Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Slow Computer: Suspected Malware in System [Solved]

Started by rybards , Jun 11 2021 01:36 AM

  • This topic is locked This topic is locked

#16
rybards
Posted 14 June 2021 - 01:26 PM

rybards

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Hi DR M,

Apologies for the dealy in response. I was going to update you, but I got too caught up with work.

Some updates:
- Done with Malwarebytes scan.
- I successfully ran ESET the first time, but I forgot to save the log and continued on. It took me more than 5 hours for that first scan. Now I'm still running it. I started it more than 8 hours ago. If I remember correctly, it scanned around 600K files the first round. It's currently at 300K. I'll keep my laptop on while I'm sleeping. I hope it's done scanning when I wake up.
  • 0

Advertisements

#17
rybards
Posted 14 June 2021 - 01:26 PM

rybards

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Hi DR M,

Apologies for the dealy in response. I was going to update you, but I got too caught up with work.

Some updates:
- Done with Malwarebytes scan.
- I successfully ran ESET the first time, but I forgot to save the log and continued on. It took me more than 5 hours for that first scan. Now I'm still running it. I started it more than 8 hours ago. If I remember correctly, it scanned around 600K files the first round. It's currently at 300K. I'll keep my laptop on while I'm sleeping. I hope it's done scanning when I wake up.
  • 0

#18
DR M
Posted 15 June 2021 - 01:20 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,113 posts

Thanks for letting me know. 

 

I will be waiting for the two reports (Malwarebytes and Eset).


  • 0

#19
rybards
Posted 15 June 2021 - 09:27 AM

rybards

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

Yay, it's done! Thank you for patiently waiting.

 

Malwarebytes

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 6/13/21
Scan Time: 2:43 PM
Log File: aa7a551e-cc12-11eb-988e-fc3fdb440c4a.json
 
-Software Information-
Version: 4.4.0.117
Components Version: 1.0.1318
Update Package Version: 1.0.41655
License: Trial
 
-System Information-
OS: Windows 10 (Build 19041.1052)
CPU: x64
File System: NTFS
User: DESKTOP-NC9HVNJ\Ryan
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 366441
Threats Detected: 86
Threats Quarantined: 86
Time Elapsed: 59 min, 52 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 4
Adware.Norassie, HKU\S-1-5-21-1211838656-3945196859-822910569-1001\SOFTWARE\Norassie, Quarantined, 6734, 361347, 1.0.41655, , ame, , , 
PUP.Optional.InstallCore, HKU\S-1-5-21-1211838656-3945196859-822910569-1001\SOFTWARE\CSASTATS\ic, Quarantined, 516, 586068, 1.0.41655, , ame, , , 
PUP.Optional.InstallCore, HKU\S-1-5-21-1211838656-3945196859-822910569-1001\SOFTWARE\PRODUCTSETUP, Quarantined, 516, 481004, 1.0.41655, , ame, , , 
Adware.Wajam.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarantined, 5156, -1, 0.0.0, , action, , , 
 
