RPMcMurphy

Please do this next: Open Malwarebytes AntiMalware, run a threat scan and post the log. Download AdwCleaner and move it to your Desktop. Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users). Accept the EULA (I accept), then click on Scan. Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. Once the cleaning process is complete, AdwCleaner will ask to restart your computer, please do so. After the restart, a log will open when logging in. Please copy and paste the contents of that log into your next reply.

Download and save the attached fixlist.txt file in the same location as FRST (usually your desktop) NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Now run FRST again. When the tool opens click Yes to disclaimer. Press the Fix button just once and wait. The tool will make a log (Fixlog.txt) please post it to your reply. fixlist.txt

Hello and welcome. Please look this over and wait for further instructions while I review your logs: Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I have given you the ìAll clear.î Absence of symptoms does not mean your machine is clean! Please do not run any scans or install/uninstall any applications without being directed to do so. Please note that if I don't hear from you within five days this thread will be closed.

OK, thanks. Please do this next: Download and save the attached fixlist.txt file in the same location as FRST (usually your desktop) NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Now run FRST again. When the tool opens click Yes to disclaimer. Press the Fix button just once and wait. The tool will make a log (Fixlog.txt) please post it to your reply. fixlist.txt

I have two questions for you while I look those logs over: What issues, if any, are you still having with the computer? You have hundreds of firewall rules - the most I've ever seen in a log. Many of them are blocking legitimate programs. Did you configure these intentionally?

There should also be a second log named FRST_(date and time you ran it).txt Please attach that one as well.

Please run a fresh FRST scan for me and post that log.

Please do this next: Open Malwarebytes AntiMalware and run another Threat Scan Download AdwCleaner and move it to your Desktop. Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users). Accept the EULA (I accept), then click on Scan. Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. Once the cleaning process is complete, AdwCleaner will ask to restart your computer, please do so. After the restart, a log will open when logging in. Please copy and paste the contents of that log into your next reply. Please include the following in your next post: 1. Malwarebytes log 2. AdwCleaner log

Please do this next: Download and save the attached fixlist.txt file in the same location as FRST (usually your desktop) NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Now run FRST again. When the tool opens click Yes to disclaimer. Press the Fix button just once and wait. The tool will make a log (Fixlog.txt) please post it to your reply. fixlist.txt

Hello and welcome. Please follow these guidelines while we work on your PC: Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I have given you the ìAll clear.î Absence of symptoms does not mean your machine is clean! Please do not run any scans or install/uninstall any applications without being directed to do so. Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed. Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

In that case, you should be all set. I just have a little cleanup for you: Uninstall FRST Right click on the FRST icon and select Rename Change the name to Uninstall After renaming it, right click and select Run as Administrator Uninstall any other tools or logs from our work that you don't need. Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!

Your copy of Chrome has probably been compromised. At this point it's probably best if you just uninstall/reinstall. It's important that you follow these instructions, in the order they are listed: If enabled, delete Your Google Chrome Browser Sync Data by following the steps in this post: https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/ If you wish, you can backup your bookmarks before uninstalling. Follow these instructions: http://ccm.net/faq/31791-how-to-backup-your-google-chrome-bookmarks If you save passwords in Chrome, you may export them as well. Follow these instructions to do that: https://betanews.com/2018/03/09/export-chrome-passwords/ Clear your Chrome cache and cookies https://support.google.com/chromebook/answer/183083?hl=en Remove Chrome using the the instructions on this page. https://support.google.com/chrome/answer/95319?hl=en Re-install Chrome and, if applicable, restore your bookmarks and passwords.

Are you still seeing those porn ads? If so, which browser(s) are involved?

