Jump to content

Recommended Posts

Hi.

I have high ram usage at times, I mean 70-90% and I think it's connected to malware and Malwarebytes can't pick it up, but when my windows has been up and running for few hours, it shows 2 malware threats are detected, but even if I quarantine them and delete them, nothing works, they just keep coming back.

I have also tried to use ADW cleaner multiple times without any luck too since it's all come back a few minutes after windows has loaded. 

One thing to note is that Chrome is only using 4-5 GB of ram which is okay, but the task manager shows over 70% even at sometimes 90% so there might be something running in the background which is hidden. I really hope we can fix this since this really destroys my  PC experience and I can't wait to get down to bussines.

Thank you.

FRST.txt

Addition.txt

Edited by Kaizoku-Otaku

Share this post


Link to post
Share on other sites

These are the malware that keeps coming back, the two mentioned below.

 

Please help! :(

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/18/18
Scan Time: 1:55 PM
Log File: 89120cc6-8a81-11e8-9c26-5cf37075915a.json
Administrator: Yes

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.391
Update Package Version: 1.0.5955
License: Premium

-System Information-
OS: Windows 10 (Build 17134.167)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 356446
Threats Detected: 2
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 12 min, 22 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 2
Adware.NetAdapter.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{2B4FC790-17EB-4D10-8018-68ACE073E935}, No Action By User, [7621], [477452],1.0.5955
Adware.NetAdapter.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{5922528D-246E-433C-ADF4-C52D531FE6F9}, No Action By User, [7621], [477452],1.0.5955

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Share this post


Link to post
Share on other sites

Hello @Kaizoku-Otaku and :welcome:

Let's start out with some general cleaning. Then go from there.

I would highly suggest that you uninstall the Wise Care 365 program. Windows 10 can already take care of all the maintenance required for the computer. There is no need in general to use 3rd party tools which often create their own issues.

Do I need a Windows Registry Cleaner?


Uninstall ALL versions of Java. Older versions are often compromised.

I would also recommend you stop using P2P software. Not only is it illegal to share 95% of data shared it's also a good way to get your computer infected.

qBittorrent

 

Then run the following please.

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Thanks

Ron

 

 

Share this post


Link to post
Share on other sites

Okay, I went ahead and did it. Unfortunately, after rebooting I ran the ADW upon curiosity and all of the Pup.Optional and Trojan.Agent are still there.

 

Fixlog.txt

Edited by Kaizoku-Otaku

Share this post


Link to post
Share on other sites

Yes, we're just getting started on trying to clean up.

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

  • If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes 3 installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know on your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Copy its content into your next reply.

 

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Ron

 

Share this post


Link to post
Share on other sites

Okay, I did exactly as you asked, and ran all tree software.

ADW detected 18 threats Pup.optional.Legacy and Trojan. Agent, there were a total of 18 threats with Pup having a lot more. However. I was never greeted by a log of the aftermath. Also, the threats are now back again, even after cleaning.

FRST.txt

Addition.txt

Malwarebyte log.txt

Share this post


Link to post
Share on other sites

I didn't get any ADW log upon rebooting into Windows. However, I was able to find what seems to be like the latest log for ADW.

Hope this helps.

# -------------------------------
# Malwarebytes AdwCleaner 7.2.2.0
# -------------------------------
# Build:    07-17-2018
# Database: 2018-07-19.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    07-19-2018
# Duration: 00:00:14
# OS:       Windows 10 Pro
# Scanned:  41772
# Detected: 18


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy             HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{FA453310-0EAB-4813-AB8E-1FD99F0B5178}
PUP.Optional.Legacy             HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{A272C53B-646A-4963-A3C6-5C3F673C8FB3}
PUP.Optional.Legacy             HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{B2733577-4BE1-416A-B45C-A6EA6883141A}
PUP.Optional.Legacy             HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{5F7DBB24-08B3-4E49-B66A-83267F853B3D}
PUP.Optional.Legacy             HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{7248CEA9-FAD2-4F12-A8D6-FE08B5F4F53D}
PUP.Optional.Legacy             HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{F43C568C-7CF7-4028-803B-DAB2EBD1DE7F}
PUP.Optional.Legacy             HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{57946D8C-F1C2-46E9-9CCC-BC0A133EEB08}
PUP.Optional.Legacy             HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{2D3EA268-9354-4E5B-906D-15E38393E585}
PUP.Optional.Legacy             HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{C3BC7A33-C0CE-4F5A-8D76-C438AC0801D5}
PUP.Optional.Legacy             HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{9D636984-C4E3-4552-B930-B3606B4482AD}
PUP.Optional.Legacy             HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{653BB576-9DCF-4E86-842B-2415B8D8F5B2}
PUP.Optional.Legacy             HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{73666311-19F2-458E-8B75-B817AA0692D6}
Trojan.Agent                    HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{0243B610-AAAC-45D0-AF78-0C7B19C7688D}
Trojan.Agent                    HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{19767D2A-33CD-4EEA-8C19-1DEBE3754CF1}
Trojan.Agent                    HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{9FC98393-15FA-48DE-A162-9BBF79163433}
Trojan.Agent                    HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{82A84825-8739-413F-9A83-86213319C038}
Trojan.Agent                    HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{3A490250-5D5E-4C43-BBAA-1295190AC45C}
Trojan.Agent                    HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{BB32C489-5D97-41C4-A551-9A7EDFA3AB38}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.


