MKDB

@obsidian29
 
Wincompose, Python, Zandronum and AnyDesk are well known to you and installed intentionally in former times?
 
Those .bat and .exe files are well known to you as well?
2021-09-09 19:46 - 2021-09-12 21:42 - 000000557 _____ () C:\Users\Kira Roberts\aperture.bat
2022-02-20 03:20 - 2022-02-20 03:24 - 000002975 _____ () C:\Users\Kira Roberts\aperture2.bat
2023-02-01 04:36 - 2023-02-01 04:36 - 000000000 _____ () C:\Users\Kira Roberts\axset.bat
2021-09-13 06:27 - 2021-09-13 06:29 - 000000000 _____ () C:\Users\Kira Roberts\battle.bat
2022-10-07 23:44 - 2022-10-07 23:44 - 000000070 _____ () C:\Users\Kira Roberts\cval.bat
2022-01-02 19:42 - 2022-01-02 20:44 - 000003584 _____ () C:\Users\Kira Roberts\EchoJava.exe
2013-02-13 20:00 - 2022-08-05 14:35 - 000018432 _____ () C:\Users\Kira Roberts\imf2wav.exe
2021-08-29 03:49 - 2021-08-30 05:49 - 000002156 _____ () C:\Users\Kira Roberts\interloper.bat
2022-03-27 08:03 - 2022-03-27 08:03 - 000000663 _____ () C:\Users\Kira Roberts\Logseq-win-x64-0.6.5.exe
2012-06-12 00:38 - 2022-01-02 23:47 - 000302592 _____ () C:\Users\Kira Roberts\Minecraft Skin Viewer.exe
2022-04-14 22:41 - 2022-04-14 23:08 - 000001765 _____ () C:\Users\Kira Roberts\modpack.bat
2023-02-12 01:40 - 2023-02-12 19:42 - 000002126 _____ () C:\Users\Kira Roberts\skinswap.bat
2022-01-20 21:38 - 2022-01-20 21:49 - 000000741 _____ () C:\Users\Kira Roberts\tl-swap.bat
 
 
 
Please run the following FRST fix to remove some orphans and check windows system files. This may take some time, please be patient.
Moreover, we will run ESET as well.
Thank you!
 
Step 1
Please download the attached fixlist.txt file and save it to your download folder, which is C:\users\Kira Roberts\Downloads\ in your case. You will find the file FRSTEnglish.exe (FRST) as well in this folder. Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
Close all open programs and save your work. Run FRST again. Press the Fix button only once and wait. Please be patient and do not interfere, even if FRST does not respond for some time. That's nothing to worry about. Please note: This Fix will remove all temporary files, empty recycle bin and will remove cookies and my result in some websites indicating they do not recognize your computer. It may be necessary to receive and apply a verification code.# Please note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program, agree to the request. If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart. FRST will create one log now (Fixlog.txt) in the same directory the tool is run. Please attach this logfile to your next reply.  
 
Step 2
Let me have you run a different scanner to double-check. I don't expect it to find anything, but no harm in checking.
I would suggest a free scan with the ESET Online Scanner
Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe
It will start a download of "esetonlinescanner.exe". Save the file to your system, such as the Downloads folder, or else to the Desktop. Go to the saved file, and double click it to get it started.  When presented with the initial ESET options, click on "Computer Scan". Next, when prompted by Windows, allow it to start by clicking Yes. When prompted for scan type, Click on Full scan.  Look at & tick  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on the Start scan button. Have patience.  The entire process may take an hour or more. There is an initial update download. There is a progress window display. You should ignore all prompts to get the ESET antivirus software program.  (e.g. their standard program). You do not need to buy or get or install anything else. When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”. Click The blue “Save scan log” to save the log. If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  (in blue, at the bottom). Press Continue when all done.  You should click to off the offer for “periodic scanning”. Note: If you do need to do a File Restore from ESET please follow the directions below
[KB2915] Restore files quarantined by the ESET Online Scanner version 3
https://support.eset.com/en/kb2915-restore-files-quarantined-by-the-eset-online-scanner
 
 
 
fixlist.txt

Hello @Dublin70  and 
 
My name is MKDB and I will assist you.
 
