows
Nombre de host. . . . . . . . . : hp
Sufijo DNS principal . . . . . :
Tipo de nodo. . . . . . . . . . : h¡brido
Enrutamiento IP habilitado. . . : no
Proxy WINS habilitado . . . . . : no
Adaptador de LAN inal mbrica Conexi¢n de rea local* 12:
Estado de los medios. . . . . . . . . . . : medios desconectados
Sufijo DNS espec¡fico para la conexi¢n. . :
Descripci¢n . . . . . . . . . . . . . . . : Adaptador virtual de red hospedada de Microsoft
Direcci¢n f¡sica. . . . . . . . . . . . . : AC-72-89-58-CF-10
DHCP habilitado . . . . . . . . . . . . . : s¡
Configuraci¢n autom tica habilitada . . . : s¡
Adaptador de Ethernet Conexi¢n de red Bluetooth:
Estado de los medios. . . . . . . . . . . : medios desconectados
Sufijo DNS espec¡fico para la conexi¢n. . :
Descripci¢n . . . . . . . . . . . . . . . : Dispositivo Bluetooth (Red de rea personal)
Direcci¢n f¡sica. . . . . . . . . . . . . : AC-72-89-58-CF-13
DHCP habilitado . . . . . . . . . . . . . : s¡
Configuraci¢n autom tica habilitada . . . : s¡
Adaptador de LAN inal mbrica Wi-Fi:
Sufijo DNS espec¡fico para la conexi¢n. . :
Descripci¢n . . . . . . . . . . . . . . . : Intel(R) Centrino(R) Wireless-N 1030
Direcci¢n f¡sica. . . . . . . . . . . . . : AC-72-89-58-CF-0F
DHCP habilitado . . . . . . . . . . . . . : s¡
Configuraci¢n autom tica habilitada . . . : s¡
V¡nculo: direcci¢n IPv6 local. . . : fe80::e5ef:d278:f419:3ec0%13(Preferido)
Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.0.10(Preferido)
M scara de subred . . . . . . . . . . . . : 255.255.255.0
Concesi¢n obtenida. . . . . . . . . . . . : lunes, 31 de octubre de 2016 03:25:51 p. m.
La concesi¢n expira . . . . . . . . . . . : lunes, 31 de octubre de 2016 05:25:51 p. m.
Puerta de enlace predeterminada . . . . . : 192.168.0.1
Servidor DHCP . . . . . . . . . . . . . . : 192.168.0.1
IAID DHCPv6 . . . . . . . . . . . . . . . : 330068617
DUID de cliente DHCPv6. . . . . . . . . . : 00-01-00-01-1C-B9-00-C8-78-E3-B5-58-E8-33
Servidores DNS. . . . . . . . . . . . . . : 10.2.9.116
10.3.9.116
NetBIOS sobre TCP/IP. . . . . . . . . . . : habilitado
Adaptador de Ethernet Ethernet:
Estado de los medios. . . . . . . . . . . : medios desconectados
Sufijo DNS espec¡fico para la conexi¢n. . :
Descripci¢n . . . . . . . . . . . . . . . : Controladora Gigabit Ethernet Qualcomm Atheros AR8151 PCI-E (NDIS 6.30)
Direcci¢n f¡sica. . . . . . . . . . . . . : 78-E3-B5-58-E8-33
DHCP habilitado . . . . . . . . . . . . . : no
Configuraci¢n autom tica habilitada . . . : s¡
Adaptador de t£nel Teredo Tunneling Pseudo-Interface:
Estado de los medios. . . . . . . . . . . : medios desconectados
Sufijo DNS espec¡fico para la conexi¢n. . :
Descripci¢n . . . . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Direcci¢n f¡sica. . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP habilitado . . . . . . . . . . . . . : no
Configuraci¢n autom tica habilitada . . . : s¡
Adaptador de t£nel isatap.{EB8E790F-6F20-4850-87D2-1D129F1DC306}:
Estado de los medios. . . . . . . . . . . : medios desconectados
Sufijo DNS espec¡fico para la conexi¢n. . :
Descripci¢n . . . . . . . . . . . . . . . : Adaptador ISATAP de Microsoft #5
Direcci¢n f¡sica. . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP habilitado . . . . . . . . . . . . . : no
Configuraci¢n autom tica habilitada . . . : s¡
Servidor: sevilla.izzi.mx
Address: 10.2.9.116
Nombre: google.com
Addresses: 2607:f8b0:4000:800::200e
216.58.218.110
Haciendo ping a google.com [200.77.168.20] con 32 bytes de datos:
Respuesta desde 200.77.168.20: bytes=32 tiempo=82ms TTL=56
Respuesta desde 200.77.168.20: bytes=32 tiempo=22ms TTL=56
Estad¡sticas de ping para 200.77.168.20:
Paquetes: enviados = 2, recibidos = 2, perdidos = 0
(0% perdidos),
Tiempos aproximados de ida y vuelta en milisegundos:
M¡nimo = 22ms, M ximo = 82ms, Media = 52ms
Servidor: sevilla.izzi.mx
Address: 10.2.9.116
Nombre: yahoo.com
Addresses: 2001:4998:c:a06::2:4008
2001:4998:44:204::a7
2001:4998:58:c02::a9