Registry Value: 11
PUP.Optional.SearchManager.BITSRST, HKU\S-1-5-21-1211838656-3945196859-822910569-1005\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|pilplloabdedfmialnfchjomjmpjcoej, Quarantined, 283, 626738, , , , , , 
PUP.Optional.SearchManager.BITSRST, HKU\S-1-5-21-1211838656-3945196859-822910569-1005\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Profile 1\extensions.settings|pilplloabdedfmialnfchjomjmpjcoej, Quarantined, 283, 626738, , , , , , 
PUP.Optional.SearchManager.BITSRST, HKU\S-1-5-21-1211838656-3945196859-822910569-1005\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|nahhmpbckpgdidfnmfkfgiflpjijilce, Quarantined, 283, 626739, , , , , , 
PUP.Optional.SearchManager.BITSRST, HKU\S-1-5-21-1211838656-3945196859-822910569-1005\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Profile 1\extensions.settings|nahhmpbckpgdidfnmfkfgiflpjijilce, Quarantined, 283, 626739, , , , , , 
PUP.Optional.InstallCore, HKU\S-1-5-21-1211838656-3945196859-822910569-1001\SOFTWARE\PRODUCTSETUP|TB, Quarantined, 516, 481004, 1.0.41655, , ame, , , 
Adware.Wajam.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, 5156, -1, 0.0.0, , action, , , 
Adware.Wajam.PrxySvrRST, HKU\S-1-5-21-1211838656-3945196859-822910569-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, 5156, -1, 0.0.0, , action, , , 
Adware.Wajam.PrxySvrRST, HKU\S-1-5-21-1211838656-3945196859-822910569-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, 5156, -1, 0.0.0, , action, , , 
Adware.Wajam.PrxySvrRST, HKU\S-1-5-21-1211838656-3945196859-822910569-1005\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, 5156, -1, 0.0.0, , action, , , 
Adware.Wajam.PrxySvrRST, HKU\S-1-5-21-1211838656-3945196859-822910569-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYOVERRIDE, Quarantined, 5156, -1, 0.0.0, , action, , , 
Adware.Wajam.PrxySvrRST, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, 5156, -1, 0.0.0, , action, , , 
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 18
PUP.Optional.Elex, C:\USERS\RYAN\APPDATA\ROAMING\GAMELAUNCHER\SEVILER, Quarantined, 1064, 318133, 1.0.41655, , ame, , , 
PUP.Optional.HPDefender, C:\Users\Ryan\AppData\Roaming\HPReyos\Resources\Icons\Browsers, Quarantined, 1329, 322618, , , , , , 
PUP.Optional.HPDefender, C:\Users\Ryan\AppData\Roaming\HPReyos\Resources\Icons, Quarantined, 1329, 322618, , , , , , 
PUP.Optional.HPDefender, C:\Users\Ryan\AppData\Roaming\HPReyos\Resources, Quarantined, 1329, 322618, , , , , , 
PUP.Optional.HPDefender, C:\USERS\RYAN\APPDATA\ROAMING\HPREYOS, Quarantined, 1329, 322618, 1.0.41655, , ame, , , 
PUP.Optional.ByteFence, C:\PROGRAMDATA\BYTEFENCE, Quarantined, 1087, 388718, 1.0.41655, , ame, , , 
PUP.Optional.SearchManager.BITSRST, C:\USERS\JUNDRIL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Extensions\pilplloabdedfmialnfchjomjmpjcoej, Quarantined, 283, 626738, , , , , , 
PUP.Optional.SearchManager.BITSRST, C:\USERS\JUNDRIL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Quarantined, 283, 626738, 1.0.41655, , ame, , , 
Adware.Social2Search.EncJob, C:\Program Files\61f97e576fd13a57e168dca3722def3d\9a72a52adf54310d97429f346f1c259e, Quarantined, 5158, 408157, , , , , , 
Adware.Social2Search.EncJob, C:\PROGRAM FILES\61f97e576fd13a57e168dca3722def3d, Quarantined, 5158, 408157, 1.0.41655, , ame, , , 
PUP.Optional.SearchManager.BITSRST, C:\USERS\JUNDRIL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce, Quarantined, 283, 626739, , , , , , 
PUP.Optional.SearchManager.BITSRST, C:\USERS\JUNDRIL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\EXTENSIONS\nahhmpbckpgdidfnmfkfgiflpjijilce, Quarantined, 283, 626739, 1.0.41655, , ame, , , 
PUP.Optional.ByteFence, C:\PROGRAM FILES\BYTEFENCE, Quarantined, 1087, 823167, 1.0.41655, , ame, , , 
Adware.Wajam.PrxySvrRST, C:\WINDOWS\SYSTEM32\SSL, Quarantined, 5156, 878871, 1.0.41655, , ame, , , 
PUP.Optional.SearchManager.BITSRST, C:\USERS\JUNDRIL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 283, 628563, , , , , , 
PUP.Optional.SearchManager.BITSRST, C:\USERS\RYAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 283, 628563, , , , , , 
PUP.Optional.SearchManager.BITSRST, C:\USERS\JUNDRIL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 283, 626729, , , , , , 
PUP.Optional.SearchManager.BITSRST, C:\USERS\RYAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 283, 626729, , , , , , 
 