 
Let's keep these principles as we proceed. Make sure to read the entire post below first.
Please follow the steps in the given order and post back the log files. Please copy and paste all log files into your post. Before we start, please make sure that you have an external backup, not connected to this system, of all private data. Only run the tools I guide you to. Please don't run any other scans, download, install or uninstall any programs while I'm working with you. As English is not my native language, please do not use slang or idioms. It may be hard for me to understand. If you do not respond within 4 days, your topic will be closed. Cracked or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also a big source of current trojan infections. If you are running any kin of illegal software on your system, please uninstall them now, before we start the cleaning procedure.  
 
Please attach the requested zip file in order to get a look on your system
Thank you!

Hello @AFCChris  and 
 
My name is MKDB and I will assist you.
 
 
Let's keep these principles as we proceed. Make sure to read the entire post below first.
Please follow the steps in the given order and post back the log files. Please copy and paste all log files into your post. Before we start, please make sure that you have an external backup, not connected to this system, of all private data. Only run the tools I guide you to. Please don't run any other scans, download, install or uninstall any programs while I'm working with you. As English is not my native language, please do not use slang or idioms. It may be hard for me to understand. If you do not respond within 4 days, your topic will be closed. Cracked or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also a big source of current trojan infections. If you are running any kin of illegal software on your system, please uninstall them now, before we start the cleaning procedure.  
You said:
Please attach the logfile from ESET Online Scanner as well for my review.
Thank you!

First @rashua ... You also forgot to mention that you run illegal/suspicious software:
Stop that now!
 
 
Second, please uninstall the following software via Start > Settings > Apps:
Taskbar system version
 
 
 
Third, please run the following FRST fix (Step1) and attach the logfile (fixlog.txt) as well as the .zip file.
 
 
Step 1
Please download the attached fixlist.txt file and save it to your download folder, which is C:\users\HP\Downloads\ in your case. You will find the file FRSTEnglish.exe (FRST) as well in this folder. Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
Close all open programs and save your work. Run FRST again. Press the Fix button only once and wait. Please be patient and do not interfere, even if FRST does not respond for some time. That's nothing to worry about. Please note: This Fix will remove all temporary files and empty recycle bin. If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart. FRST will create one log now (Fixlog.txt) in the same directory the tool is run. Please attach this logfile to your next reply. FRST will create a .zip file like < Date_Time.zip >, for example 20.02.2022_11.33.52.zip, on your desktop as well. Please attach this file as well with your next answer.  
 
 
fixlist.txt

@Canvas
 
Thank you for your cooperation.
 
Please download KpRm by kernel-panik and save it to your desktop.
Right-click kprm_(version).exe and select Run as Administrator. Read and accept the disclaimer. When the tool opens, select Delete Tools under Actions. Under Delete Quarantines select Delete Now, then click Run. Once complete, click OK. A log may open in Notepad titled kprm-(date).txt.  I do not need it. Just close Notepad if it shows up.  
 
 
A few final recommendations:
Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.
https://www.howtogeek.com/240255/password-managers-compared-lastpass-vs-keepass-vs-dashlane-vs-1password/ Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/ Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2 Further tips to help protect your computer data and improve your privacy: https://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/ https://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-your-system-gets-infected/
Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security Malwarebytes Browser Guard
  Google Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee   Microsoft Edge: https://support.malwarebytes.com/hc/en-us/articles/4413298736787-Install-Malwarebytes-Browser-Guard-on-Microsoft-Edge-browser   Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/ uBlock Origin
Google Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm  Microsoft Edge: https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak  Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin  
Further reading if you like to keep up on the malware threat scene: Malwarebytes Blog  https://blog.malwarebytes.com/
Hopefully, we've been able to assist you with correcting your system issues.
Thank you for using Malwarebytes.
 
 

You should update some programs (if your still need them) or uninstall them (if you don't need them anymore or if they are not supported any longer):
Microsoft 365 Apps for enterprise - da-dk v.16.0.16026.20146 Warning! Download Update
How Install Office updates?
Microsoft 365 Apps for enterprise - en-us v.16.0.16026.20146 Warning! Download Update
How Install Office updates?
WinRAR 6.20 (64-bit) v.6.20.0 Warning! Download Update
Adobe AIR v.1.5.3.9120 Warning! This software is no longer supported. Please uninstall it.
Adobe Creative Cloud v.4.9.0.504 Warning! Download Update
Google Chrome v.110.0.5481.104 Warning! Download Update
CCleaner v.6.09 Warning! Suspected demo version of anti-spyware, driver updater or optimizer. If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware. Possible you became a victim of fraud or social engineering. Computer experts no longer recommend this program.
CCleaner Update Helper v.1.8.1187.1 << Hidden Warning! Suspected demo version of anti-spyware, driver updater or optimizer. If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware. Possible you became a victim of fraud or social engineering. Computer experts no longer recommend this program.
 
