Hi :-\

For the last two days I got alerts every twenty minutes or so about “Skegnessasc” trying to boot from Svchost.exe. I sweeped the system with Avast, ran Malwarebytes (that found some adware, but nothing related to Skegnessasc) and the alerts seemed to stop for a while. However, when I turned the pc back on today, it went Blue Screen of Death and I had to restart it. Seems like Skegnessasc managed to get into the system.
From what I gathered on this forum, it seems like Skegnessasc dodges antiviruses and needs a script tailored to each machine to be eliminated, something above my habilities. So… can someone help me out?

Here’s the log of a scan I performed earlier today.

Malwarebytes Anti-Malware www.malwarebytes.org

Scan Date: 09/09/2015
Scan Time: 13:12
Logfile:
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.09.09.05
Rootkit Database: v2015.08.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Felipe

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 371011
Time Elapsed: 50 min, 25 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

Please follow the scans in this topic and attach as many of the logs as you can run.
Logs to assist in cleaning malware

Ok, here are the FRST logs.

aswMBR crashed.

I tried aswmbr two more times but no luck. I must be doing something wrong here…

We will handle that (aswMBR) later.

FIRST >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

BrowseToSave 1.74

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.

SECOND >>>>

FRST Fixlist run

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Download the script file (Fixlist.txt) that is attached by right clicking on it and selecting “Save Target As…” or “Save Link As …” (depends on the browser you are using). Please make sure that the file type is set as Text File (or All Files but NOT as a HTML file) and the files name is Fixlist.txt , save it on the Desktop, so that fixlist.txt is next to FRST64.exe that you just moved there.

DO NOT DRAG AND DROP to download the script, it won’t work properly for FRST.

The script tells FRST what to do.

Start FRST that is on the desktop by right clicking on file and selecting “Run as Administrator…”

When the tool opens click Yes to disclaimer. (if it still does). Allow the tool to check for updates and start them (if needed); the tool will state when it is ready to run.

Press the Fix button just once and wait. The script will be processed and your system restarted to complete the removal / breakage of the malware.

http://i1351.photobucket.com/albums/p785/dbreeze2/just%20stuff/Press%20the%20FIX%20button_zpsdd5zi3mt.png

The tool will make a log on the Desktop (Fixlog.txt); please attach it to your reply post. Also, please tell me how your system is running now.

THIRD >>>>

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

- [b]Vista/7/8 users:[/b] Right click the [b]AdwCleaner[/b] icon on the desktop, click [b]Run as administrator[/b] and accept the UAC prompt to run AdwCleaner.

You will see the following console:

http://i1351.photobucket.com/albums/p785/dbreeze2/Scanners%20screens/AdwCleaner_v4111_zpsn56hzjza.png

- Click the [b]Scan[/b] button and wait for the scan to finish.
- After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: [b]Waiting for action. Please uncheck elements you don't want to remove.[/b]
- Click the [b]Clean[/b] button.
- [b]Everything checked[/b] will be deleted.
- When the program has finished cleaning a report appears.
- Once done it will ask to reboot, allow this

http://1.bp.blogspot.com/-vitKqfMQS4o/UEDylIQ7HJI/AAAAAAAABLc/Hx-IwqKoaxg/s1600/adwcleaner_delete_restart.jpg

- On reboot a log will be produced; please attach that in your next reply. This report is also saved to [b]C:\AdwCleaner\AdwCleaner[C#].txt[/b]

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here’s Why and Here. You can always Reinstall it.

It looks like everything is in order in my computer. Booting was a bit sluggish, especially on the second restart, but nothing alarming.

The logs:

(Adw cleaner is in portuguese, but should be comprehensible)

Since everything is in order, let’s clean the tools and get you going …

Clean up of Malware Removal Tools
Now that we are through using these tools, let’s clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.

[]Download Delfix from here to your desktop and double click it to start the program
[*]Ensure Remove disinfection tools is ticked
Also tick:
[]Activate UAC
[]Create registry backup
[]Purge system restore
[*]Reset system settings

http://i1351.photobucket.com/albums/p785/dbreeze2/just%20stuff/DelFixSelectall_zps0f04cec4.png

[*]Click Run
[*]The program will run for a few moments and then notepad will open with a log. Please attach the log in your next reply.

You can delete any log files left on your desktop as these are no longer needed.

The sluggishness was caused by a line in FRST designed to clear out Temp folders.

EmptyTemp:

It’s very similar to other programs such as CCleaner or TFC (Temp File Cleaner). Cheers

Thank you for your help ;D ;D ;D You make is seem easy

The log: