Android8888

Hello Forsosh and Forums. My screen name is Android8888 but if you wish you can call me Rui which is my real name. I will be helping you with your malware issues. Please ask questions if anything is unclear. I suggest printing out each set of instructions or copy them to a Notepad file and reading the entire post before proceeding. It will make following them easier. Read all of my instructions very carefully because any mistake you can make during the cleaning process may have serious consequences such as leaving the computer unbootable. Please DO NOT run any tools on your own or make any other changes to your computer and follow the directions in the order listed during the malware removal process, otherwise you can worsen the situation rather than solve it. Make sure to run all tools from the computer's Desktop and with Administrator privileges (i.e. right-click the tool icon and select Run as administrator). Please run one scan at a time. Once started the malware removal process has to be completed. Even if your computer appears to be running better after performing a first set of instructions, it may still be infected as some infections are difficult to remove and can leave remnants on the System. Please consider it clean and safe only when I declare it free of malware. With that being said let's start. I see that you previously ran ComboFix. This is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. It is intended by its creator to be used under the guidance and supervision of a Malware Removal Expert. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Going over your logs I noticed that you have Torrent installed. Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. It is pretty much certain that if you continue to use P2P programs, you will get infected again. I would recommend that you uninstall Torrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Programs and Features If you wish to keep it, please do not use it until your computer is cleaned. Please uninstall the following program using the Programs and Features applet: Hotspot Shield 7.1.2 Next, Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply. Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST64.exe executable is located); DO NOT open or modify that file! Right-click on the FRST64 executable and select Run as Administrator; Click on the Fix button; Credits: Aura On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad; Please attach the fixlog.txt in your next reply; Next, Download Malwarebytes Junkware Removal Tool (JRT) and move it to your computer's Desktop; Right-click on JRT.exe and select Run as Administrator; Press on any key to launch the scan and let it complete; Credits: Bleeping Computer and Aura Once the scan is complete, a log will open. Please attach that log in your next reply; Next, Download Malwarebytes AdwCleaner and move it to your computer's Desktop; Right-click on AdwCleaner.exe and select Run as Administrator; Accept the EULA (I accept), let the database update, then click on Scan; Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes; Credits: Aura Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it; After the restart, a log will open when logging in. Please attach that log in your next reply; Next, Open Malwarebytes; On the left pane select Settings; Select the Protection tab; Scroll down to Scan Options and ensure Scan for Rootkits is on and leave all other settings to default. Go back to DashBoard and select the blue Scan Now tab; Note: The scan may take some time to finish, so please be patient. When the scan completes if potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selectedbutton. While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), give it a name and save it to your Desktop. The log can also be viewed by clicking the log to select it, then clicking the View Report button. Please attach the log in your next reply. In your next reply please attach: The fixlog.txt; The JRT.txt log; The AdwCleaner clean log; The Malwarebytes log. How is the computer running now? Are you still getting those messages from AVG? Thank you. Android8888

Hi DukeTa. The problem is not in the web browsers. We must check if the problem is in the Router or in some cable/connectors or in your Network configuration or even in your Internet service provider. First, make sure all cables are properly connected (Modem/ADSL modem/Router). Please check all connectors and cables in detail to see if you find any failure or damage. Disconnect all connectors/cables and connect them again. Then, try to reset your modem/router. To do that: Press and hold the reset button for a couple of seconds. Some modems don't have a reset button. Simply remove the power cord and connect it again to reboot the modem. If all the above doesn't solve the problem please restart the computer in Safe Mode with Networking and test it for several hours or a day to see if the network or Internet connection fails. Please let me know how you get on. Thank you. Rui

Hello DukeTa. Okay, we have to do a screening of the problem. Please open a command prompt with Administrator rights: Right-click on Start > select Search > type cmd Right-click on Command prompt and select Run as administrator A Command prompt window will open. Please type: ping google.com >> "%userprofile%\desktop\ping.txt" It will create the file ping.txt on your computer's Desktop. Please attach that file in your next reply for my review. Thank you. Rui

Hello DukeTa. Again, I apologize for the delay in responding. Please download MiniToolBox, save it to your computer's Desktop and run it. Check-mark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Devices List Users, Partitions and Memory size. List Minidump Files Click Go and attach the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed. Please attach the log for my review and keep me updated on how are the things going with the computer. Thank you. Rui