Are you seeing those popups in all browsers? Please do this next: Download and save the attached fixlist.txt file in the same location as FRST (usually your desktop) NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Now run FRST again. When the tool opens click Yes to disclaimer. Press the Fix button just once and wait. The tool will make a log (Fixlog.txt) please post it to your reply. Please include the following in your next post: fixlog.txt report Are you still seeing popups - if so is it occurring in all browsers? fixlist.txt

Are you seeing those popups in all browsers? Please do this next: Download AdwCleaner and move it to your Desktop. Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users). Accept the EULA (I accept), then click on Scan. Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. Once the cleaning process is complete, AdwCleaner will ask to restart your computer, please do so. After the restart, a log will open when logging in. Please copy and paste the contents of that log into your next reply.

Welcome. Please follow the instructions in this post to get started: https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/

I don't see anything concerning in your logs. The fact that it is occurring at the same time every night would lead me to check and see if a scheduled scan or update is occurring at the time.

Great! All I have left for you is a software update and some cleanup: Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please update to the latest version. Uninstall FRST Right click on the FRST icon and select Rename Change the name to Uninstall After renaming it, right click and select Run as Administrator Uninstall any other tools or logs from our work that you don't need. Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!

That's good. I did note that you had a fair number of potentially unwanted programs in your logs, but nothing else too concerning. Please do this little bit of housekeeping: Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txt FF Plugin-x32: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll [No File] U3 idsvc; no ImagePath VirusTotal: C:\Users\Walt\AppData\Local\Temp\BlueStacksClientUninstaller.exe CustomCLSID: HKU\S-1-5-21-1417395122-1874483485-2292329412-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Walt\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1417395122-1874483485-2292329412-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Walt\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1417395122-1874483485-2292329412-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Walt\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1417395122-1874483485-2292329412-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Walt\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1417395122-1874483485-2292329412-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Walt\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1417395122-1874483485-2292329412-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Walt\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1417395122-1874483485-2292329412-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Walt\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1417395122-1874483485-2292329412-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Walt\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1417395122-1874483485-2292329412-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Walt\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1417395122-1874483485-2292329412-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Walt\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1417395122-1874483485-2292329412-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Walt\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1417395122-1874483485-2292329412-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Walt\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1417395122-1874483485-2292329412-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