AdwCleaner[S00].txt - [4431 octets] - [28/06/2018 16:22:08]
AdwCleaner[C00].txt - [4159 octets] - [28/06/2018 16:22:39]
AdwCleaner[S01].txt - [1375 octets] - [28/06/2018 16:25:12]
AdwCleaner[C01].txt - [1541 octets] - [28/06/2018 16:25:24]
AdwCleaner[S02].txt - [1485 octets] - [28/06/2018 16:27:34]
AdwCleaner[S03].txt - [1546 octets] - [28/06/2018 16:28:03]
AdwCleaner[S04].txt - [4522 octets] - [28/06/2018 16:39:04]
AdwCleaner[S05].txt - [4583 octets] - [28/06/2018 16:58:16]
AdwCleaner[S06].txt - [2775 octets] - [30/06/2018 16:38:36]
AdwCleaner[S07].txt - [4805 octets] - [04/07/2018 16:06:51]
AdwCleaner[C07].txt - [4647 octets] - [04/07/2018 16:07:14]
AdwCleaner[S08].txt - [1912 octets] - [04/07/2018 16:08:06]
AdwCleaner[S09].txt - [1973 octets] - [04/07/2018 16:26:08]
AdwCleaner[S10].txt - [4949 octets] - [04/07/2018 16:36:27]
AdwCleaner[S11].txt - [5010 octets] - [07/07/2018 12:44:18]
AdwCleaner[S12].txt - [5071 octets] - [07/07/2018 12:46:19]
AdwCleaner[S13].txt - [4148 octets] - [07/07/2018 13:06:52]
AdwCleaner[C13].txt - [4116 octets] - [07/07/2018 13:07:12]
AdwCleaner[S14].txt - [2629 octets] - [07/07/2018 13:10:20]
AdwCleaner[C14].txt - [2777 octets] - [07/07/2018 13:10:28]
AdwCleaner[S15].txt - [2461 octets] - [07/07/2018 13:13:28]
AdwCleaner[S16].txt - [5437 octets] - [07/07/2018 13:38:19]
AdwCleaner[S17].txt - [5498 octets] - [07/07/2018 14:35:04]
AdwCleaner[S18].txt - [5598 octets] - [07/07/2018 14:38:31]
AdwCleaner[S19].txt - [5659 octets] - [07/07/2018 15:44:04]
AdwCleaner[C19].txt - [5481 octets] - [07/07/2018 15:49:43]
AdwCleaner[S20].txt - [5125 octets] - [07/07/2018 15:53:41]
AdwCleaner[S21].txt - [5678 octets] - [07/07/2018 15:57:33]
AdwCleaner[C21].txt - [5518 octets] - [07/07/2018 15:57:46]
AdwCleaner[S22].txt - [3010 octets] - [07/07/2018 16:01:02]
AdwCleaner[S23].txt - [5658 octets] - [07/07/2018 16:03:12]
AdwCleaner[S24].txt - [5719 octets] - [07/07/2018 16:03:40]
AdwCleaner[S25].txt - [6108 octets] - [07/07/2018 17:16:32]
AdwCleaner[S26].txt - [6169 octets] - [10/07/2018 14:00:17]
AdwCleaner[S27].txt - [6330 octets] - [11/07/2018 20:55:29]
AdwCleaner[S28].txt - [6391 octets] - [12/07/2018 14:00:49]
AdwCleaner[C28].txt - [6233 octets] - [12/07/2018 14:00:57]
AdwCleaner[S29].txt - [3498 octets] - [12/07/2018 14:04:22]
AdwCleaner[S30].txt - [3849 octets] - [12/07/2018 14:04:52]
AdwCleaner[S31].txt - [5879 octets] - [12/07/2018 14:05:18]
AdwCleaner[S32].txt - [6596 octets] - [13/07/2018 10:34:07]
AdwCleaner[S33].txt - [6657 octets] - [14/07/2018 05:15:44]
AdwCleaner[S34].txt - [4749 octets] - [14/07/2018 13:20:25]
AdwCleaner[S35].txt - [6779 octets] - [17/07/2018 15:08:17]
AdwCleaner[S36].txt - [3925 octets] - [17/07/2018 16:12:46]
AdwCleaner[S37].txt - [3986 octets] - [17/07/2018 16:19:28]
AdwCleaner[S38].txt - [4047 octets] - [17/07/2018 16:20:08]
AdwCleaner[C38].txt - [4233 octets] - [17/07/2018 16:20:11]
AdwCleaner[S39].txt - [7084 octets] - [17/07/2018 16:45:11]
AdwCleaner[S40].txt - [7145 octets] - [17/07/2018 20:25:00]
AdwCleaner[S41].txt - [7206 octets] - [19/07/2018 14:21:38]
AdwCleaner[S42].txt - [7267 octets] - [19/07/2018 17:34:04]
AdwCleaner[S43].txt - [7328 octets] - [19/07/2018 21:41:54]
AdwCleaner[C43].txt - [7188 octets] - [19/07/2018 21:42:04]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S44].txt ##########
 