 
Thank you for your cooperation @ReddaJoppe
 
Please download KpRm by kernel-panik and save it to your desktop.
Right-click kprm_(version).exe and select Run as Administrator. Read and accept the disclaimer. When the tool opens, select Delete Tools under Actions. Under Delete Quarantines select Delete Now, then click Run. Once complete, click OK. A log may open in Notepad titled kprm-(date).txt.  I do not need it. Just close Notepad if it shows up.  
 
 
A few final recommendations:
Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.
https://www.howtogeek.com/240255/password-managers-compared-lastpass-vs-keepass-vs-dashlane-vs-1password/ Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/ Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2 Further tips to help protect your computer data and improve your privacy: https://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/ https://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-your-system-gets-infected/
Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security Malwarebytes Browser Guard
  Google Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee   Microsoft Edge: https://support.malwarebytes.com/hc/en-us/articles/4413298736787-Install-Malwarebytes-Browser-Guard-on-Microsoft-Edge-browser   Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/ uBlock Origin
Google Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm  Microsoft Edge: https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak  Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin  
Further reading if you like to keep up on the malware threat scene: Malwarebytes Blog  https://blog.malwarebytes.com/
Hopefully, we've been able to assist you with correcting your system issues.
Thank you for using Malwarebytes.
 

Thank you @Suzie.
We are going to remove MaskVPN as well as some other orphans/leftovers with FRST.
Moreover, there are some suspicious files on your system that needs be checked.
 
We will start with just one fix, more may be needed.
 
Step 1
Please download the attached fixlist.txt file and save it to the location where you ran FRST from ( C:\Users\Dave\Downloads\Programs\ ). Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
Close all open programs and save your work. Run FRST again. Press the FIX button only once and wait. Please be patient and do not interfere, even if FRST does not respond for some time. That's nothing to worry about. Please note: This Fix will remove all temporary files and empty recycle bin. If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart. FRST will create one log now (Fixlog.txt) in the same directory the tool is run. Please attach this logfile to your next reply.  
 
fixlist.txt

@zeks46
There is indeed malware on your system.
 
We will start with a FRST fix, more things to do later.
 
 
Step 1
Please download the attached fixlist.txt file and save it to the location where you ran FRST from ( C:\Users\zeks4\Downloads\ ). Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
Close all open programs and save your work. Run FRST again. Press the FIX button only once and wait. Please be patient and do not interfere, even if FRST does not respond for some time. That's nothing to worry about. Please note: This Fix will remove all temporary files and empty recycle bin. If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart. FRST will create one log now (Fixlog.txt) in the same directory the tool is run. Please attach this logfile to your next reply.  
 
fixlist.txt

Hi @sp123
Thank you for your report. This looks like a "false positive" by FRST.
I'll forward those information to the developer.

Glad we could help.
If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.
This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.
Please review the following for Tips to help protect from infection.
Thank you.
 
As this topic seems to be solved, I do not follow it any longer.
Take care!

Hello @zviperh and 
 
My name is MKDB and I will assist you.
 
 
Let's keep these principles as we proceed. Make sure to read the entire post below first.
Please follow the steps in the given order and post back the log files. Please attach all log files into your post. Temporarily disable your antivirus or other security software first. Make sure to turn it back on once the scans are completed. Temporarily disable Microsoft SmartScreen to download software below if needed. Make sure to turn it back on once the scans are completed. Searching, detecting and removing malware isn't instantaneous and there is no guarantee to repair every system. Before we start, please make sure that you have an external backup, not connected to this system, of all private data. Please be patient and stick with me until I give you the "all clear". Only run the tools I guide you to. Please don't run any other scans, download, install or uninstall any programs while I'm working with you. Cracked or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also big source of current trojan infections. Please uninstall them now, if any are here, before we start the cleaning procedure. As English is not my native language, please do not use slang or idioms. It may be hard for me to understand. If you do not respond within 4 days, your topic will be closed. If you are away for a longer time, please let me know.  
 
 
Step 1
Please download the suitable version of Farbar Recovery Scan Tool (FRST) and save it to your desktop: 32bit | 64bit
If your computer language is other than English, right click on the FRST icon and rename it to FRST64english. Double-click to run it. If you receive any warning about the download it is a false positive and you can ignore it. Click on More info to get the Run anyway option. When the tool opens, click Yes to disclaimer. Press the Scan button. FRST will create two logs (FRST.txt + Addition.txt) in the same directory the tool is run. Please attach these logfiles to your next reply.  
Thank you!

Well done @-Swigs-.
Your logfiles look good.
 
You should update some programs (if your still need them) or uninstall them (if you don't need them anymore):
Malwarebytes version 4.5.12.204 v.4.5.12.204 Warning! Download Update
Microsoft Silverlight v.5.1.50918.0 Warning! This software is no longer supported.
NVIDIA GeForce Experience 3.5.0.70 v.3.5.0.70 Warning! Download Update
Notepad++ (32-bit x86) v.7.3.2 Warning! Download Update
7-Zip 16.04 (x64) v.16.04 Warning! This software is no longer supported. Uninstall old version, download and install new one.
GIMP 2.8.20 v.2.8.20 Warning! Download Update
Cisco Webex Meetings v.40.8.5 Warning! Download Update
Java 8 Update 271 (64-bit) v.8.0.2710.9 Warning! Download Update
Uninstall old version and install new one (jre-8u351-windows-x64.exe).
Java 8 Update 271 v.8.0.2710.9 Warning! Download Update
Uninstall old version and install new one (jre-8u351-windows-i586.exe).
VLC media player v.2.2.4 Warning! Download Update
Adobe Flash Player 17 NPAPI v.17.0.0.134 Warning! This software is no longer supported. Please uninstall it.
Adobe Reader XI (11.0.23) v.11.0.23 Warning! This software is no longer supported. Please uninstall it and use Adobe Acrobat Reader DC.
 
 
Thank you for your cooperation.
 
Please download KpRm by kernel-panik and save it to your desktop.
Right-click kprm_(version).exe and select Run as Administrator. Read and accept the disclaimer. When the tool opens, select Delete Tools under Actions. Under Delete Quarantines select Delete Now, then click Run. Once complete, click OK. A log may open in Notepad titled kprm-(date).txt.  I do not need it. Just close Notepad if it shows up.  
 
 
A few final recommendations:
Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.
https://www.howtogeek.com/240255/password-managers-compared-lastpass-vs-keepass-vs-dashlane-vs-1password/ Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/ Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2 Further tips to help protect your computer data and improve your privacy: https://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/ https://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-your-system-gets-infected/
Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security Malwarebytes Browser Guard
  Google Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee   Microsoft Edge: https://support.malwarebytes.com/hc/en-us/articles/4413298736787-Install-Malwarebytes-Browser-Guard-on-Microsoft-Edge-browser   Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/ uBlock Origin
Google Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm  Microsoft Edge: https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak  Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin  
Further reading if you like to keep up on the malware threat scene: Malwarebytes Blog  https://blog.malwarebytes.com/
Hopefully, we've been able to assist you with correcting your system issues.
Thank you for using Malwarebytes.
 
 

Hi @NabeelMansoor,
what are all those downloads for? 🤨  Please explain.
Those files are containing malware! Delete all of this crap immediately!
2022-10-11 16:03 - 2022-10-12 09:35 - 000000000 ____D C:\Users\nabee\Downloads\edeacf21985057187ce954a769e1fc303cc213147527bee1342f8589b8643eb3
2022-10-11 16:02 - 2022-10-11 16:02 - 001611434 _____ C:\Users\nabee\Downloads\edeacf21985057187ce954a769e1fc303cc213147527bee1342f8589b8643eb3.zip
2022-10-11 15:59 - 2022-10-11 15:59 - 000000000 ____D C:\Users\nabee\Downloads\bf00a990eb93a4696f6b5d6029d654ce3e2959b14db849c6630c17256c7aa31b
2022-10-11 15:58 - 2022-10-11 15:58 - 000438468 _____ C:\Users\nabee\Downloads\bf00a990eb93a4696f6b5d6029d654ce3e2959b14db849c6630c17256c7aa31b.zip
2022-10-11 14:25 - 2022-10-11 14:25 - 001205447 _____ C:\Users\nabee\Downloads\Ubuntu.zip
2022-10-11 14:25 - 2022-10-11 14:25 - 000000000 ____D C:\Users\nabee\Downloads\Ubuntu
2022-10-11 14:23 - 2022-10-11 14:33 - 000204815 _____ C:\Users\nabee\Downloads\Nabeel CL Final 1.0.pdf
2022-10-11 14:20 - 2022-10-11 14:43 - 000142222 _____ C:\Users\nabee\Downloads\Nabeel Mansoor CV-WC (1).pdf
2022-10-11 13:19 - 2022-10-11 13:19 - 000985951 _____ C:\Users\nabee\Downloads\c837f6bcf3caedfcc26ee72762a58bbada283013ef4d1c766a18c3e6a0bacfa1.zip
2022-10-11 13:19 - 2022-10-11 13:19 - 000000000 ____D C:\Users\nabee\Downloads\c837f6bcf3caedfcc26ee72762a58bbada283013ef4d1c766a18c3e6a0bacfa1
2022-10-11 12:25 - 2022-10-11 16:18 - 000000000 ____D C:\Users\nabee\Downloads\2639d014efa246b972c0820a7e66db72abd7af405c93959ba6885e48654ad73c
2022-10-11 12:25 - 2022-10-11 12:25 - 000004016 _____ C:\Users\nabee\Downloads\2639d014efa246b972c0820a7e66db72abd7af405c93959ba6885e48654ad73c.zip
2022-10-11 12:24 - 2022-10-11 12:24 - 000163073 _____ C:\Users\nabee\Downloads\05dbfc72c94d620aa26443ae6b2e343e8458c4343400386f4bc406871f6443a1.zip
2022-10-11 12:24 - 2022-10-11 12:24 - 000000000 ____D C:\Users\nabee\Downloads\05dbfc72c94d620aa26443ae6b2e343e8458c4343400386f4bc406871f6443a1
2022-10-11 12:20 - 2022-10-11 12:20 - 000014580 _____ C:\Users\nabee\Downloads\747100a4eb5ab21b8410559e46ac1da8c2ed73ed4d3313d7ee5987a02a19e3f0.zip
2022-10-11 12:20 - 2022-10-11 12:20 - 000000000 ____D C:\Users\nabee\Downloads\747100a4eb5ab21b8410559e46ac1da8c2ed73ed4d3313d7ee5987a02a19e3f0
2022-10-11 09:22 - 2022-10-11 09:22 - 000069691 _____ C:\Users\nabee\Downloads\Nabeel WC Draft.pdf
2022-10-10 12:15 - 2022-10-10 12:15 - 000521111 _____ C:\Users\nabee\Downloads\66728d1e1cc6353ff2c93562a599d21cdc29ad1f69fc787fec48348ccf2bd721.zip
2022-10-10 12:15 - 2022-10-10 12:15 - 000000000 ____D C:\Users\nabee\Downloads\66728d1e1cc6353ff2c93562a599d21cdc29ad1f69fc787fec48348ccf2bd721
2022-10-10 08:54 - 2022-10-10 08:55 - 000000000 ____D C:\Users\nabee\Downloads\9f0b53652202ef427b78a25412c87d27261e7eedbb55a240466c5bcf770ddadc
2022-10-10 08:54 - 2022-10-10 08:54 - 000305484 _____ C:\Users\nabee\Downloads\9f0b53652202ef427b78a25412c87d27261e7eedbb55a240466c5bcf770ddadc.zip
2022-10-08 19:25 - 2022-10-08 19:25 - 000199227 _____ C:\Users\nabee\Downloads\2a0c80fd20e36963d858a479ccaf4b1e8db6e36275081ef1bdc5c19125a0372e.zip
2022-10-08 19:25 - 2022-10-08 19:25 - 000000000 ____D C:\Users\nabee\Downloads\2a0c80fd20e36963d858a479ccaf4b1e8db6e36275081ef1bdc5c19125a0372e
2022-10-08 19:20 - 2022-10-08 19:20 - 001127181 _____ C:\Users\nabee\Downloads\89609c41c0c13302695dec877a6863737243e22b414740e0595f62a0c4d1362a.zip
2022-10-08 19:20 - 2022-10-08 19:20 - 000000000 ____D C:\Users\nabee\Downloads\89609c41c0c13302695dec877a6863737243e22b414740e0595f62a0c4d1362a
2022-10-08 18:59 - 2022-10-08 18:59 - 000000000 ____D C:\Users\nabee\Downloads\fc5b9fd6ba61665c70694052bace9b21b1f962b6e929792024616287b33b17f6
2022-10-08 18:58 - 2022-10-08 18:58 - 000250216 _____ C:\Users\nabee\Downloads\fc5b9fd6ba61665c70694052bace9b21b1f962b6e929792024616287b33b17f6.zip
2022-10-08 18:57 - 2022-10-08 18:57 - 000000000 ____D C:\Users\nabee\Downloads\5c462ad8f6ce9e42536e186debf7c872ca48d9cc1a0b3755ffbf96d477fdc9ee
2022-10-08 18:56 - 2022-10-08 18:56 - 002214907 _____ C:\Users\nabee\Downloads\5c462ad8f6ce9e42536e186debf7c872ca48d9cc1a0b3755ffbf96d477fdc9ee.zip
 
Next, we will run a fix with FRST.
 