Walt\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1417395122-1874483485-2292329412-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Walt\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1417395122-1874483485-2292329412-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Walt\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1417395122-1874483485-2292329412-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Walt\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1417395122-1874483485-2292329412-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Walt\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1417395122-1874483485-2292329412-1000_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\Walt\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1417395122-1874483485-2292329412-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Walt\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers: [ 00BitrixShellExt] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506B} => -> No File ShellIconOverlayIdentifiers: [ 00BitrixShellExt_C] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506E} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll -> No File ShellIconOverlayIdentifiers: [ 00BitrixShellExt_E] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506D} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll -> No File ShellIconOverlayIdentifiers: [ 00BitrixShellExt_L] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506F} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll -> No File ShellIconOverlayIdentifiers: [ 00BitrixShellExt_S] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506C} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll -> No File ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => -> No File ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => -> No File ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => -> No File ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => -> No File ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => -> No File ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => -> No File ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => -> No File ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => -> No File ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers-x32: [ 00BitrixShellExt] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506B} => -> No File ShellIconOverlayIdentifiers-x32: [ 00BitrixShellExt_C] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506E} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll -> No File ShellIconOverlayIdentifiers-x32: [ 00BitrixShellExt_E] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506D} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll -> No File ShellIconOverlayIdentifiers-x32: [ 00BitrixShellExt_L] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506F} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll -> No File ShellIconOverlayIdentifiers-x32: [ 00BitrixShellExt_S] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506C} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll -> No File ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => -> No File ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => -> No File ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => -> No File ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => -> No File ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => -> No File ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => -> No File ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => -> No File ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => -> No File ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => -> No File ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => -> No File ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => -> No File ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => -> No File ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => -> No File ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => -> No File ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => -> No File ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => -> No File ContextMenuHandlers1: [BB FlashBack 2] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} => -> No File ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File ContextMenuHandlers1: [QuickShare] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} => -> No File ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File Task: {03DACB8F-C5AE-4D21-A38E-3C236FA63B9C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {07E81CF8-E5C8-44BF-A39A-85534F640F28} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {425FE86D-54AE-4FF6-A87B-102D54D77CF0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {4FBA3975-8CF3-408A-8A2C-91A271A508D0} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {79921081-1217-4267-9511-2E7BE41AA114} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {7B099CE3-9398-435A-A4E8-C54FC96A2CE0} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION Task: {7E84EE4E-8017-4B8D-94FE-7119A0348B78} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {9B135167-93CE-405B-82F2-2D20D599EC78} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION Task: {AF6222F9-99F6-4CA2-85F0-6355CF89DA61} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION Task: {B1D6CB4B-21C0-4266-AD53-6CF8027C81C4} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {B377207F-585A-453A-B62C-DA78D99CC0D6} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {BDF23B13-441B-48BB-A52A-59B5599E0A8E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {C116071A-FBDC-410E-A060-D42ACF3ECCB6} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {CC31A4E3-4D0E-4D21-A913-CD7895994D71} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {D1DCB28A-50E4-4ACA-AED6-CC419B80A801} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {FC51A09C-7574-4AE8-8FD3-BD9D81236455} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION FirewallRules: [UDP Query User{A7F8E555-1F71-4B94-B3E8-EFD0E600CFF5}C:\program files (x86)\java\jre1.8.0_181\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_181\bin\jp2launcher.exe No File FirewallRules: [TCP Query User{41A6E499-E04B-4F2A-82BE-5DBBC6E5A72C}C:\program files (x86)\java\jre1.8.0_181\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_181\bin\jp2launcher.exe No File FirewallRules: [UDP Query User{E89D09E1-7DF7-4D22-8208-771FC32132EA}C:\scrapebox64_1\scrapebox.exe] => (Allow) C:\scrapebox64_1\scrapebox.exe No File FirewallRules: [TCP Query User{B3C87FBF-9378-4F00-9E32-68EA1A448C0A}C:\scrapebox64_1\scrapebox.exe] => (Allow) C:\scrapebox64_1\scrapebox.exe No File FirewallRules: [{EDAC3FEC-FA0E-4515-95D5-F9BACAC99B21}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe No File FirewallRules: [{FFDA705B-E761-4605-AB89-ED9837F71D8D}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe No File FirewallRules: [{E0773917-B9EE-46DD-B9A2-C10B74B690A1}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe No File FirewallRules: [{58E68167-7A9D-4F21-B881-7C05EC0D6A31}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe No File FirewallRules: [{94C458B5-1B85-429E-893A-319A972AF320}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe No File FirewallRules: [{1A2F0938-6109-46B8-B834-549B96F3E3F9}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe No File FirewallRules: [{25508927-1ED7-4598-A1D0-1FA3CB40FC9C}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe No File FirewallRules: [{6A9C1656-58B2-4880-B588-39577BBB8B19}] => (Block) C:\kodi\kodi.exe No File FirewallRules: [{B490F972-BADB-45AF-B184-3ECC7D3C34ED}] => (Block) C:\kodi\kodi.exe No File FirewallRules: [UDP Query User{1C1BC718-1AF8-4E30-BA42-C70015A2D13D}C:\kodi\kodi.exe] => (Allow) C:\kodi\kodi.exe No File FirewallRules: [TCP Query User{C7A482FA-F794-4B5B-858C-815F0CBC10AC}C:\kodi\kodi.exe] => (Allow) C:\kodi\kodi.exe No File FirewallRules: [UDP Query User{5FB8E63D-D322-4822-A449-B0C7EDB8A561}C:\program files (x86)\eye