Edited by Kaizoku-Otaku

Share this post


Link to post
Share on other sites

That is the Scan log not the Clean log

# Mode: Scan


Do you have the Clean log? Please uninstall AdwCleaner (it will remove itself and all it's old logs too) Then download and install the latest version and run a new scan please and ATTACH that new CLEAN log.

Thanks

 

Share this post


Link to post
Share on other sites

Sorry about the misunderstanding, I was able to find the latest clean log from within ADW Cleaner. 

 

# -------------------------------
# Malwarebytes AdwCleaner 7.2.2.0
# -------------------------------
# Build:    07-17-2018
# Database: 2018-07-19.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    07-19-2018
# Duration: 00:00:05
# OS:       Windows 10 Pro
# Cleaned:  18
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{791321D2-9B5B-4156-8ACC-FA33F1FBAC22}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{1428793A-2CFB-4C2D-A0AA-9C7FFE9A9221}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{2138DB37-4E55-4E85-8453-200C7CABEC14}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{998BACAB-5664-456B-8157-55B6416924A3}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{88FF640B-4D6C-46A9-9BCD-0EBE29D5A3F5}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{3CAFEB6B-1556-41B9-98B2-CBD8B8E6F013}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{C8B89D50-80EA-4D98-8241-A29782D94609}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{BFA2C100-23A9-40B1-B4C0-BA79A95769A6}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{06AE709C-778D-43D6-AA60-C52019C16C87}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{F610F940-5D92-4A92-929F-BC7AB0FFFA62}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{79DE5C3E-A8BA-47B5-AE82-6D4D2F595306}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{2B7A5B49-D5E4-4C2E-8801-19BD43CD7C6D}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{60F254AC-E6E4-41E7-B6E2-25DCB5D88D65}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{8B779F9D-4DE4-4146-A504-71594C99F7C5}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{DB988A8A-BCAD-4825-A527-969E99693210}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{857C4A40-DB50-4D1A-908D-20B0D06E390B}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{B3301F29-1487-4128-9546-167C2CC9DCED}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{F3277295-888F-4F86-B93D-6003967874EF}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [4431 octets] - [28/06/2018 16:22:08]
AdwCleaner[C00].txt - [4159 octets] - [28/06/2018 16:22:39]
AdwCleaner[S01].txt - [1375 octets] - [28/06/2018 16:25:12]
AdwCleaner[C01].txt - [1541 octets] - [28/06/2018 16:25:24]
AdwCleaner[S02].txt - [1485 octets] - [28/06/2018 16:27:34]
AdwCleaner[S03].txt - [1546 octets] - [28/06/2018 16:28:03]
AdwCleaner[S04].txt - [4522 octets] - [28/06/2018 16:39:04]
AdwCleaner[S05].txt - [4583 octets] - [28/06/2018 16:58:16]
AdwCleaner[S06].txt - [2775 octets] - [30/06/2018 16:38:36]
AdwCleaner[S07].txt - [4805 octets] - [04/07/2018 16:06:51]
AdwCleaner[C07].txt - [4647 octets] - [04/07/2018 16:07:14]
AdwCleaner[S08].txt - [1912 octets] - [04/07/2018 16:08:06]
AdwCleaner[S09].txt - [1973 octets] - [04/07/2018 16:26:08]
AdwCleaner[S10].txt - [4949 octets] - [04/07/2018 16:36:27]