File: 53
PUP.Optional.HPDefender, C:\Users\Ryan\AppData\Roaming\HPReyos\Resources\Icons\Browsers\chrome.ico, Quarantined, 1329, 322618, , , , , ABD1E7A4EC5EB38095B42D2070C27667, 4CD4A25D1C9F3C93E138513E4FDE24AA9F277F0434D3EE19D4DE7CE7463CE5C1
PUP.Optional.HPDefender, C:\Users\Ryan\AppData\Roaming\HPReyos\Resources\Icons\Browsers\firefox.ico, Quarantined, 1329, 322618, , , , , 0FD7091679DC3D9B677C7022992F9F08, F54066F0208804319751EC71B1C47610539928640EDF11EC4CD2F77FB77D4274
PUP.Optional.HPDefender, C:\Users\Ryan\AppData\Roaming\HPReyos\Resources\Icons\Browsers\ie.ico, Quarantined, 1329, 322618, , , , , E5626647A15AC05E3B83979962EEE36D, 764B14608F46B608870AB14FCC9CC61D7153190AFA6F019037E77A00212A97B4
PUP.Optional.HPDefender, C:\Users\Ryan\AppData\Roaming\HPReyos\Resources\Icons\Browsers\opera.ico, Quarantined, 1329, 322618, , , , , 9E6C8E17023E3C1E7D36A4D29F588F15, 8B55F09EA4349F09E03ABEF88D0E68FB3CAF1DE359F4AEAFBED922031C165146
PUP.Optional.HPDefender, C:\Users\Ryan\AppData\Roaming\HPReyos\Resources\Icons\Browsers\yandex.ico, Quarantined, 1329, 322618, , , , , 5A591464D0461ECD841761B2FEFE03F5, CB1B585D197D987E8BBC7C39365C67828ACD3C44A1231616E1177530B0BA8FCB
PUP.Optional.SearchManager.BITSRST, C:\USERS\JUNDRIL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 283, 626738, , , , , C54C59B9BE562DAD14D9A907A2AA4BF7, C9797EB8AF288C4AF77B0C2A320C3FA1D33B892FFF56E0CD17F8DF3DF895F4BD
PUP.Optional.SearchManager.BITSRST, C:\USERS\JUNDRIL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Secure Preferences, Replaced, 283, 626738, , , , , AD0B2A1520BAD2BA1D44118C1B2C4028, 07908CBBFF415FD8330B4A778AE6C6E1F2058424E0529C385039FCDD650422EF
PUP.Optional.SearchManager.BITSRST, C:\USERS\JUNDRIL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 283, 626738, , , , , BA57C81AE62093771673EB0A08FB50B9, D18984B87936FCAB943ED8B6F22A4ACB509138B40B2351B1BEB466B811B481E0
PUP.Optional.SearchManager.BITSRST, C:\USERS\JUNDRIL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Preferences, Replaced, 283, 626738, , , , , F9EAA4B5B8B2DDF987E8D9ADF4008337, ED6ED61F0B971C3A49F8EF690BE9ADCB83D8354304DCC510F7D6318DA8F528C2
Adware.Social2Search.EncJob, C:\PROGRAM FILES\61f97e576fd13a57e168dca3722def3d\9a72a52adf54310d97429f346f1c259e\84f6178f1b3ea0abe4494caba91f149b.ico, Quarantined, 5158, 408157, 1.0.41655, , ame, , 20885CF292A9CFF5D95AA8B74EAF9A61, B71357524D673C9385EBBFCD2253D1F0804B141F0F0D2229118096DBE12803A2
Adware.Social2Search.EncJob, C:\Program Files\61f97e576fd13a57e168dca3722def3d\9a72a52adf54310d97429f346f1c259e\a0c171b3159cdc99c9077456bd3f978c.ico, Quarantined, 5158, 408157, , , , , 215B35A90905F3C17BEF2EBB8466B516, 2930890697A979EEA7E376B1DFCCD11B0C25AEFFF07308676261D754F257327A
Adware.Social2Search.EncJob, C:\Program Files\61f97e576fd13a57e168dca3722def3d\9a72a52adf54310d97429f346f1c259e\f248a72501a21c4b0a4a5e03ae9eb4d6.ico, Quarantined, 5158, 408157, , , , , 9675A43428B30AEF2E8104BB907CB1AE, 84571DFD9066B947815E9E87C5D43D29467DB09206820AACAFEEC3189821ADC6
Adware.Social2Search.EncJob, C:\Program Files\61f97e576fd13a57e168dca3722def3d\a0c171b3159cdc99c9077456bd3f978c.ico, Quarantined, 5158, 408157, , , , , 215B35A90905F3C17BEF2EBB8466B516, 2930890697A979EEA7E376B1DFCCD11B0C25AEFFF07308676261D754F257327A