Hello DukeTa. I apologize for the delay. Okay, please read the following article and execute the steps on it to see if that can help you to solve the problem. http://atechjourney.com/fix-server-not-found-for-some-websites-in-firefox-browser.html/ Please let me know how you get on. Thank you. Rui

Hello DukeTa. Sorry for the delay. I'm glad to hear that. Please try to reset the browser where that happens. To reset your browsers settings to default: Internet Explorer https://support.microsoft.com/en-us/kb/923737 Mozilla Firefox https://support.mozilla.org/en-US/kb/reset-preferences-fix-problems Google Chrome https://support.google.com/chrome/answer/3296214?hl=en Let me know if the problem persists. Thank you. Rui

Hello Lee4u2envy. Sorry for the delay. So the notifications belong to the Malicious Software Removal Tool (MSRT) by Microsoft. Once a month, a new version of the Malicious Software Removal tool appears in Windows Update. This tool removes some malware from Windows systems, particularly those systems without antivirus programs installed. You have the Microsoft Windows Defender Antivirus and Anti-spyware installed. You can read more about this Microsoft tool in the link below: https://www.howtogeek.com/180773/what-is-the-malicious-software-removal-tool-and-do-i-need-it/ Although the Windows Defender isn’t bad, per se, it just isn’t as good as your other options so I advise you to install a good free antivirus such as Avast Free Antivirus or Avira Free Antivirus. Since MSRT found and removed some threats, let's see if everything is clean. Please proceed as follow: Download AdwCleaner and move it to your Desktop; Right-click on AdwCleaner.exe and select Run as Administrator; Accept the EULA (I accept), let the database update, then click on Scan; Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes; Credits: Aura Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it; After the restart, a log will open when logging in. Please attach that log in your next reply; Next, please proceed with the following instructions to completely remove your old version of Malwarebytes and download, install the latest version and perform a new scan with it. Download MBAM-clean and save it to your computer's Desktop. Right-click on mbam-clean.exe icon and select Run as administrator to start the tool. Follow the prompts to remove old version of Malwarebytes. It will ask you to reboot the machine - please do so. Run the MBAM-clean tool again and reboot when complete. NOTE: DO NOT miss this step. If you have lost the activation licence key information it can be located here Download Malwarebytes version 3.1.2.1733 from [url=https://downloads.malwarebytes.com/file/mb3]here[/url] and save it to your Desktop or anywhere else on your system since you know where is located. Double click on the installer and follow the prompts to install the program. If necessary select the Blue Help tab for video instructions. When the install completes and is updated do the following: Open Malwarebytes; On the left pane select Settings; Then select the Protection tab; Scroll down to Scan Options and ensure Scan for Rootkits and Scan within Archives are both on. Go back to DashBoard and select the blue Scan Now tab. When the scan completes deal with any found entries. Select Export Summary and then Text File (*.txt). Give a name to the log and save it; Please attach that log in your next reply. Please download RogueKiller 32/64 Bits Installer (setup.exe) by Tigzy and save it to your Desktop. Right click on the file setup.exe and select Run as administrator to install the tool. Click Yes to accept any security warnings that may appear. Choose the installation language and click OK. Checkmark "Install 32 and 64 bits versions" and click Next. Follow the steps to install the tool. Now close all programs and browsers. Please disconnect any USB or external drives from the computer before you run this scan! Right-click on the RogueKiller icon and select Run as administrator. Click Yes to accept any security warnings that may appear. Click the Scan tab and then click the Start Scan button. Wait until the scan has finished. This may take some time consuming. Once finished click on Open Report. It will open a new window. Click Export TXT to export the report as a text file, give a name to the file such as RKlog.txt and save it to your Desktop. Close RogueKiller. Please attach the RKlog.txt to your next reply. Please attach the following logs: AdwCleaner clean log; Malwarebytes log; RKlog.txt. Let me know if you are still receiving notifications on startup. Are there any issues or concerns? Thank you.

