xghostriderz

RogueKiller Anti-Malware V15.0.9.0 (x64) [Aug 5 2021] (Free) by Adlice Software mail : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 10 (10.0.19043) 64-bit Started in : Normal mode User : b_omi [Administrator] Started from : C:\Users\b_omi\Downloads\RogueKiller_portable64.exe Signatures : 20210824_120208, Driver : Loaded Mode : Standard Scan, Delete -- Date : 2021/08/29 11:09:29 (Duration : 00:03:19) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [PUP.Popcorn (Potentially Malicious)] HKEY_USERS\S-1-5-21-1780742381-1466409985-358291042-1001\Software\Popcorn Time -- -> Deleted [PUP.Popcorn (Potentially Malicious)] HKEY_USERS\S-1-5-21-1780742381-1466409985-358291042-1001\Software\PopcornTime -- -> Deleted [Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{FAB45A7B-5C48-4BC5-A6E7-61088329E668} -- [%localappdata%\Programs\safe-watch\safe-watch.exe] -> Deleted Fixlog.txt msert.log

RogueKiller Anti-Malware V15.0.9.0 (x64) [Aug 5 2021] (Free) by Adlice Software mail : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 10 (10.0.19043) 64-bit Started in : Normal mode User : b_omi [Administrator] Started from : C:\Users\b_omi\Downloads\RogueKiller_portable64.exe Signatures : 20210824_120208, Driver : Loaded Mode : Standard Scan, Scan -- Date : 2021/08/29 04:05:09 (Duration : 00:03:36) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ >>>>>> XX - Software [PUP.Popcorn (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-1780742381-1466409985-358291042-1001\Software\Popcorn Time -- N/A -> Found [PUP.Popcorn (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-1780742381-1466409985-358291042-1001\Software\PopcornTime -- N/A -> Found >>>>>> O87 - Firewall [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{FAB45A7B-5C48-4BC5-A6E7-61088329E668} -- v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Private|Profile=Public|App=C:\Users\b_omi\AppData\Local\Programs\safe-watch\safe-watch.exe|Name=safe-watch| (C:\Users\b_omi\AppData\Local\Programs\safe-watch\safe-watch.exe) (missing) -> Found ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

%windir%.zip

Yeah, sorry about that. As previously stated that one was from my search yesterday since I had a hard time getting FRST to run today, even if I turned off all my antiviruses. Anyhow, I eventually got it to work. Here are the files. FRST.txt Addition.txt

Sorry. I made the MB one a part of my reply accidentally Malwarebytes.txt

Hello! Thank you for your answer. Here are the logs. Although I will be sending 2 logs of Adwcleaner, since it did not find anything today because of the scan I did yesterday. So I will send both the scan I did today and the one where it did find something. And when it comes to Farbar I did get a scaMalwarebytes.txtn done yesterday, but today, I could not get it to launch no matter how many different things I tried. So I will be sending the scan from yesterday only for Farbar. The second. Adw file is the one from yesterday. Thank you in advance! AdwCleaner[C01].txt AdwCleaner[C00].txt FRST64.txt

Been trying to get rid of these for a while now but they keep comming back. The current log I'm about to send is from first running MB, then going adwcleaner and third was Farbar. I have no clue how to put together a fixit.txt. Any help would be greatly appriciated! FRST64.txt