 
Step 1
Please download the attached fixlist.txt file and save it to your download folder, which is C:\users\nabee\Downloads\ in your case. You will find the file FRSTEnglish.exe (FRST) as well in this folder. Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
Close all open programs and save your work. Run FRST again. Press the Fix button only once and wait. Please be patient and do not interfere, even if FRST does not respond for some time. That's nothing to worry about. Please note: This Fix will remove all temporary files and empty recycle bin. If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart. FRST will create one log now (Fixlog.txt) in the same directory the tool is run. Please attach this logfile to your next reply.  
 
 
fixlist.txt

Good job @Dinesh6252.
 
Thank you for your cooperation, we will use KpRm to remove all special tools.
 
Please download KpRm by kernel-panik and save it to your desktop.
Right-click kprm_(version).exe and select Run as Administrator. Read and accept the disclaimer. When the tool opens, select Delete Tools under Actions. Under Delete Quarantines select Delete Now, then click Run. Once complete, click OK. A log may open in Notepad titled kprm-(date).txt.  I do not need it. Just close Notepad if it shows up.  
 
 
A few final recommendations:
Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.
https://www.howtogeek.com/240255/password-managers-compared-lastpass-vs-keepass-vs-dashlane-vs-1password/ Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/ Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2 Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/  Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security Malwarebytes Browser Guard
  Google Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee   Microsoft Edge: https://support.malwarebytes.com/hc/en-us/articles/4413298736787-Install-Malwarebytes-Browser-Guard-on-Microsoft-Edge-browser   Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/ uBlock Origin
Google Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm  Microsoft Edge: https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak  Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin  
Further reading if you like to keep up on the malware threat scene: Malwarebytes Blog  https://blog.malwarebytes.com/
Hopefully, we've been able to assist you with correcting your system issues.
Thank you for using Malwarebytes.
 
 

Thank you @leungalv.
Let's remove some orphans with FRST (Step1) and check with KVRT (Step2).
Do you still get those powershell-blocks from MBAM @leungalv? Please report back regarding this. Thank you.
 
Plese note:
FRST fix (Step1) will create a .zip file like < Date_Time.zip >, for example 20.02.2022_11.33.52.zip, on your desktop. Please upload that .zip file with your next answer as well.
Thank you!
 
 
Step 1
Please download the attached fixlist.txt file and save it to the location where you ran FRST from ( C:\Users\Alvin W. Leung\Downloads\ ). Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
Close all open programs and save your work. Run FRST again. Press the FIX button only once and wait. Please be patient and do not interfere, even if FRST does not respond for some time. That's nothing to worry about. If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart. FRST will create one log now (Fixlog.txt) in the same directory the tool is run. Please attach this logfile to your next reply.  
 
 
Step 2
Download Kaspersky Virus Removal Tool (KVRT) and save it to your download folder.
Select the Windows Key and R Key together, the Run box should open. Copy and paste the following string into the line: C:\Users\Alvin W. Leung\Downloads\KVRT.exe -dontencrypt
Select „Ok“ in the Run box. If the „Windows protected your PC“ window opens, select „More info“. A new windows will open, select „Run anyway“. An EULA window from KVRT will open, tick all confirmation boxes then select "Accept". A window from KVRT will open, select "Change Parameters". In the new window ensure the following boxes are ticked: System memory Startup objects Boot sectors System drive Then select "OK" and „Start scan“. completed: If entries are found, there will be options to choose. If "Cure" is offered, leave as it is. For any other options change to "Delete", then select "Continue". Usually, your system needs a reboot to finish the removal process. Logfiles can be found on your systemdrive (usually C: ), similar like this: C:\KVRT2020_Data\Reports\report_<data>_<time>.klr
Right click direct onto those reports, select > open with > Notepad. Save the files and attach them with your next reply.  
 
 
fixlist.txt

Well done @redcherry13.
Please run KVRT next for me, thank you!
 