Hello DukeTa. Thank you for the information. You're welcome. Please keep testing it and keep me updated. Thank you. Rui

Hello. Okay, the message that is still appearing is the UAC (User Account Control) prompt that is asking you to approve to allow an app to run as an administrator (elevated level). This is a security feature to prevent anything from running with elevated rights without you approving first. UAC doesn't have an exception list since it would defeat its designed purpose. This is why it is designed for. This way if something is infected, it can't automatically run with elevated rights to have complete unrestricted access to your computer without you approving it first. Even though we do not know what is the application that is trying to make changes and since your last FRST logs are clean I do not see any major problem in allowing it. However, as an additional precaution measure let's create a new restore point before allowing it. Create a new System Restore Point Right-click on the Windows logo in the bottom-left corner and select System; Click on Advanced System Settings in the left pane; Click on the System Protection tab; Click on the Create... button; Enter a descriptive name for the System Restore point you are about to create, and click on Create; Wait until the creation is complete; Now, restart the computer and accept the UAC security warning. Wait to see what happens and then restart the computer again and see if the UAC warning reappear. Let me know how your get on.

Okay, the integrity of the Operating System files is intact. That's great. Does this issue still continue? In post ID:35 you said the problem was solved by changing the DNS Servers... Please let me know if there are any issues or concerns. Thank you. Rui

Hello. Did you disabled your antivirus and the real-time protection of any security programs that you may have installed before run Windows Repair? Also, I can see in your picture that you probably ran Windows Repair within the zip file without extracting it in first place. You need to extract the zip file; This will create a folder with the same name as the zip file. Then enter in 'Safe Mode with Networking'; Now go inside the created folder and right-click on the executable file Repair_Windows.exe and select Run as Administrator; Then accept the UAC security warning. Now follow the rest of the steps of my previous post to run the repairs again. If you are sure that you already did all the above, please leave Windows Repair for now and try the following: Follow the instructions below to run a SFC scan on your system and to provide the CBS log in your next reply; Right click on the Windows logo in the bottom-left corner and select Command Prompt (Admin); Enter the command below and press on Enter; sfc /scannow Note: There's a space between "sfc" and "/scannow"; Once the scan is complete, enter the command below and press on Enter copy %windir%\logs\cbs\cbs.log "%userprofile%\Desktop\cbs.txt" A file called cbs.txt will have appeared on your Desktop. Upload the file on TinyUpload and post the download URL for it here; Note: Please note that the CBS.log is volatile, which means that if you don't upload it after the SFC scan is completed, it won't have the information from the scan anymore. So archive it and upload it as soon as you can. Please let me know how you get on. Thank you.

Hello Lee4u2envy. That's okay. I noticed some system errors in FRST logs. Let's try the following repair tool. NOTE: Before following to steps below, please disable your Antivirus software or any other real-time security software that you have enabled so it cannot interfere with the following repairs. Download the portable version of Windows Repair All-In-One; Move the file (archive) on your Desktop, and extract it there; Now boot in Safe Mode with Networking; Go in the tweaking.com_windows_repair_aio folder, then Tweaking.com - Windows Repair folder, right-click on Repair_Windows.exe and select Run as Administrator; Click Yes to accept the User Account Control security warning; On the top bar go to the Step 3: Optional tab and click the Open Check Disk At Next Boot; It will open a window named "Check Disk (chkdsk) At Next Boot"; Click the Add To Next Boot button; Close that window and click on Reboot to Safe Mode button; When starting up it will run the Check Disk your drive; When the Check Disk is complete, and once in Safe Mode open Windows Repair All-In-One; Go to the Step 4: Optional tab and select the Do It button to run System File Checker (SFC) on your system; When the SFC is complete go to the +Repairs tab and click the Open Repairs button; Let the Registry back up complete, and move on to the check-list window; Leave all the items checked by default; Click on the Start Repairs button and let the scan execute; If you are being prompted with a Security Warning, allow it to go through; Once the repairs are complete, it'll ask you to restart your computer, please do it; After performing these fixes, does the Microsoft notification still appear on startup? Thank you.