Adware.Social2Search.EncJob, C:\Program Files\61f97e576fd13a57e168dca3722def3d\a743e55fdd50345d1b6c34325012045f, Quarantined, 5158, 408157, , , , , 960B61602F5A99CC3348544573196397, 55D75572E668C390047662CFBE5A95D692874AA1AA763C26BAC9A6C6AD2858DB
Adware.Social2Search.EncJob, C:\Program Files\61f97e576fd13a57e168dca3722def3d\a950cbe601307b99ba3d443dcd26d329, Quarantined, 5158, 408157, , , , , B2AC30D9E5CA60D6817E7D96D8C24707, F96FB7A977683B6C3FCD855AD452AD32AD95A521A2F01EC130C174E6AAD0ACBB
Adware.Social2Search.EncJob, C:\Program Files\61f97e576fd13a57e168dca3722def3d\d668f2097b0acbd7c7825be7fd93da94__00007FF7515C5C13__C0000005.dmp, Quarantined, 5158, 408157, , , , , F63723E2AF27775BFDFA23E747666285, DD7B813C4AD7CBBFBDEBD9884CED7225E3FC97B713B661FF9FE173EA42B66162
PUP.Optional.SearchManager.BITSRST, C:\USERS\JUNDRIL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 283, 626739, , , , , C54C59B9BE562DAD14D9A907A2AA4BF7, C9797EB8AF288C4AF77B0C2A320C3FA1D33B892FFF56E0CD17F8DF3DF895F4BD
PUP.Optional.SearchManager.BITSRST, C:\USERS\JUNDRIL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Secure Preferences, Replaced, 283, 626739, , , , , AD0B2A1520BAD2BA1D44118C1B2C4028, 07908CBBFF415FD8330B4A778AE6C6E1F2058424E0529C385039FCDD650422EF
PUP.Optional.SearchManager.BITSRST, C:\USERS\JUNDRIL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 283, 626739, , , , , BA57C81AE62093771673EB0A08FB50B9, D18984B87936FCAB943ED8B6F22A4ACB509138B40B2351B1BEB466B811B481E0
PUP.Optional.SearchManager.BITSRST, C:\USERS\JUNDRIL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Preferences, Replaced, 283, 626739, , , , , F9EAA4B5B8B2DDF987E8D9ADF4008337, ED6ED61F0B971C3A49F8EF690BE9ADCB83D8354304DCC510F7D6318DA8F528C2
Adware.Wajam.PrxySvrRST, C:\WINDOWS\SYSTEM32\SSL\CERT.DB, Quarantined, 5156, 878871, 1.0.41655, , ame, , 3FFFFF71A4C091786328DA7016D44193, AEA2A570D06D812680D5AFEB76B2F534FE38DF080F764B8E8504AA43153CCE28
Adware.Wajam.PrxySvrRST, C:\Windows\System32\SSL\f951fb6936945a12.cer, Quarantined, 5156, 878871, , , , , 574A33E64FB90A509C16651D53FF793D, 073E0773AA8252A6D7DA6412EB56920C5912A09586944C2BB5C92762EF793867
Adware.Wajam.PrxySvrRST, C:\Windows\System32\SSL\xtls.db, Quarantined, 5156, 878871, , , , , 65D35CF9425EC9CC95CF84D7BA4E49C2, F0581A02363AFC469A9719BD03D71798E0CC5091B8293A57DA486A958D6E776F
PUP.Optional.SearchManager.BITSRST, C:\USERS\JUNDRIL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PILPLLOABDEDFMIALNFCHJOMJMPJCOEJ\10.1.4.55_0\MANIFEST.JSON, Quarantined, 283, 626728, 1.0.41655, , ame, , DE70067CE7237C41AA2C22A0034F4CCF, 815B944244BA67220E3923B5D855712B7BA04858896595A4EA4D356831AA360B
PUP.Optional.SearchManager.BITSRST, C:\USERS\JUNDRIL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\NAHHMPBCKPGDIDFNMFKFGIFLPJIJILCE\10.1.4.60_0\MANIFEST.JSON, Quarantined, 283, 626728, 1.0.41655, , ame, , 659E1A50CB11AAAE804F97B0236EB1AA, 2839B5D41EE8365B89FF56A8581DB876D314DD1EF1F16E7B5C2AAF005EEC9378