 
Step 1
Download Kaspersky Virus Removal Tool (KVRT) and save to your Desktop.
Select the Windows Key and R Key together, the Run box should open. Copy and paste the following string into the line: C:\Users\Fabi\DESKTOP\KVRT.exe -dontencrypt
Select „Ok“ in the Run box. If the „Windows protected your PC“ window opens, select „More info“. A new windows will open, select „Run anyway“. An EULA window from KVRT will open, tick all confirmation boxes then select "Accept". A windows from KVRT will open, select "Change Parameters". In the new window ensure the following boxes are ticked System memory Startup objects Boot sectors System drive Then select "OK" and „Start scan“. completed: If entries are found, there will be options to choose. If "Cure" is offered, leave as it is. For any other options change to "Delete", then select "Continue". Usually, your system needs a reboot to finish the removal process. A logfile can be found on your systemdrive (usually C: ), similar like this: C:\KVRT2020_Data\Reports\report_<data>_<time>.klr
Right click direct onto that report, select > open with > Notepad. Save that file and attach it with your next reply.  
 

Sorry @zubbs1.
Here it is.
 
 
 
fixlist.txt

Great @bobodada. 😀
 
Please run the following FRST fix to remove the malware. Moreover, we will check and repair windows system files with this fix. So it will take some time (> 15 min), please be very patient once you started the fix.
Some more steps may probably follow, depending on the results from this first fix.
 
 
Step 1
Please download the attached fixlist.txt file and save it to the location where you ran FRST from ( C:\Users\lingb\Downloads\ ). Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
Close all open programs and save your work. Run FRST again. Press the FIX button only once and wait. Please be patient and do not interfere, even if FRST does not respond for some time. That's nothing to worry about. Note: This Fix will remove all temporary files and empty recycle bin. If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart. FRST will create one log now (Fixlog.txt) in the same directory the tool is run. Please attach this logfile to your next reply.  
 
 
fixlist.txt

Thank you for those logfiles @BoxyBathToaster.
 
We are going to remove "MaskVPN" and search for leftovers.
 
 
Step 1
Please download the attached fixlist.txt file and save it to the location where you ran FRST from ( C:\Users\User\Downloads\ ). Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
Close all open programs and save your work. Run FRST again. Press the Fix button only once and wait. Please be patient and do not interfere, even if FRST does not respond for some time. That's nothing to worry about. If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart. FRST will create one log now (Fixlog.txt) in the same directory the tool is run. Please attach this logfile to your next reply.  
 
 
Step 2
Run FRST again. Copy and paste the whole content of the following Code-Box into the search field: SearchAll: MaskVPN Press the Search files button. Please be patient, this scan may take some time. FRST will create one log now (Search.txt) in the same directory the tool is run. Please attach this logfile to your next reply.  
 
 
fixlist.txt

You're welcome @jaksa23.
Everything is fine here.
 
Thank you for your cooperation, we're done. 👍
 
Final Step
Right-Click on FRST64 and choose Rename. Rename FRST64 into Uninstall. Run Uninstall. FRST and it’s files/folders will be deleted. If the tool needs a restart, please make sure you let the system restarts normally.  
 
 
A few final recommendations:
Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.
https://www.howtogeek.com/240255/password-managers-compared-lastpass-vs-keepass-vs-dashlane-vs-1password/ Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/ Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2 Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/  Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security Malwarebytes Browser Guard
  Google Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee   Microsoft Edge: https://support.malwarebytes.com/hc/en-us/articles/4413298736787-Install-Malwarebytes-Browser-Guard-on-Microsoft-Edge-browser   Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/ uBlock Origin
Google Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm  Microsoft Edge: https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak  Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin  
Further reading if you like to keep up on the malware threat scene: Malwarebytes Blog  https://blog.malwarebytes.com/
Hopefully, we've been able to assist you with correcting your system issues.
Thank you for using Malwarebytes.
 
 

Thanks @Mojito10.
 
Let's do a final fix with FRST, please.
How is your system running (regarding malware)? Any issues left?
 
 
Step 1
Please download the attached fixlist.txt file and save it to the location where you ran FRST from ( C:\Users\Kosta\Downloads\ ). Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
Close all open programs and save your work. Run FRST again. Press the Fix button only once and wait. Please be patient. If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart. FRST will create one log now (Fixlog.txt) in the same directory the tool is run. Please attach this logfile to your next reply.  
 
 
 
fixlist.txt

Thank you @GyroMozzarella for your feedback.
Please run another fix for me and let me know how your system is running. Any problem regarding malware left?
 