cloud\superipcam.exe] => (Allow) C:\program files (x86)\eye cloud\superipcam.exe No File FirewallRules: [TCP Query User{C207410C-9B74-4C2F-A72B-4ED19D2374B4}C:\program files (x86)\eye cloud\superipcam.exe] => (Allow) C:\program files (x86)\eye cloud\superipcam.exe No File FirewallRules: [TCP Query User{19F3EB1E-CAF5-4E51-BA01-2730B51C5F07}C:\users\walt\appdata\local\microsoft\windows\temporary internet files\content.ie5\i7xmguh5\software_hwren1rev1.exe] => (Allow) C:\users\walt\appdata\local\microsoft\windows\temporary internet files\content.ie5\i7xmguh5\software_hwren1rev1.exe No File FirewallRules: [UDP Query User{28C99BBF-17F0-4BAE-A5DE-4D7924012E89}C:\users\walt\appdata\local\microsoft\windows\temporary internet files\content.ie5\i7xmguh5\software_hwren1rev1.exe] => (Allow) C:\users\walt\appdata\local\microsoft\windows\temporary internet files\content.ie5\i7xmguh5\software_hwren1rev1.exe No File FirewallRules: [TCP Query User{B08AB95F-7CBC-4218-A23B-CBE5B0832B07}C:\program files (x86)\metatrader - pepperstone\arbfxi_demo.exe] => (Allow) C:\program files (x86)\metatrader - pepperstone\arbfxi_demo.exe No File FirewallRules: [UDP Query User{029CD053-1FEB-4A82-B65A-5457FC602A14}C:\program files (x86)\metatrader - pepperstone\arbfxi_demo.exe] => (Allow) C:\program files (x86)\metatrader - pepperstone\arbfxi_demo.exe No File FirewallRules: [TCP Query User{9186E9A2-9652-45D1-83BE-5DE46C9D999D}N:\downloads\software_hwren1rev1.exe] => (Allow) N:\downloads\software_hwren1rev1.exe No File FirewallRules: [UDP Query User{90275C09-BD91-4394-9657-B29662CAA091}N:\downloads\software_hwren1rev1.exe] => (Allow) N:\downloads\software_hwren1rev1.exe No File FirewallRules: [TCP Query User{87886B49-168D-495F-AEC5-1789781AE467}N:\downloads\entropy_signal_client_v.1.3.exe] => (Allow) N:\downloads\entropy_signal_client_v.1.3.exe No File FirewallRules: [UDP Query User{ECB1C067-D326-4BA2-8702-70080EC1F443}N:\downloads\entropy_signal_client_v.1.3.exe] => (Allow) N:\downloads\entropy_signal_client_v.1.3.exe No File FirewallRules: [TCP Query User{730874BF-7DDE-4839-BF0F-76423011D40A}N:\downloads\software_hwren1rev1 (1).exe] => (Allow) N:\downloads\software_hwren1rev1 (1).exe No File FirewallRules: [UDP Query User{2433C6EA-EB7E-475F-AB03-5021A51C2843}N:\downloads\software_hwren1rev1 (1).exe] => (Allow) N:\downloads\software_hwren1rev1 (1).exe No File FirewallRules: [{465A47CA-1B51-49BD-99E1-4F678702BF90}] => (Allow) C:\Program Files (x86)\Voicent\Gateway\bin\vgate.exe No File FirewallRules: [{09B224A5-E7C0-4FDB-9131-0A1304FD1555}] => (Allow) C:\Program Files (x86)\Voicent\Gateway\bin\spengine.exe No File FirewallRules: [{0FC737BF-8522-43A8-A6B4-A115C39CED07}] => (Allow) C:\Program Files (x86)\Voicent\Gateway\bin\vxengine.exe No File FirewallRules: [{9502F49D-C53D-467F-8AE1-F1C068F8C481}] => (Allow) C:\Program Files (x86)\Voicent\Gateway\bin\vxengine.exe No File FirewallRules: [{6B8DF454-4146-4903-BD86-751F3F46F65D}] => (Allow) C:\Program Files (x86)\Voicent\Gateway\bin\vxengine.exe No File FirewallRules: [{E68910B8-AA98-4076-980A-4626DEC4CCC2}] => (Allow) C:\Program Files (x86)\Voicent\Gateway\bin\vxengine.exe No File FirewallRules: [{91251B6C-C649-4653-A001-12879F13D059}] => (Allow) C:\Program Files (x86)\Voicent\Gateway\bin\vxengine.exe No File FirewallRules: [{BAF61E60-20F4-4D06-BB96-C0CB77A60F83}] => (Allow) C:\Users\Walt\AppData\Roaming\mjusbsp\magicJack.exe No File FirewallRules: [{378ABE14-B90D-47B7-A874-F72B1661DDC4}] => (Allow) C:\Users\Walt\AppData\Roaming\mjusbsp\magicJack.exe No File FirewallRules: [{1F0A6116-9FA1-47DD-9B12-B0B5EF7A4880}] => (Allow) C:\Program Files (x86)\Voicent\Gateway\bin\vxengine.exe No File FirewallRules: [{043B75F6-DBFF-4A04-9CA7-B71CCF0DC96D}] => (Allow) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe No File FirewallRules: [{05F62148-2FF4-4181-A0F3-6C4DC02606E5}] => (Allow) C:\Program Files\Beat the News\BTN Connection Tester.exe No File FirewallRules: [{0E92F0E7-64A0-4AC0-8975-F4DF53ACE776}] => (Allow) C:\Program Files\Beat the News\BTN Connection Tester.exe No File