Hello DukeTa. Sorry for the delay. Thank you for the cbs.txt log. That's great. Please read my previous instructions and run SFC again. When the scan is complete let me know exactly what message appeared on the last line of the command prompt window. I do not need to see the cbs log this time. Just tell me the final result. How is the computer running? Does it still slow? Thank you. Rui

Hello DukeTa. I apologize for the delay. I'm glad that Firefox is working well. Okay, let's see what may be causing the laggy Internet connection. I can see that your system drive is almost without free space (only 8.09 GB) and also you only have 4 GB of physical memory RAM which can not be enough while you are playing online games. Games can require a lot of system resources. For instance if an application doesn't have enough memory to work, it will require that portion of the memory in lack on the disk drive. This is called virtual memory. So to start, please try to free up some space on the System drive C. You can do that by removing applications that you don't use anymore and move and save all your data (pictures, documents, etc.) to drive D: Next, let's check the integrity of the system files. Follow the instructions below to run a SFC scan on your system and to provide the CBS log in your next reply; Right click on the Windows logo in the bottom-left corner and select Command Prompt (Admin); Enter the command below and press on Enter; sfc /scannow Note: There's a space between "sfc" and "/scannow"; Once the scan is complete, enter the command below and press on Enter copy %windir%\logs\cbs\cbs.log "%userprofile%\Desktop\cbs.txt" A file called cbs.txt will have appeared on your Desktop. Upload the file on TinyUpload and post the download URL for it here; Note: Please note that the CBS.log is volatile, which means that if you don't upload it after the SFC scan is completed, it won't have the information from the scan anymore. So archive it and upload it as soon as you can. Thank you. Rui

Hello. Please download Mozilla Firefox from here and reinstall it. When the installation is complete please restart the computer. Restore your bookmarks from the backup file. https://support.mozilla.org/en-US/kb/restore-bookmarks-from-backup-or-move-them#w_restoring-from-backups Enable and set up Sync in Firefox. https://support.mozilla.org/en-US/kb/how-do-i-set-sync-my-computer Now test the Mozilla Firefox browser several times and check if the adware problem still persists. Thank you. Rui

Hello DukeTa and thank you for the logs. I presume you did not used Revo Uninstaller to remove Firefox. Since the Firefox Uninstall Wizard also leaves intact the folder that stores any cached Internet files, open Run, type appdata and then press “Enter". Double-click the folder labeled “Local,” and then select “Mozilla". Press “Shift-Delete” to remove it. Delete also any Mozilla Firefox folders in C:\Program files and C:\Program files (x86). Now please proceed with the following instructions: Close all programs and browsers. Please disconnect any USB or external drives from the computer before you run this scan! Re-run RogueKiller. Right-click on the icon and select Run as administrator. Click the Scan tab and then click the Start Scan button. Wait until the scan has finished. This may take some time consuming. When the scan completes checkmark (tick) the following against Registry entries and ensure that all other entries are not checkmarked: [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2708046539-3441841237-3858742213-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Gefunden [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2708046539-3441841237-3858742213-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Gefunden Click on Remove Selected button. When complete select Open Report and click Export TXT to export the report as a text file, give a name to the file such as RKlog.txt and save it to your Desktop and attach it to your next reply. Close RogueKiller. Please download Emsisoft Emergency Kit and save it to your computer's Desktop. Right-click the icon and select Run as administrator to run the tool. Click Yes to accept the security warning. Click on the Install button and wait until the installation complete. When finished it will open a new window. Right-click the on the start emergency kit scanner file and select Run as administrator. Click Yes to accept the security warning. The tool will search for updates. If an update is found click Yes to accept and install it. After the update complete, click on Malware Scan under 2. Scan and click Yes to accept and let Emsisoft Emergency Kit detect PUPs. Once the scan is complete, make sure that every item in the list is checked, and click on Delete selected; If it asks you for a reboot to delete some items, click on Ok to reboot automatically; After the restart, go to C:\EEK and click on the start emergency kit scanner file again to open it; Now click on Logs tab menu; From there, go under the Scan Log tab, click on the Export button, save it to your computer's Desktop and attach it to your reply; Please attach the following logs for my review: RKLog.txt EEK log. Thank you. Rui