AdwCleaner[S11].txt - [5010 octets] - [07/07/2018 12:44:18]
AdwCleaner[S12].txt - [5071 octets] - [07/07/2018 12:46:19]
AdwCleaner[S13].txt - [4148 octets] - [07/07/2018 13:06:52]
AdwCleaner[C13].txt - [4116 octets] - [07/07/2018 13:07:12]
AdwCleaner[S14].txt - [2629 octets] - [07/07/2018 13:10:20]
AdwCleaner[C14].txt - [2777 octets] - [07/07/2018 13:10:28]
AdwCleaner[S15].txt - [2461 octets] - [07/07/2018 13:13:28]
AdwCleaner[S16].txt - [5437 octets] - [07/07/2018 13:38:19]
AdwCleaner[S17].txt - [5498 octets] - [07/07/2018 14:35:04]
AdwCleaner[S18].txt - [5598 octets] - [07/07/2018 14:38:31]
AdwCleaner[S19].txt - [5659 octets] - [07/07/2018 15:44:04]
AdwCleaner[C19].txt - [5481 octets] - [07/07/2018 15:49:43]
AdwCleaner[S20].txt - [5125 octets] - [07/07/2018 15:53:41]
AdwCleaner[S21].txt - [5678 octets] - [07/07/2018 15:57:33]
AdwCleaner[C21].txt - [5518 octets] - [07/07/2018 15:57:46]
AdwCleaner[S22].txt - [3010 octets] - [07/07/2018 16:01:02]
AdwCleaner[S23].txt - [5658 octets] - [07/07/2018 16:03:12]
AdwCleaner[S24].txt - [5719 octets] - [07/07/2018 16:03:40]
AdwCleaner[S25].txt - [6108 octets] - [07/07/2018 17:16:32]
AdwCleaner[S26].txt - [6169 octets] - [10/07/2018 14:00:17]
AdwCleaner[S27].txt - [6330 octets] - [11/07/2018 20:55:29]
AdwCleaner[S28].txt - [6391 octets] - [12/07/2018 14:00:49]
AdwCleaner[C28].txt - [6233 octets] - [12/07/2018 14:00:57]
AdwCleaner[S29].txt - [3498 octets] - [12/07/2018 14:04:22]
AdwCleaner[S30].txt - [3849 octets] - [12/07/2018 14:04:52]
AdwCleaner[S31].txt - [5879 octets] - [12/07/2018 14:05:18]
AdwCleaner[S32].txt - [6596 octets] - [13/07/2018 10:34:07]
AdwCleaner[S33].txt - [6657 octets] - [14/07/2018 05:15:44]
AdwCleaner[S34].txt - [4749 octets] - [14/07/2018 13:20:25]
AdwCleaner[S35].txt - [6779 octets] - [17/07/2018 15:08:17]
AdwCleaner[S36].txt - [3925 octets] - [17/07/2018 16:12:46]
AdwCleaner[S37].txt - [3986 octets] - [17/07/2018 16:19:28]
AdwCleaner[S38].txt - [4047 octets] - [17/07/2018 16:20:08]
AdwCleaner[C38].txt - [4233 octets] - [17/07/2018 16:20:11]
AdwCleaner[S39].txt - [7084 octets] - [17/07/2018 16:45:11]
AdwCleaner[S40].txt - [7145 octets] - [17/07/2018 20:25:00]
AdwCleaner[S41].txt - [7206 octets] - [19/07/2018 14:21:38]
AdwCleaner[S42].txt - [7267 octets] - [19/07/2018 17:34:04]
AdwCleaner[S43].txt - [7328 octets] - [19/07/2018 21:41:54]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C43].txt ##########
 

Share this post


Link to post
Share on other sites

 

Are you writing Java code yourself?

You have some old Java coding software installed as well as run-times. Unless you're having a support issue for Java please uninstall ALL versions of Java.

Java 7 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417040FF}) (Version: 7.0.400 - Oracle)
Java 7 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.400 - Oracle)
Java 8 Update 171 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Java SE Development Kit 7 Update 40 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170400}) (Version: 1.7.0.400 - Oracle)
Java SE Development Kit 7 Update 40 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170400}) (Version: 1.7.0.400 - Oracle)
JavaFX Scene Builder 2.0 (HKLM-x32\...\{B4665EB1-1F7A-44F5-AD07-C20A938E8BC2}) (Version: 2.0 - Oracle)

I still see these installed and recommend removal.