FirewallRules: [{E7B7CECF-F496-415F-96EA-302664805971}] => (Allow) C:\Program Files\Beat the News\BTN Connection Tester.exe No File FirewallRules: [{D4B3278C-9995-449D-96B3-C7474772C763}] => (Allow) C:\Program Files\Beat the News\BTN Connection Tester.exe No File FirewallRules: [{C80F886A-BB44-4235-B0B2-CF1A193F05C4}] => (Allow) C:\Program Files\Beat the News\beatthenewsclient.exe No File FirewallRules: [{41C453E8-9624-42B6-9174-373EB1891F25}] => (Allow) C:\Program Files\Beat the News\beatthenewsclient.exe No File FirewallRules: [{6F4B16F3-A188-4BDB-9777-58160F7E21EE}] => (Allow) C:\Program Files\Beat the News\beatthenewsclient.exe No File FirewallRules: [{46A49CC0-5344-40B1-8B51-09DF77C7FB0A}] => (Allow) C:\Program Files\Beat the News\beatthenewsclient.exe No File FirewallRules: [{55D61D1C-F756-4A07-9243-CCC899075A08}] => (Allow) C:\Users\Walt\AppData\Roaming\mjusbsp\magicJack.exe No File FirewallRules: [{53E8962B-4DEC-488D-8661-495D4737CDA4}] => (Allow) C:\Users\Walt\AppData\Roaming\mjusbsp\magicJack.exe No File FirewallRules: [TCP Query User{D7BC9FDD-FCBD-49CC-B74A-BBFF2BCB5B84}C:\program files (x86)\java\jre6\bin\java.exe] => (Allow) C:\program files (x86)\java\jre6\bin\java.exe No File FirewallRules: [UDP Query User{C87915B3-527A-42E0-B85F-ED4DD63A7405}C:\program files (x86)\java\jre6\bin\java.exe] => (Allow) C:\program files (x86)\java\jre6\bin\java.exe No File FirewallRules: [TCP Query User{C207C553-C7C8-4B35-BDE6-ED609AD7F33A}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre6\bin\javaw.exe No File FirewallRules: [UDP Query User{437B5298-C23B-4416-BD9C-94483CE04AFA}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre6\bin\javaw.exe No File FirewallRules: [TCP Query User{A9186990-4148-4E6F-8440-85AD963EBCFB}C:\program files (x86)\stunnel\stunnel.exe] => (Allow) C:\program files (x86)\stunnel\stunnel.exe No File FirewallRules: [UDP Query User{7453BE9E-9BF0-4775-A1A1-68CB4CF00688}C:\program files (x86)\stunnel\stunnel.exe] => (Allow) C:\program files (x86)\stunnel\stunnel.exe No File FirewallRules: [{1F303B66-7E89-47DC-83C3-BE8C8C861D6B}] => (Allow) C:\Program Files (x86)\TradeWestForex Software\Momentics\MetaTrader Files\terminal.exe No File FirewallRules: [{9828AED0-109C-4550-8030-8EFC12C71FE0}] => (Allow) C:\Program Files (x86)\TradeWestForex Software\Momentics\MomenticsInstallHelper.exe No File FirewallRules: [TCP Query User{2CA55E41-4178-4D34-8B2A-4A817E8518DB}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe No File FirewallRules: [UDP Query User{63E8645A-58B0-4551-A7D0-6576974F2E47}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe No File FirewallRules: [TCP Query User{65D06798-C5A8-4887-A82C-0CD4EF2C6AFA}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe No File FirewallRules: [UDP Query User{E9C31E09-1FBB-4642-A287-3742D9CB1622}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe No File FirewallRules: [TCP Query User{8A6EFF58-B9BB-4C5E-82C6-ACDE86444063}C:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe] => (Allow) C:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe No File FirewallRules: [UDP Query User{A14D9E71-76F1-4154-900E-952E97FC7731}C:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe] => (Allow) C:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe No File FirewallRules: [TCP Query User{6FA59574-6029-4EA8-9701-B34ACC372358}C:\program files\xtremetuner plus\xtremetuner plus.exe] => (Allow) C:\program files\xtremetuner plus\xtremetuner plus.exe No File FirewallRules: [UDP Query User{24C0DF42-C6A1-46CA-BE17-37A7453B04BD}C:\program files\xtremetuner plus\xtremetuner plus.exe] => (Allow) C:\program files\xtremetuner plus\xtremetuner plus.exe No File FirewallRules: [{8874D103-543E-4B8E-BB4F-1D52A9E402B1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstview.exe No File FirewallRules: [{EE703341-CD92-4317-909C-78D5B5EF85D5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstview.exe No File FirewallRules: [{CDAC2D78-B71B-43EE-8C2D-46F802C96CC1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstview.exe