PUP.Optional.SearchManager.BITSRST, C:\USERS\JUNDRIL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\EXTENSIONS\PILPLLOABDEDFMIALNFCHJOMJMPJCOEJ\10.1.4.55_0\MANIFEST.JSON, Quarantined, 283, 626728, 1.0.41655, , ame, , DE70067CE7237C41AA2C22A0034F4CCF, 815B944244BA67220E3923B5D855712B7BA04858896595A4EA4D356831AA360B
PUP.Optional.SearchManager.BITSRST, C:\USERS\JUNDRIL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\EXTENSIONS\NAHHMPBCKPGDIDFNMFKFGIFLPJIJILCE\10.1.4.60_0\MANIFEST.JSON, Quarantined, 283, 626728, 1.0.41655, , ame, , 659E1A50CB11AAAE804F97B0236EB1AA, 2839B5D41EE8365B89FF56A8581DB876D314DD1EF1F16E7B5C2AAF005EEC9378
PUP.Optional.SearchManager.BITSRST, C:\USERS\JUNDRIL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PILPLLOABDEDFMIALNFCHJOMJMPJCOEJ\10.1.4.55_0\RESPONSECONFIG.JSON, Quarantined, 283, 626727, 1.0.41655, , ame, , 4EF91EC44811ECEE4DB7DF102C77D382, AD5D0F95AFC4E21C042ABC0F257E669149F997F4A3F5D15062762F7147C9C906
PUP.Optional.SearchManager.BITSRST, C:\USERS\JUNDRIL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\EXTENSIONS\PILPLLOABDEDFMIALNFCHJOMJMPJCOEJ\10.1.4.55_0\RESPONSECONFIG.JSON, Quarantined, 283, 626727, 1.0.41655, , ame, , 4EF91EC44811ECEE4DB7DF102C77D382, AD5D0F95AFC4E21C042ABC0F257E669149F997F4A3F5D15062762F7147C9C906
PUP.Optional.SearchManager.BITSRST, C:\USERS\JUNDRIL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\NAHHMPBCKPGDIDFNMFKFGIFLPJIJILCE\10.1.4.60_0\RESPONSECONFIG.JSON, Quarantined, 283, 626727, 1.0.41655, , ame, , 0EEBA7D4FF0CEB131CE4CAD8D97BC612, 9716CD2BBE4FFF18E5DC887D5064D2DCC800A823B8971B6F48D0974766A19810
PUP.Optional.SearchManager.BITSRST, C:\USERS\JUNDRIL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\EXTENSIONS\NAHHMPBCKPGDIDFNMFKFGIFLPJIJILCE\10.1.4.60_0\RESPONSECONFIG.JSON, Quarantined, 283, 626727, 1.0.41655, , ame, , 0EEBA7D4FF0CEB131CE4CAD8D97BC612, 9716CD2BBE4FFF18E5DC887D5064D2DCC800A823B8971B6F48D0974766A19810
PUP.Optional.SearchManager.BITSRST, C:\Users\Jundril\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb, Quarantined, 283, 628563, , , , , B99FA4F4D7A29A85AA3CA184DCF42AC2, 7967AEF04AF21AEC068D5A97DB7ECCAA5D992FA919A16C3CF877A0F63159FE0A
PUP.Optional.SearchManager.BITSRST, C:\Users\Jundril\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000090.ldb, Quarantined, 283, 628563, , , , , 86C0B8D363A09CFDCC9028C8507D4FA2, A855CB6C680F110A8B6EEF832C7182AB1589FC7BCA7829CF97D95C5CA8CAB05C
PUP.Optional.SearchManager.BITSRST, C:\Users\Jundril\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000092.ldb, Quarantined, 283, 628563, , , , , 722C07112469EFE4280C3DDA9D41EF1E, 38C530381EA0B52B7EA5FB18B167E873AE635A89C52771AC05E389490999E8F1
PUP.Optional.SearchManager.BITSRST, C:\Users\Jundril\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000093.log, Quarantined, 283, 628563, , , , , 3C8FD9E84559FF73C07E4DB8A5C58D5B, 1E6A5DCDA9054BE0A51E0E5CCBC7C64EA9DED371B3C3D94D90386F2F5C8A502B
PUP.Optional.SearchManager.BITSRST, C:\Users\Jundril\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000094.ldb, Quarantined, 283, 628563, , , , , BECEFDF53B1FE7D45D87AE719059C7AC, 85EBC1F03D3E9BE8873CEBF70680C7EA8B499EE265EA216F7A9A877B94AC38A9