Wise Driver Care 2.3
Wise System Monitor

The following software should also be uninstalled as it serves no purpose except for advertising and tracking

FileHippo App Manager


qBittorrent 4.1.1  is P2P software and for the most part is used to steal software (it has some legal use but very little) which though people are rarely ever caught, software, music, video, etc. theft is illegal and does carry potential for fines and jail time. Increases the risk of infection greatly too.   Highly advise at least reconsider removal.


This software is a very last resort. If you have to resort to using it and you have a valid license for Widnows then personally I'd recommend formatting the drive and reinstalling Windows. If you have no license or other means to reinstall Windows and you've tried all other fixes then at that point maybe try it. Based on the fact you have it installed I'd have to believe you've run it for one reason or another. If it were MY Computer I'd ensure my data was backed up and format and reinstall Windows. But that's me and I just don't like running a broken operating system.
Tweaking.com - Windows Repair

Please let me know what you'd like to do and we'll continue from there

Thanks

Ron

 

 

 

Share this post


Link to post
Share on other sites

Of course, I am fully aware that reinstalling Windows is the very best solution, but it's also the most troublesome since I would have to set up everything up again from scratch, which wants to avoid if at all possible since I don't have the time to set up everything back up again. As for Qbittorent, I am sure it's not the cause for the problem, and I really need it so I don't want to uninstall if possible.

I didn't catch quite catch what you meant when you were referring to Windows Repair tool, should I use it or uninstall it?

PS: I removed everything you listed above, apart from Qbitorrent.

 

Edited by Kaizoku-Otaku

Share this post


Link to post
Share on other sites

I'm saying that I would not recommend using the Windows Repair Tool and would uninstall it. If something is wrong with Windows, dig in and try to fix it not blast it with dozens of tweaks with a shotgun approach.

Did not say that torrent software is the cause of issues. Just saying morally using it to steal software is wrong, but up to you, it's your computer.

Please restart the computer one more time then run all the same scans again. At this point hopefully AdwCleaner and Malwarebytes should come back clean now.

 

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

  • If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes 3 installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know on your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Copy its content into your next reply.

 

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Ron

 

Share this post


Link to post
Share on other sites

wow, I am so sorry, I forgot it again...

# -------------------------------
# Malwarebytes AdwCleaner 7.2.2.0
# -------------------------------
# Build:    07-17-2018
# Database: 2018-07-19.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    07-19-2018
# Duration: 00:00:04
# OS:       Windows 10 Pro
# Cleaned:  18
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{FA453310-0EAB-4813-AB8E-1FD99F0B5178}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{A272C53B-646A-4963-A3C6-5C3F673C8FB3}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{B2733577-4BE1-416A-B45C-A6EA6883141A}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{5F7DBB24-08B3-4E49-B66A-83267F853B3D}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{7248CEA9-FAD2-4F12-A8D6-FE08B5F4F53D}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{F43C568C-7CF7-4028-803B-DAB2EBD1DE7F}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{57946D8C-F1C2-46E9-9CCC-BC0A133EEB08}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{2D3EA268-9354-4E5B-906D-15E38393E585}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{C3BC7A33-C0CE-4F5A-8D76-C438AC0801D5}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{9D636984-C4E3-4552-B930-B3606B4482AD}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{653BB576-9DCF-4E86-842B-2415B8D8F5B2}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{73666311-19F2-458E-8B75-B817AA0692D6}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{0243B610-AAAC-45D0-AF78-0C7B19C7688D}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{19767D2A-33CD-4EEA-8C19-1DEBE3754CF1}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{9FC98393-15FA-48DE-A162-9BBF79163433}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{82A84825-8739-413F-9A83-86213319C038}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{3A490250-5D5E-4C43-BBAA-1295190AC45C}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{BB32C489-5D97-41C4-A551-9A7EDFA3AB38}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [4431 octets] - [28/06/2018 16:22:08]
AdwCleaner[C00].txt - [4159 octets] - [28/06/2018 16:22:39]
AdwCleaner[S01].txt - [1375 octets] - [28/06/2018 16:25:12]
AdwCleaner[C01].txt - [1541 octets] - [28/06/2018 16:25:24]
AdwCleaner[S02].txt - [1485 octets] - [28/06/2018 16:27:34]
AdwCleaner[S03].txt - [1546 octets] - [28/06/2018 16:28:03]
AdwCleaner[S04].txt - [4522 octets] - [28/06/2018 16:39:04]
AdwCleaner[S05].txt - [4583 octets] - [28/06/2018 16:58:16]
AdwCleaner[S06].txt - [2775 octets] - [30/06/2018 16:38:36]
AdwCleaner[S07].txt - [4805 octets] - [04/07/2018 16:06:51]
AdwCleaner[C07].txt - [4647 octets] - [04/07/2018 16:07:14]
AdwCleaner[S08].txt - [1912 octets] - [04/07/2018 16:08:06]
AdwCleaner[S09].txt - [1973 octets] - [04/07/2018 16:26:08]
AdwCleaner[S10].txt - [4949 octets] - [04/07/2018 16:36:27]
AdwCleaner[S11].txt - [5010 octets] - [07/07/2018 12:44:18]
AdwCleaner[S12].txt - [5071 octets] - [07/07/2018 12:46:19]
AdwCleaner[S13].txt - [4148 octets] - [07/07/2018 13:06:52]
AdwCleaner[C13].txt - [4116 octets] - [07/07/2018 13:07:12]
AdwCleaner[S14].txt - [2629 octets] - [07/07/2018 13:10:20]
AdwCleaner[C14].txt - [2777 octets] - [07/07/2018 13:10:28]
AdwCleaner[S15].txt - [2461 octets] - [07/07/2018 13:13:28]
AdwCleaner[S16].txt - [5437 octets] - [07/07/2018 13:38:19]
AdwCleaner[S17].txt - [5498 octets] - [07/07/2018 14:35:04]
AdwCleaner[S18].txt - [5598 octets] - [07/07/2018 14:38:31]
AdwCleaner[S19].txt - [5659 octets] - [07/07/2018 15:44:04]
AdwCleaner[C19].txt - [5481 octets] - [07/07/2018 15:49:43]
AdwCleaner[S20].txt - [5125 octets] - [07/07/2018 15:53:41]
AdwCleaner[S21].txt - [5678 octets] - [07/07/2018 15:57:33]
AdwCleaner[C21].txt - [5518 octets] - [07/07/2018 15:57:46]
AdwCleaner[S22].txt - [3010 octets] - [07/07/2018 16:01:02]
AdwCleaner[S23].txt - [5658 octets] - [07/07/2018 16:03:12]
AdwCleaner[S24].txt - [5719 octets] - [07/07/2018 16:03:40]
AdwCleaner[S25].txt - [6108 octets] - [07/07/2018 17:16:32]
AdwCleaner[S26].txt - [6169 octets] - [10/07/2018 14:00:17]
AdwCleaner[S27].txt - [6330 octets] - [11/07/2018 20:55:29]
AdwCleaner[S28].txt - [6391 octets] - [12/07/2018 14:00:49]
AdwCleaner[C28].txt - [6233 octets] - [12/07/2018 14:00:57]
AdwCleaner[S29].txt - [3498 octets] - [12/07/2018 14:04:22]
AdwCleaner[S30].txt - [3849 octets] - [12/07/2018 14:04:52]
AdwCleaner[S31].txt - [5879 octets] - [12/07/2018 14:05:18]
AdwCleaner[S32].txt - [6596 octets] - [13/07/2018 10:34:07]
AdwCleaner[S33].txt - [6657 octets] - [14/07/2018 05:15:44]
AdwCleaner[S34].txt - [4749 octets] - [14/07/2018 13:20:25]
AdwCleaner[S35].txt - [6779 octets] - [17/07/2018 15:08:17]
AdwCleaner[S36].txt - [3925 octets] - [17/07/2018 16:12:46]
AdwCleaner[S37].txt - [3986 octets] - [17/07/2018 16:19:28]
AdwCleaner[S38].txt - [4047 octets] - [17/07/2018 16:20:08]
AdwCleaner[C38].txt - [4233 octets] - [17/07/2018 16:20:11]
AdwCleaner[S39].txt - [7084 octets] - [17/07/2018 16:45:11]
AdwCleaner[S40].txt - [7145 octets] - [17/07/2018 20:25:00]
AdwCleaner[S41].txt - [7206 octets] - [19/07/2018 14:21:38]
AdwCleaner[S42].txt - [7267 octets] - [19/07/2018 17:34:04]
AdwCleaner[S43].txt - [7328 octets] - [19/07/2018 21:41:54]
AdwCleaner[C43].txt - [7188 octets] - [19/07/2018 21:42:04]
AdwCleaner[S44].txt - [7450 octets] - [19/07/2018 21:56:47]
AdwCleaner[S45].txt - [7511 octets] - [19/07/2018 22:57:44]
AdwCleaner[S46].txt - [7572 octets] - [19/07/2018 23:18:53]
AdwCleaner[S47].txt - [7633 octets] - [19/07/2018 23:30:12]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C47].txt ##########
 

Share this post


Link to post
Share on other sites

Sorry about the lack of reply, I was sleeping since it was over midnight here.