Step 1
Please download the attached fixlist.txt file and save it to the location where you ran FRST from ( C:\Users\gonsa\Downloads\ ). Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
Close all open programs and save your work. Run FRST again. Press the Fix button only once and wait. Please be patient. If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart. FRST will create one log now (Fixlog.txt) in the same directory the tool is run. Please attach this logfile to your next reply.  
 
fixlist.txt

Please run this FRST-fix for me @koerper_klaus.
>>> Kommst du auch aus Deutschland so wie ich? <<< 😉
 
Step 1
Please download the attached fixlist.txt file and save it to the location where you ran FRST from ( C:\Users\Nutzer\Downloads\ ). Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
Close all open programs and save your work. Run FRST again. Press the Fix button only once and wait. Please be patient. If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart. FRST will create one log now (Fixlog.txt) in the same directory the tool is run. Please attach this logfile to your next reply.  
 
fixlist.txt

@Zesty Please do not download, install or run programs on your own until we have finished our work here.
Thank you.
 
We are going to check windows system files (Step 1) and double check your system with ESET (Step 2).
Please be patient whil Step 1 is running... this may take several minutes to complete.
 
 
 
Step 1
Please download the attached fixlist.txt file and save it to the location where you ran FRST from ( C:\Users\zesty\Downloads\ ). Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
Close all open programs and save your work. Run FRST again. Press the Fix button only once and wait. Please be patient. If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart. FRST will create one log now (Fixlog.txt) in the same directory the tool is run. Please attach this logfile to your next reply.  
 
 
Step 2
Let me have you run a different scanner to double-check. I don't expect it to find anything, but no harm in checking.
I would suggest a free scan with the ESET Online Scanner
Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe
 
It will start a download of "esetonlinescanner.exe". Save the file to your system, such as the Downloads folder, or else to the Desktop. Go to the saved file, and double click it to get it started.  When presented with the initial ESET options, click on "Computer Scan". Next, when prompted by Windows, allow it to start by clicking Yes. When prompted for scan type, Click on Full scan.  Look at & tick  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on the Start scan button. Have patience.  The entire process may take an hour or more. There is an initial update download. There is a progress window display. You should ignore all prompts to get the ESET antivirus software program.  (e.g. their standard program). You do not need to buy or get or install anything else. When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”. Click The blue “Save scan log” to save the log. If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  (in blue, at the bottom). Press Continue when all done.  You should click to off the offer for “periodic scanning”.  
Note: If you do need to do a File Restore from ESET please follow the directions below
[KB2915] Restore files quarantined by the ESET Online Scanner version 3
https://support.eset.com/en/kb2915-restore-files-quarantined-by-the-eset-online-scanner
 
 
 
 
fixlist.txt

Hello @sww  and 
 
My name is MKDB and I will assist you.
 
 
 
Some ground rules:
Please follow the steps in the given order and post back the logs. Please attach all logs into your post. Before we start, please make sure that you have an external backup, not connected to this system, of all private data. Temporarily disable your antivirus or other security software first. Make sure to turn it back on once the scans are completed. Temporarily disable Microsoft SmartScreen to download software below if needed. Make sure to turn it back on once the scans are completed. Searching, detecting and removing malware isn't instantaneous and there is no guarantee to remove and repair every system. Please be patient and stick with me until I give you the "all clear". Only run the tools I guide you to. Please don't run any other scans, download, install or uninstall any programs while I'm working with you. Cracked or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also big source of current trojan infections. Please uninstall them now, if any are here, before we start the cleaning procedure. As English is not my native language, please do not use slang or idoms. It may be hard for me to understand.  
 
 
We are going to remove those tasks with FRST first and do a check with AdwCleaner.
 
 
Step 1
Please download the attached fixlist.txt file and save it to the location where you ran FRST from ( C:\Users\Skyw\Downloads\ ). Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
Close all open programs and save your work. Run FRST again. Press the Fix button only once and wait. Please be patient. If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart. FRST will create one log now (Fixlog.txt) in the same directory the tool is run. Please attach this logfile to your next reply.  
 
 
Step 2
Please download AdwCleaner and save it to your desktop.
Double-click to run it. Accept the End User License Agreement. Click Scan Now. When finished, if items are found please click Next / Quarantine. Maybe your PC will be rebooted, AdwCleaner will be opened automatically. Click View Log File. AdwCleaner will open one log (AdwCleaner[Cxx].txt). Please paste the log to your next reply.  
 
 
fixlist.txt