98.139.183.24
98.138.253.109
206.190.36.45
Haciendo ping a yahoo.com [206.190.36.45] con 32 bytes de datos:
Respuesta desde 206.190.36.45: bytes=32 tiempo=92ms TTL=40
Respuesta desde 206.190.36.45: bytes=32 tiempo=101ms TTL=40
Estad¡sticas de ping para 206.190.36.45:
Paquetes: enviados = 2, recibidos = 2, perdidos = 0
(0% perdidos),
Tiempos aproximados de ida y vuelta en milisegundos:
M¡nimo = 92ms, M ximo = 101ms, Media = 96ms
Haciendo ping a 127.0.0.1 con 32 bytes de datos:
Respuesta desde 127.0.0.1: bytes=32 tiempo<1m TTL=128
Respuesta desde 127.0.0.1: bytes=32 tiempo<1m TTL=128
Estad¡sticas de ping para 127.0.0.1:
Paquetes: enviados = 2, recibidos = 2, perdidos = 0
(0% perdidos),
Tiempos aproximados de ida y vuelta en milisegundos:
M¡nimo = 0ms, M ximo = 0ms, Media = 0ms
===========================================================================
ILista de interfaces
17...ac 72 89 58 cf 10 ......Adaptador virtual de red hospedada de Microsoft
15...ac 72 89 58 cf 13 ......Dispositivo Bluetooth (Red de rea personal)
13...ac 72 89 58 cf 0f ......Intel(R) Centrino(R) Wireless-N 1030
12...78 e3 b5 58 e8 33 ......Controladora Gigabit Ethernet Qualcomm Atheros AR8151 PCI-E (NDIS 6.30)
1...........................Software Loopback Interface 1
19...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
23...00 00 00 00 00 00 00 e0 Adaptador ISATAP de Microsoft #5
===========================================================================
IPv4 Tabla de enrutamiento
===========================================================================
Rutas activas:
Destino de red M scara de red Puerta de enlace Interfaz M‚trica
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.10 25
127.0.0.0 255.0.0.0 En v¡nculo 127.0.0.1 306
127.0.0.1 255.255.255.255 En v¡nculo 127.0.0.1 306
127.255.255.255 255.255.255.255 En v¡nculo 127.0.0.1 306
192.168.0.0 255.255.255.0 En v¡nculo 192.168.0.10 281
192.168.0.10 255.255.255.255 En v¡nculo 192.168.0.10 281
192.168.0.255 255.255.255.255 En v¡nculo 192.168.0.10 281
224.0.0.0 240.0.0.0 En v¡nculo 127.0.0.1 306
224.0.0.0 240.0.0.0 En v¡nculo 192.168.0.10 281
255.255.255.255 255.255.255.255 En v¡nculo 127.0.0.1 306
255.255.255.255 255.255.255.255 En v¡nculo 192.168.0.10 281
===========================================================================
Rutas persistentes:
Ninguno
IPv6 Tabla de enrutamiento
===========================================================================
Rutas activas:
Cuando destino de red m‚trica Puerta de enlace
1 306 ::1/128 En v¡nculo
13 281 fe80::/64 En v¡nculo
13 281 fe80::e5ef:d278:f419:3ec0/128
En v¡nculo
1 306 ff00::/8 En v¡nculo
13 281 ff00::/8 En v¡nculo
===========================================================================
Rutas persistentes:
Ninguno
========================= Event log errors: ===============================
Application errors:
==================
Error: (10/31/2016 03:26:24 PM) (Source: Software Protection Platform Service) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0xC004F074
Argumentos de línea de comandos:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (10/31/2016 03:25:49 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1172
Error: (10/31/2016 03:25:49 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1172
Error: (10/31/2016 01:03:52 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/30/2016 09:27:40 AM) (Source: Software Protection Platform Service) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0xC004F074
Argumentos de línea de comandos:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
Error: (10/30/2016 09:27:26 AM) (Source: ESENT) (User: )
Description: taskhostex (1564) Al intentar abrir el archivo "C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" para acceso de sólo lectura se produjo el error de sistema 32 (0x00000020): "El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. ". La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8).