Okay, if the ads problem persist, you can make a clean uninstall of Firefox and then reinstall it. But first you need to backup your Firefox bookmarks and then stop Sync (synchronization). Please proceed as follow: How to save bookmarks in Firefox Open Firefox browser; On the top menu click the Bookmarks button and select Show All Bookmarks to open the 'Library' window; In the 'Library' window, click the Import and Backup button and then select Backup; In the Bookmarks backup filename window that opens, choose a location to save the file, which is named bookmarks-"date".json by default. The computer's Desktop is usually a good spot, but any place that is easy to remember will work; Save the bookmarks .json file. The Bookmarks backup filename window will close and then you can close the 'Library' window. How to stop Sync in Firefox Open Firefox browser; Click on the "Open menu" icon located at the top right corner of the browser (the one with three horizontal lines); Click on "Options" and then select "Sync" on the left pane; Under 'Firefox Account' click on the "Disconnect" button to stop synchronization. Close Firefox. Now completely uninstall Mozilla Firefox using the Revo Uninstaller. This program is free and will completely remove Firefox and every leftovers of it. Please download and install the free version of Revo Uninstaller Right-click on the icon of Revo Uninstaller and select Run as administrator to run the tool. Click Yes to accept any security warnings that may appear. Select Mozilla Firefox and click Uninstall. Follow the instructions to complete the removal process. In 'Search Mode' set it to 'Advanced' and click on the Scan button. The tool will search for leftovers. Click on Delete and then click Next. You may have to repeat this to delete all the leftovers (Registry items, files and folders). Click on the Finish button. Restart the computer. NOTE: DO NOT reinstall Firefox yet. We need to ensure the system is completely clean and there are no traces of adware on it. In the meanwhile you can use another browser to access the Internet. Next, Please re-run Junkware Removal Tool (JRT), AdwCleaner, RogueKiller and attach the new logs for my review, then please wait for further instructions. DO NOT remove anything found. Thank you. Rui

Hello DukeTa. This is good. Please keep testing it. I do not see any signs of malware in your logs. Both logs are clean. As a precaution please run Malwarebytes and RogueKiller again and post both logs. Please DO NOT remove anything if something is found, just post the scan logs. Thank you. Rui

Hello Stephen720. Is everything well with the computer? How is it running? Thank you. Rui

Hello DukeTa. I apologize for the delay. Please open FRST again and make sure the "Addition.txt" box is checked. Then click the Scan button and when finished attach the two logs for my review in your next reply. Are you still receiving the "rightcoupon" ads when browsing the Internet? Thank you.

Hello DukeTa and thank you for the logs. I apologize for the delay. Malwarebytes log is clean which is great. The HitmanPro log shows two adwares on Registry Keys and also some cookies on Internet Explorer and Firefox. We need to eliminate these Registry Keys by running a fix with FRST: HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar) HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar) CouponBar is considered adware and also a PUP (Potentially Unwanted Program). Next, Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply. Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located); DO NOT open or modify that file! Right-click on the FRST executable and select Run as Administrator; Click on the Fix button; Credits: Aura On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad; Please attach the fixlog.txt in your next reply; Next, let's clear the cache and cookies and perform a reset on all browsers. Clear cache and cookies of Internet Explorer: https://kb.wisc.edu/page.php?id=15141 Reset Internet Explorer settings: https://support.microsoft.com/en-us/help/923737/how-to-reset-internet-explorer-settings Clear cache and cookies of Mozilla Firefox: https://kb.wisc.edu/helpdesk/page.php?id=17504 Reset Mozilla Firefox settings: https://support.mozilla.org/en-US/kb/reset-preferences-fix-problems Clear cache and cookies of Google Chrome: https://kb.wisc.edu/helpdesk/page.php?id=24629 Reset Google Chrome settings: https://support.google.com/chromebook/answer/3296214?hl=en Next, Download Junkware Removal Tool (JRT) and move it to your Desktop; Right-click on JRT.exe and select Run as Administrator; Press on any key to launch the scan and let it complete; Credits: Bleeping Computer and Aura Once the scan is complete, a log will open. Please attach the JRT.txt file in your next reply; Next, Download AdwCleaner and move it to your Desktop; Right-click on AdwCleaner.exe and select Run as Administrator; Accept the EULA (I accept), let the database update, then click on Scan; Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes; Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it; After the restart, a log will open when logging in. Please attach that log in your next reply; In your reply please attach: fixlog.txt; JRT.txt log; AdwCleaner clean log. Are there any signs or visible evidence of the adware reappearing when you are browsing the Internet? fixlist.txt

Hello DukeTa. You're welcome. Yes please proceed with the next steps. p.s.: Don't forget to run RogueKiller in first place and delete all the entries it found.