Anyways, I did the steps you asked without any form of luck, the treats are still there. 

As for this path "c:\program files (x86)\system native\main services\service.exe", I only found the "system native" folder and inside it was empty, I even double chcked if file explorer was hiding hidden files, but still no luck. 

 

# -------------------------------
# Malwarebytes AdwCleaner 7.2.2.0
# -------------------------------
# Build:    07-17-2018
# Database: 2018-07-19.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    07-20-2018
# Duration: 00:00:01
# OS:       Windows 10 Pro
# Cleaned:  18
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{078C70C8-4C07-4BA0-B188-2559803FFCA0}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{9BB27663-E0AF-47E8-9688-D4BAF8BC30EC}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{E867D627-E17F-44D1-8202-4D0C8AA524DF}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{7BAA3ECA-E729-4BE2-94D6-BEC5C90FC40E}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{1604747C-4256-4FDE-9BBE-24CD174BDC67}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{B9148DEC-B0A2-4C08-B3A4-8413ED6FA813}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{FB02EB40-CCB8-4090-A506-459EDFB8A6A3}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{8CE75110-6D33-4AE5-A98D-B8985C22774C}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{16790C14-FE2C-48EE-85D2-1105B3C4B75D}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{EE89BBDD-91FF-4883-9123-5532623667D3}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{1014A245-7281-4DC9-8233-29DF5357F364}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{D95EE72C-C283-4B39-B380-DE762C49E5F5}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{584CC972-5D56-4C76-9118-22B4E9B07DA2}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{DD5E3917-D207-4B71-8A4E-F4C34904F034}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{8725E405-D2BE-4511-B233-365CB7FDE44F}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{362BEB87-B40D-4BC3-9F21-55017A1551CF}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{8ED82A56-454A-472E-96A8-8367FCC73421}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{310C8128-BF75-4058-85CD-3C452934FCA9}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [4431 octets] - [28/06/2018 16:22:08]
AdwCleaner[C00].txt - [4159 octets] - [28/06/2018 16:22:39]
AdwCleaner[S01].txt - [1375 octets] - [28/06/2018 16:25:12]
AdwCleaner[C01].txt - [1541 octets] - [28/06/2018 16:25:24]
AdwCleaner[S02].txt - [1485 octets] - [28/06/2018 16:27:34]
AdwCleaner[S03].txt - [1546 octets] - [28/06/2018 16:28:03]
AdwCleaner[S04].txt - [4522 octets] - [28/06/2018 16:39:04]
AdwCleaner[S05].txt - [4583 octets] - [28/06/2018 16:58:16]
AdwCleaner[S06].txt - [2775 octets] - [30/06/2018 16:38:36]
AdwCleaner[S07].txt - [4805 octets] - [04/07/2018 16:06:51]
AdwCleaner[C07].txt - [4647 octets] - [04/07/2018 16:07:14]
AdwCleaner[S08].txt - [1912 octets] - [04/07/2018 16:08:06]
AdwCleaner[S09].txt - [1973 octets] - [04/07/2018 16:26:08]
AdwCleaner[S10].txt - [4949 octets] - [04/07/2018 16:36:27]
AdwCleaner[S11].txt - [5010 octets] - [07/07/2018 12:44:18]
AdwCleaner[S12].txt - [5071 octets] - [07/07/2018 12:46:19]
AdwCleaner[S13].txt - [4148 octets] - [07/07/2018 13:06:52]
AdwCleaner[C13].txt - [4116 octets] - [07/07/2018 13:07:12]
AdwCleaner[S14].txt - [2629 octets] - [07/07/2018 13:10:20]
AdwCleaner[C14].txt - [2777 octets] - [07/07/2018 13:10:28]
AdwCleaner[S15].txt - [2461 octets] - [07/07/2018 13:13:28]
AdwCleaner[S16].txt - [5437 octets] - [07/07/2018 13:38:19]
AdwCleaner[S17].txt - [5498 octets] - [07/07/2018 14:35:04]