Error: (10/30/2016 08:11:54 AM) (Source: Software Protection Platform Service) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0xC004F074
Argumentos de línea de comandos:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
Error: (10/30/2016 08:11:40 AM) (Source: ESENT) (User: )
Description: taskhostex (1428) Al intentar abrir el archivo "C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" para acceso de sólo lectura se produjo el error de sistema 32 (0x00000020): "El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. ". La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8).
Error: (10/30/2016 07:00:53 AM) (Source: Software Protection Platform Service) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0xC004F074
Argumentos de línea de comandos:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (10/29/2016 10:25:45 PM) (Source: Software Protection Platform Service) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0xC004F074
Argumentos de línea de comandos:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable
System errors:
=============
Error: (10/31/2016 03:26:15 PM) (Source: Schannel) (User: hp)
Description: El certificado recibido del servidor remoto no se validó correctamente. El código de error es 0x80092012. Error en la solicitud de conexión SSL. Los datos adjuntos contienen el certificado del servidor.
Error: (10/31/2016 03:26:15 PM) (Source: Schannel) (User: hp)
Description: Se generó una alerta irrecuperable y se envió al extremo remoto. Esto puede provocar la finalización de la conexión. El código de error irrecuperable definido del protocolo TLS es 43. El estado del error SChannel de Windows es 552.
Error: (10/31/2016 03:26:07 PM) (Source: Schannel) (User: hp)
Description: El certificado recibido del servidor remoto no se validó correctamente. El código de error es 0x80092012. Error en la solicitud de conexión SSL. Los datos adjuntos contienen el certificado del servidor.
Error: (10/31/2016 03:26:07 PM) (Source: Schannel) (User: hp)
Description: Se generó una alerta irrecuperable y se envió al extremo remoto. Esto puede provocar la finalización de la conexión. El código de error irrecuperable definido del protocolo TLS es 43. El estado del error SChannel de Windows es 552.
Error: (10/31/2016 03:26:02 PM) (Source: Schannel) (User: hp)
Description: El certificado recibido del servidor remoto no se validó correctamente. El código de error es 0x80092012. Error en la solicitud de conexión SSL. Los datos adjuntos contienen el certificado del servidor.
Error: (10/31/2016 03:26:02 PM) (Source: Schannel) (User: hp)
Description: Se generó una alerta irrecuperable y se envió al extremo remoto. Esto puede provocar la finalización de la conexión. El código de error irrecuperable definido del protocolo TLS es 43. El estado del error SChannel de Windows es 552.
Error: (10/31/2016 03:25:59 PM) (Source: Schannel) (User: hp)
Description: El certificado recibido del servidor remoto no se validó correctamente. El código de error es 0x80092012. Error en la solicitud de conexión SSL. Los datos adjuntos contienen el certificado del servidor.
Error: (10/31/2016 03:25:59 PM) (Source: Schannel) (User: hp)
Description: Se generó una alerta irrecuperable y se envió al extremo remoto. Esto puede provocar la finalización de la conexión. El código de error irrecuperable definido del protocolo TLS es 43. El estado del error SChannel de Windows es 552.