Hello DukeTa. It seems that there must be some kind of dropper on your system causing reinfection. Please proceed with the following instructions: Run RogueKiller again and delete all the entries found. Next, Reset your router. Instructions on how to do it are available at the following link: How to Reset your Router Next, Download and unzip DNSJumper to your Desktop, the tool is portable no installation necessary. http://www.sordum.org/downloads/?dns-jumper Right click on Dnsjumper.exe and select "Run as Administrator" to start the tool. From the left hand pane select "Flush DNS" From the main interface select the dropdown under "Choose a DNS Server" From the list select either "Google Public DNS" or "Open DNS" From the left hand pane select "Apply DNS" Restart the computer. In any case don't remove on your own anything that Hitman Pro detects! This scanner is really good for checking, it has however been known for deleting files instead of curing them, in some cases this may render the machine unbootable. Any removals will be done manually after careful analysis of the scan results! Please download HitmanPro by SurfRight and save it to your desktop. Temporary disable your AntiVirus and AntiSpyware protection - instructions here. Right-click on icon and select Run as Administrator to start the tool. If the program won't run please run it while holding down the left CTRL key until it's loaded! Click on the Next button. You must agree with the terms of EULA (if asked). Check the box beside No, I only want to perform a one-time scan to check this computer. Click on the Next button. The program will start to scan the computer. It would only take several minutes. When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore. If there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro!Navigate to C:\ProgramData\HitmanPro\Logs, open the report and include it it your next reply. Click on the Next button. Click on the Save Log button. Save that file to your computer's Desktop. Please include that file in your next reply. Please re-enable your security programs. Next, Open Malwarebytes; On the left pane select Settings; Select the Protection tab; Scroll down to Scan Options and ensure Scan for Rootkits and Scan within Archives are both on and leave all other settings to default. Go back to DashBoard and select the blue Scan Now tab; Note: The scan may take some time to finish, so please be patient. When the scan completes if potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selectedbutton. While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), give it a name and save it to your Desktop. The log can also be viewed by clicking the log to select it, then clicking the View Report button. Please attach the log in your next reply. Please attach the Hitman Pro scan log and Malwarebytes quarantine log and let me know if the infection returns.

Hello DukeTa and thank you for those logs. Malwarebytes flagged and removed some threats in the first scan. The second scan is clean. You default browser is Edge but what browser do you often use to navigate on Internet? Please perform the following scan but DO NOT remove anything it find. The entries it may find may not be all bad. Please download RogueKiller 32/64 Bits Installer (RogueKiller_setup.exe) by Tigzy and save it to your computer's Desktop. Right click on the file RogueKiller_setup.exe and select Run as administrator to install the tool. Click Yes to accept any security warnings that may appear. Choose the installation language and click OK. Checkmark "Install 32 and 64 bits versions" and click Next. Follow the steps to install the tool. Now close all programs and browsers. Please disconnect any USB or external drives from the computer before you run this scan! Right-click on the RogueKiller icon and select Run as administrator. Click Yes to accept any security warnings that may appear. Click the Scan tab and then click the Start Scan button. Wait until the scan has finished. This may take some time consuming. Once finished click on Open Report. It will open a new window. Click Export TXT to export the report as a text file, give a name to the file such as RKlog.txt and save it to your Desktop. Close RogueKiller. Please copy and paste the contents of RKlog.txt to your next reply. Thank you. Rui

Hello. Thank you for the logs. I'm glad to hear that your computer is running well. Malwarebytes found nothing, AdwCleaner and ESET removed a few threats but they were just PUP (Potentially Unwanted Programs) so it's not considered malware by itself. I can say that your computer appears to be clean and free of malware. Now download, install and run a scan with a program like Personal Software Inspector (PSI) or FileHippo Update Checker to see what programs need to be updated. Please continue reading the recommendations in my post ID:7 and try to keep your computer protected. Are there any issues or concerns with the computer?