No File FirewallRules: [{226081DC-86E7-4A5C-AEBC-89E61E01AF9A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstview.exe No File FirewallRules: [{B36681FB-694D-494B-8F89-4F56E23D01FE}] => (Allow) C:\Program Files\MetaTrader\metatester64.exe No File FirewallRules: [TCP Query User{5A3756C9-2FE5-458F-8D05-5C7098B503D4}C:\program files (x86)\ninjatrader 7\bin\ninjatrader.exe] => (Allow) C:\program files (x86)\ninjatrader 7\bin\ninjatrader.exe No File FirewallRules: [UDP Query User{4BC6547C-6707-4519-AC9E-12C62D678F1A}C:\program files (x86)\ninjatrader 7\bin\ninjatrader.exe] => (Allow) C:\program files (x86)\ninjatrader 7\bin\ninjatrader.exe No File FirewallRules: [{90B83B53-5555-4F64-8950-26EA3F4EBCFA}] => (Allow) C:\Users\Walt\AppData\Local\Temp\7zS73EF\HPDiagnosticCoreUI.exe No File FirewallRules: [{FADA52D3-389D-40E4-819D-98589DB94569}] => (Allow) C:\Users\Walt\AppData\Local\Temp\7zS73EF\HPDiagnosticCoreUI.exe No File FirewallRules: [{88EFDEBF-EF4D-4FC7-9BF8-B8358304CFBE}] => (Allow) C:\Users\Walt\AppData\Local\Temp\7zS03D1\HPDiagnosticCoreUI.exe No File FirewallRules: [{9D178680-532B-4912-9960-4A9B1A6C27CD}] => (Allow) C:\Users\Walt\AppData\Local\Temp\7zS03D1\HPDiagnosticCoreUI.exe No File FirewallRules: [{0EE591B7-EC4E-4DD0-850D-F81DCE6B6C1E}] => (Allow) C:\Program Files (x86)\4XMMTradeClient\4XMMTradeClient.exe No File FirewallRules: [{C5FE9F23-139F-4B67-BF65-DF0A77489307}] => (Allow) C:\Program Files (x86)\4XMMTradeClient\4XMMTradeClient.exe No File FirewallRules: [{F38D58B0-7C3F-4C32-9877-E0C826ED791A}] => (Allow) C:\Program Files (x86)\4XMMTradeClient\4XMMTradeClient.exe No File FirewallRules: [{94B8C6B9-1EC9-4DBB-B103-CBB22AA324E8}] => (Allow) C:\Program Files (x86)\4XMMTradeClient\4XMMTradeClient.exe No File FirewallRules: [TCP Query User{D358FC22-CB2C-4A06-B18E-49C899241723}C:\program files (x86)\radiocomm\radiocomm v11.12.2\radiocomm.exe] => (Allow) C:\program files (x86)\radiocomm\radiocomm v11.12.2\radiocomm.exe No File FirewallRules: [UDP Query User{C06297B2-E519-448C-8C85-B238691B99F0}C:\program files (x86)\radiocomm\radiocomm v11.12.2\radiocomm.exe] => (Allow) C:\program files (x86)\radiocomm\radiocomm v11.12.2\radiocomm.exe No File FirewallRules: [{1696F8C3-0A4D-4736-A5A1-A86B349F7663}] => (Allow) C:\Users\Walt\AppData\Roaming\Dropbox\bin\Dropbox.exe No File FirewallRules: [{A56238CB-35A2-406C-B71B-31A94CCA19FE}] => (Allow) C:\Users\Walt\AppData\Roaming\Dropbox\bin\Dropbox.exe No File FirewallRules: [TCP Query User{ADD44564-47FD-4565-A42C-3AD028829225}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe No File FirewallRules: [UDP Query User{002EC6CA-C8E9-4E91-93F8-A0B11DDAEB6C}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe No File FirewallRules: [TCP Query User{F5243AA1-AACA-4C7F-A0B5-9C4ACCCCFEF4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe No File FirewallRules: [UDP Query User{E6C6B5CC-7C05-490F-BCB9-AD3849786E2B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe No File FirewallRules: [{9B6AD2D2-48C6-4439-8000-2CB145ED435C}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe No File FirewallRules: [{E56CF996-4A45-4C6E-8B19-865DD4BE1051}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe No File FirewallRules: [{4986F5CF-D4B1-4F18-8FFD-6BA6EEEEB061}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe No File FirewallRules: [{D7D16C9A-680E-47A1-8BF7-63701DB5B2A2}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe No File FirewallRules: [TCP Query User{48880BCB-23D3-4A05-B326-0155D30D3246}C:\program files (x86)\cqg\qtrader\bin\cqg.exe] => (Allow) C:\program files (x86)\cqg\qtrader\bin\cqg.exe No File FirewallRules: [UDP Query User{6C22EDD5-2B6F-4D70-83A7-A7D6BB62EEE5}C:\program files (x86)\cqg\qtrader\bin\cqg.exe] => (Allow) C:\program files (x86)\cqg\qtrader\bin\cqg.exe No File FirewallRules: [TCP Query User{3D5B7113-36E5-47AC-8D63-6C9CAC3A5068}C:\program files (x86)\cqg\qtrader\bin\cqgnetscore.exe] => (Allow) C:\program files (x86)\cqg\qtrader\bin\cqgnetscore.exe No File FirewallRules: [UDP Query