Do I have a virus?

[bgranat]

 

I've been getting "This webpage is not available" in Chrome, with a little ASCII-drawn dinosaur above the sentence. And periodically I have no Internet connection. Then today, there were animated words on the page with the dinosaur and the sentence above that said GAME OVER!!!!

Seems like some ancient virus, no?


 

Bonnie Granat
bgranat@granatedit.com
http://www.GranatEdit.com

[dbrisendine]

Please follow the directions for scans in this topic and attach as many of the logs as you can run.
Logs to assist in cleaning malware

[bgranat]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/4/2015
Scan Time: 2:55 AM
Logfile:
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.10.04.01
Rootkit Database: v2015.10.02.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: BGranat

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 404693
Time Elapsed: 1 hr, 14 min, 25 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

[bgranat]

The "GAME OVER" thing was animated, so I don't have a picture of it.

I'm not sure what scans and how many you wanted me to run, but the Malwarebytes scan is from last night. The Avast scan last night was fine--no threats.\

Thanks for your help.

[bgranat]

Scan text file is attached.

[Pondus]

Instructions  https://forum.avast.com/index.php?topic=53253.0
Attach Farbar Recovery Scan Tool logs ....  2 logs total


See below the box you write in ... Attachments and other options

when done dbrisendine will assist you

[bgranat]

I did attach the file. The date is 190515 instead of 100515, which is what it should be again.

I am uploading it again now.

Thank you.

Meanwhile, today the computer has been well behaved and I have not seen the little dinosaur even once all day.

[Pondus]

It is not the Malwarebytes scan log we want .... read my instructions above

[bgranat]

OK, you want the farbar thing, but I'm having a problem getting the page. First time today. I'll try until I get it, though. Thanks for your patience. Often a simple thing looks like it's too much for me to handle, but if I take it slow, I can usually do it. But I cannot access the page now. See attached file. Will keep trying. Thanks, again.

[bgranat]

FRST.txt and Addition.txt are attached to this message.

Now I'll go do the other thing.

[bgranat]

Oh, wait. You wanted two logs total. So I don't have to do the aswMBR thing, right? OK. Yes, I'm a mess. LOL.

[Pondus]

FRST.txt and Addition.txt are attached to this message.

Now I'll go do the other thing.

Addition.txt log is not attached ....

[bgranat]

Addition text and the third one that I did anyway are attached.

[essexboy]

Let me know how the computer is after this

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
2015-09-23 08:03 - 2015-09-24 10:26 - 00000000 ____D C:\Program Files\Babylon
2015-09-23 08:03 - 2015-09-23 08:03 - 00000000 ____D C:\Program Files (x86)\Babylon
2015-09-23 08:02 - 2015-09-23 08:02 - 00676720 _____ (Babylon Software Ltd.) C:\Users\BGranat\Downloads\Babylon10_setup_ns.exe
2015-09-17 12:42 - 2015-02-03 15:49 - 00010240 _____ C:\Users\BGranat\AppData\Local\Z@!-9a215caf-e8fa-4260-bbf6-d46caa688368.tmp
2015-09-17 12:42 - 2015-02-03 15:49 - 00010240 _____ C:\Users\BGranat\AppData\Local\Z@!-882234b7-ecfb-4156-9f08-545c52a4d419.tmp
2015-09-17 12:42 - 2015-02-03 15:49 - 00009216 _____ C:\Users\BGranat\AppData\Local\Z@S!-5eefec18-d746-4529-9d75-e656e3f3966d.tmp
CustomCLSID: HKU\S-1-5-21-1942861139-1674859938-1291910794-1001_Classes\CLSID\{B65CAD9D-F572-4BD9-9FF1-CBE8AF9FB67D}\InprocServer32 -> C:\Users\BGranat\AppData\Roaming\Intelligent Editing\PerfectIt 3\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-1942861139-1674859938-1291910794-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
  
• Click on Scan.
  
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
  
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S0].txt as well.
  

[bgranat]

Two files were created today, and I've uploaded them both. Maybe they're identical. Evidently someone had run AdwCleaner before, because there was an [SO] file from last year in that folder.