Error: (10/30/2016 07:51:53 PM) (Source: Schannel) (User: hp)
Description: El certificado recibido del servidor remoto no se validó correctamente. El código de error es 0x80092012. Error en la solicitud de conexión SSL. Los datos adjuntos contienen el certificado del servidor.
Error: (10/30/2016 07:51:53 PM) (Source: Schannel) (User: hp)
Description: Se generó una alerta irrecuperable y se envió al extremo remoto. Esto puede provocar la finalización de la conexión. El código de error irrecuperable definido del protocolo TLS es 43. El estado del error SChannel de Windows es 552.
Microsoft Office Sessions:
=========================
Error: (10/31/2016 03:26:24 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (10/31/2016 03:25:49 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1172
Error: (10/31/2016 03:25:49 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1172
Error: (10/31/2016 01:03:52 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/30/2016 09:27:40 AM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
Error: (10/30/2016 09:27:26 AM) (Source: ESENT)(User: )
Description: taskhostex1564C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso.
Error: (10/30/2016 08:11:54 AM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
Error: (10/30/2016 08:11:40 AM) (Source: ESENT)(User: )
Description: taskhostex1428C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso.
Error: (10/30/2016 07:00:53 AM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (10/29/2016 10:25:45 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable
========================= Memory info: ===================================
Percentage of memory in use: 68%
Total physical RAM: 4043.86 MB
Available physical RAM: 1265.61 MB
Total Virtual: 8651.86 MB
Available Virtual: 5457.08 MB
========================= Partitions: =====================================
1 Drive c: () (Fixed) (Total:416.59 GB) (Free:43.56 GB) NTFS
========================= Users: ========================================
Cuentas de usuario de \\HP
30823991A7CF43B2BD33 Administrador Invitado
user
Se ha completado el comando correctamente.
**** End of log ****
_______________________________________ ______________________________
SECURITY CHECK LOG
Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Security Center service is not running! This report may not be accurate!
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````[/u]
````````Process Check: objlist.exe by Laurent````````[/u]
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````[/u]
-
Can you determine what the computer is doing when the pop-up occurs?
-
Literally anything. Browsing on the internet, playing a game, writing a document, or whatever, but it pops up every minute. It passes exactly a minute between each pop up of the screen.
-
When did it start doing these pop-ups? Did you make any changes to your computer prior to this?
-
No, it started after i entered a page that asked me to turn off my ad blocker. I did, and at the moment a window opened and closed, the pop-ups started to appear every minute.
-
Ok. Let's run some scans to see what's on that computer.
Please download AdwCleaner (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner)by Xplode onto your Desktop.
Before starting AdwCleaner, close all open programs and internet browsers, then double-click on the AdwCleaner icon.
(http://i424.photobucket.com/albums/pp322/digistar/AdwCleaner-icon.jpg)
If Windows prompts you as to whether or not you wish to run AdwCleaner, please allow it to run.
When the AdwCleaner program will open, click on the Scan button as shown below.
(http://i424.photobucket.com/albums/pp322/digistar/untitled.png)
AdwCleaner will now start to search for malicious files that may be installed on your computer.
To remove the files that were detected in the previous step, please click on the Clean button.
(http://i424.photobucket.com/albums/pp322/digistar/3.png)
AdwCleaner will now prompt you to save any open files or data as the program will need to reboot the computer. Please do so and then click on the OK button. AdwCleaner will now delete all detected adware from your computer. When it is done it will display an alert that explains what PUPs (Potentially Unwanted Programs) and Adware are. Please read through this information and then press the OK button. You will now be presented with an alert that states AdwCleaner needs to reboot your computer.
Please click on the OK button to allow AdwCleaner reboot your computer.A log will be produced. Please copy and paste this log in your next reply.
*********************************************
(http://i424.photobucket.com/albums/pp322/digistar/mbamicontw5.gif) Please download Malwarebytes Anti-Malware from here. (http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe)
Double Click mbam-setup.exe to install the application.
- It should update automatically if the computer is connected to the internet.
- Click on Threat Scan and click on Scan Now.
- The scan may take some time to finish,so please be patient.
- When the scan is complete make sure all the infections have "quarantine" selected in the Action box.
- Click on "Apply actions" You may be asked to Restart your computer to completely remove the infections.