AdwCleaner[S18].txt - [5598 octets] - [07/07/2018 14:38:31]
AdwCleaner[S19].txt - [5659 octets] - [07/07/2018 15:44:04]
AdwCleaner[C19].txt - [5481 octets] - [07/07/2018 15:49:43]
AdwCleaner[S20].txt - [5125 octets] - [07/07/2018 15:53:41]
AdwCleaner[S21].txt - [5678 octets] - [07/07/2018 15:57:33]
AdwCleaner[C21].txt - [5518 octets] - [07/07/2018 15:57:46]
AdwCleaner[S22].txt - [3010 octets] - [07/07/2018 16:01:02]
AdwCleaner[S23].txt - [5658 octets] - [07/07/2018 16:03:12]
AdwCleaner[S24].txt - [5719 octets] - [07/07/2018 16:03:40]
AdwCleaner[S25].txt - [6108 octets] - [07/07/2018 17:16:32]
AdwCleaner[S26].txt - [6169 octets] - [10/07/2018 14:00:17]
AdwCleaner[S27].txt - [6330 octets] - [11/07/2018 20:55:29]
AdwCleaner[S28].txt - [6391 octets] - [12/07/2018 14:00:49]
AdwCleaner[C28].txt - [6233 octets] - [12/07/2018 14:00:57]
AdwCleaner[S29].txt - [3498 octets] - [12/07/2018 14:04:22]
AdwCleaner[S30].txt - [3849 octets] - [12/07/2018 14:04:52]
AdwCleaner[S31].txt - [5879 octets] - [12/07/2018 14:05:18]
AdwCleaner[S32].txt - [6596 octets] - [13/07/2018 10:34:07]
AdwCleaner[S33].txt - [6657 octets] - [14/07/2018 05:15:44]
AdwCleaner[S34].txt - [4749 octets] - [14/07/2018 13:20:25]
AdwCleaner[S35].txt - [6779 octets] - [17/07/2018 15:08:17]
AdwCleaner[S36].txt - [3925 octets] - [17/07/2018 16:12:46]
AdwCleaner[S37].txt - [3986 octets] - [17/07/2018 16:19:28]
AdwCleaner[S38].txt - [4047 octets] - [17/07/2018 16:20:08]
AdwCleaner[C38].txt - [4233 octets] - [17/07/2018 16:20:11]
AdwCleaner[S39].txt - [7084 octets] - [17/07/2018 16:45:11]
AdwCleaner[S40].txt - [7145 octets] - [17/07/2018 20:25:00]
AdwCleaner[S41].txt - [7206 octets] - [19/07/2018 14:21:38]
AdwCleaner[S42].txt - [7267 octets] - [19/07/2018 17:34:04]
AdwCleaner[S43].txt - [7328 octets] - [19/07/2018 21:41:54]
AdwCleaner[C43].txt - [7188 octets] - [19/07/2018 21:42:04]
AdwCleaner[S44].txt - [7450 octets] - [19/07/2018 21:56:47]
AdwCleaner[S45].txt - [7511 octets] - [19/07/2018 22:57:44]
AdwCleaner[S46].txt - [7572 octets] - [19/07/2018 23:18:53]
AdwCleaner[S47].txt - [7633 octets] - [19/07/2018 23:30:12]
AdwCleaner[C47].txt - [7493 octets] - [19/07/2018 23:31:09]
AdwCleaner[S48].txt - [7755 octets] - [19/07/2018 23:44:06]
AdwCleaner[S49].txt - [7816 octets] - [20/07/2018 10:31:11]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C49].txt ##########
 

Share this post


Link to post
Share on other sites

Okay, let me get an updated set of FRST logs please. We'll see if it's running and if so we'll force copy it or try to stop it from loading.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Share this post


Link to post
Share on other sites

Please temporarily disable your antivirus and Malwarebytes

Then download and run the following ESET antivirus scanner

https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner_enu.exe

 

Please enable the following settings

_eset_online_scanner_settngs.jpg

Then click on the Scan button and let it complete the scan. When done please take a screen shot of what's found and post that back.

Ron

 

Share this post


Link to post
Share on other sites

So I ran the software, and it found 3 threats as listed below: 

C:\Program Files (x86)\Magical Jelly Bean\keyfinder.exe    a variant of Win32/MagicalJellyBean.B potentially unsafe application    cleaned by deleting
C:\Windows\System32\drivers\NFC_Driver.sys    a variant of Win64/NetFilter.A potentially unsafe application    cleaned by deleting
D:\My Documents - HDD\My Filehippo Downloads\ccsetup529.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    cleaned by deleting
 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.