User{12FB0F34-87EE-48B6-87A7-D42204B5F523}C:\program files (x86)\cqg\qtrader\bin\cqgnetscore.exe] => (Allow) C:\program files (x86)\cqg\qtrader\bin\cqgnetscore.exe No File FirewallRules: [{E8130CE5-4960-4647-8EF9-EE09ECE00161}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File FirewallRules: [{46CBA922-616E-4E39-A11A-8652AB966549}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File FirewallRules: [{B2A6C7DE-EFE8-41B4-80DB-BF5E4E6D6FB2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVRPerformanceTest\bin\win64\vr.exe No File FirewallRules: [{5DDF6240-F816-4B2F-AB34-2429BD1B5872}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVRPerformanceTest\bin\win64\vr.exe No File FirewallRules: [TCP Query User{4B31FE70-2DB0-448E-BF33-BFF7C228D458}K:\downloads\app-find-vstarcam\app-find-vstarcam.exe] => (Allow) K:\downloads\app-find-vstarcam\app-find-vstarcam.exe No File FirewallRules: [UDP Query User{E590D69F-D973-4035-9B7D-21C0BB6C7758}K:\downloads\app-find-vstarcam\app-find-vstarcam.exe] => (Allow) K:\downloads\app-find-vstarcam\app-find-vstarcam.exe No File FirewallRules: [TCP Query User{E64C802E-0B3F-4BA9-A8A3-F59FAB485154}K:\downloads\app-pnp-upgrade-vstarcam\app-pnp-upgrade-vstarcam.exe] => (Allow) K:\downloads\app-pnp-upgrade-vstarcam\app-pnp-upgrade-vstarcam.exe No File FirewallRules: [UDP Query User{8E4D86AB-6A7C-491D-AD46-348B0794DB44}K:\downloads\app-pnp-upgrade-vstarcam\app-pnp-upgrade-vstarcam.exe] => (Allow) K:\downloads\app-pnp-upgrade-vstarcam\app-pnp-upgrade-vstarcam.exe No File FirewallRules: [{83711972-FD04-4047-9EE6-4D084DC75A4E}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe No File FirewallRules: [{87D1DC28-5669-48DB-8852-8CD6C4E4478F}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe No File FirewallRules: [TCP Query User{A9390BC9-9930-42D0-809B-3A39321E50B3}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe No File FirewallRules: [UDP Query User{7C12598C-D3EF-4885-80A1-1B1801C52AA5}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe No File EmptyTemp: NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Now run FRST again. When the tool opens click Yes to disclaimer. Press the Fix button just once and wait. The tool will make a log (Fixlog.txt) please post it to your reply.

While I look those logs over, can you look at your Windows Defender logs and provide me a little more detail about exactly what its detecting?

Attaching the logs worked fine. I'm looking them over now.

Hello and welcome. Please follow these guidelines while we work on your PC: Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I have given you the ìAll clear.î Absence of symptoms does not mean your machine is clean! Please do not run any scans or install/uninstall any applications without being directed to do so. Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed. Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Sounds like you've done a good job to this point, but I'll have a look to be sure. Please do this: Download AdwCleaner and move it to your Desktop. Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users). Accept the EULA (I accept), then click on Scan. Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. Once the cleaning process is complete, AdwCleaner will ask to restart your computer, please do so. After the restart, a log will open when logging in. Please copy and paste the contents of that log into your next reply. Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Please include the following in your next post: adwCleaner log FRST logs

If all of your issues are resolved, then I just have some housekeeping for you: Uninstall FRST Right click on the FRST icon and select Rename Change the name to Uninstall After renaming it, right click and select Run as Administrator Uninstall any other tools or logs from our work that you don't need. Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!

Thanks, I understand now. Please make sure your copy of Malwarebytes is up to date and run a Threat Scan for me. Post the log when it's done, please.