- When disinfection is completed you can click on "Copy to Clipboard".
- Paste the log in you next reply (CTRL+ V)
*************************************************
Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.
•Warning! Once the scan is complete JRT will shut down your browser with NO warning.
•Shut down your protection software now to avoid potential conflicts.
•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this (http://www.bleepingcomputer.com/forums/topic114351.html) link to see a list of security programs that should be disabled and how to disable them.
•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete depending on your system's specifications.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Copy and Paste the JRT.txt log into your next message.
**********************************************************
Download Security Check by screen317 from the following link and save it to your desktop.
Security Check (http://www.bleepingcomputer.com/download/securitycheck/)
* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
-
Sorry for taking so long to reply.
The AdWare Cleaner link doesn´t work. Should i keep on with the rest of the tools?
-
Yes, please run the other scans. I'll check out that AdwCleaner link.
-
Ok, Here They are
Also, it looks like the pop-up window is not appearing anymore :DDDD
THANK YOU SO MUCH!!
Still, if anything else is required, please tell me to do so
MALWARE BYTES
Malwarebytes Anti-Malware
www.malwarebytes.org
Fecha del análisis: 04/11/2016
Hora del análisis: 01:28 p. m.
Archivo de registro: antimalwarebytesLog.txt
Administrador: Sí
Versión: 0.0.0.0000
Base de datos de malwares: v2016.11.04.07
Base de datos de rootkits: v2016.10.31.01
Licencia: Prueba
Protección contra el malware: Activado
Protección contra sitios web maliciosos: Activado
Autoprotección: Desactivado
SO: Windows 8
CPU: x64
Sistema de archivos: NTFS
Usuario: user
Tipo de análisis: Análisis de amenazas
Resultado: Completado
Objetos analizados: 371494
Tiempo transcurrido: 39 min, 36 seg
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Activado
PUM: Activado
Procesos: 0
(No hay elementos maliciosos detectados)
Módulos: 0
(No hay elementos maliciosos detectados)
Claves del registro: 0
(No hay elementos maliciosos detectados)
Valores del registro: 0
(No hay elementos maliciosos detectados)
Datos del registro: 0
(No hay elementos maliciosos detectados)
Carpetas: 0
(No hay elementos maliciosos detectados)
Archivos: 0
(No hay elementos maliciosos detectados)
Sectores físicos: 0
(No hay elementos maliciosos detectados)
(end)
_______________________________________ ____________________________________-
JRT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 8 Pro x64
Ran by user (Administrator) on 05/11/2016 at 11:57:42.42
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 21
Successfully deleted: C:\end (File)
Successfully deleted: C:\ProgramData\Start Menu\Programs\mipony (Folder)
Successfully deleted: C:\Users\user\AppData\Roaming\elex-tech (Folder)
Successfully deleted: C:\Users\user\AppData\Roaming\mipony (Folder)
Successfully deleted: C:\Program Files (x86)\mipony (Folder)
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0VPM7T4H (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1U9WYG59 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2K8RCV06 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FM2EMZKP (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LLCUN4E2 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QWVCM0AL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UKTZNWEA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z3PR5DQ2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0VPM7T4H (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1U9WYG59 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2K8RCV06 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FM2EMZKP (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LLCUN4E2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QWVCM0AL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UKTZNWEA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z3PR5DQ2 (Temporary Internet Files Folder)
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05/11/2016 at 12:00:43.43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
_______________________________________ _______________________________________ ____________
SECURITY CHECK
Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Security Center service is not running! This report may not be accurate!
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````[/u]
````````Process Check: objlist.exe by Laurent````````[/u]
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````[/u]
-
What are you using for your Anti-Virus?
-
To be honest, nothing ;D
-
To be honest, nothing
You should install MSE. MicroSoft Security Essentials (http://windows.microsoft.com/en-us/windows/security-essentials-all-versions) All versions and all languages.
You can find AdwCleaner here. (http://www.bleepingcomputer.com/download/adwcleaner/)
-
I will, Thank you so so much for your support :)
Just a final question: How much will MSE affect the performance of my computer?
-
You won't even notice that MSE is working. Did you run the AdwCleaner scan?