PUP.Optional.SearchManager.BITSRST, C:\Users\Jundril\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, Quarantined, 283, 628563, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
PUP.Optional.SearchManager.BITSRST, C:\Users\Jundril\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, Quarantined, 283, 628563, , , , , , 
PUP.Optional.SearchManager.BITSRST, C:\Users\Jundril\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, Quarantined, 283, 628563, , , , , F20538B223148985AE2587E60953D090, 4DFAAFEBAA18C0A36C91AA5FBB77863A2BE9106DB5705AE1BCFDE324E71DDC62
PUP.Optional.SearchManager.BITSRST, C:\Users\Jundril\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, Quarantined, 283, 628563, , , , , D0DE706C6EB196A396BB6CD3FE759F6C, 4732044662A300730400A55334E045F097DBDB4D0FFFFA040B874A2189998A7B
PUP.Optional.SearchManager.BITSRST, C:\Users\Jundril\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, Quarantined, 283, 628563, , , , , B7CF569866D4BAB47865842D5127C7FE, 367F966D26161FFD300A846ADB8376AA41C6CFBEBAE0D7B7C6A4884FAB7083C5
PUP.Optional.SearchManager.BITSRST, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb, Quarantined, 283, 628563, , , , , 733D1F86CAD40A6BC203764F9CCDA70E, 2DE040DC4C89C1D2EA5A6808CA1C3D6AFE66939B838439ADD005F505655C91E2
PUP.Optional.SearchManager.BITSRST, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\011881.log, Quarantined, 283, 628563, , , , , DB660B6C5B4551CE11C14254BC60091B, CBBC90A0E79F82A179FB3098A186DDF8393F0F19EA4FE2A51ED1825E699E76A0
PUP.Optional.SearchManager.BITSRST, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\011883.ldb, Quarantined, 283, 628563, , , , , 962626FF57B237A5C947B83949BF8EE9, 41A093EC60A7BE3CC17F2DBABB0FEE9FB09265E1A31288DAA030F9CBD1339090
PUP.Optional.SearchManager.BITSRST, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, Quarantined, 283, 628563, , , , , BE8D16C77A488A674E45EBF5088B8B36, E50E7E36D1177FC26AEDE6A09F2E37D8D9F5F4455CBBF5EF40D6CA9D556857C8
PUP.Optional.SearchManager.BITSRST, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, Quarantined, 283, 628563, , , , , , 
PUP.Optional.SearchManager.BITSRST, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, Quarantined, 283, 628563, , , , , C11EDFF954BCF27C31DD134534F683C0, F50A58FD84A23194FCD74E41C798A65FB0D97F9B613DD6BD36FBCB4535308C4C
PUP.Optional.SearchManager.BITSRST, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, Quarantined, 283, 628563, , , , , 7501440A6F0CD28077331B6A0AA4C1D6, 0CCAADEE30D9290BDB9D5A578ED6204840E5F4F3E787EA50864F05BEF264FF7C
PUP.Optional.SearchManager.BITSRST, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-009206, Quarantined, 283, 628563, , , , , 312B999DD81F15C4C5285618708D8B9F, 66E4AAAFE87DFA9AB365E4BB45E77D0C24B7ACB7325204D72DE7AA8DCA7DC48B
PUP.Optional.SearchManager.BITSRST, C:\USERS\JUNDRIL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 283, 628563, 1.0.41655, , ame, , C54C59B9BE562DAD14D9A907A2AA4BF7, C9797EB8AF288C4AF77B0C2A320C3FA1D33B892FFF56E0CD17F8DF3DF895F4BD
PUP.Optional.SearchManager.BITSRST, C:\USERS\JUNDRIL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 283, 626729, 1.0.41655, , ame, , C54C59B9BE562DAD14D9A907A2AA4BF7, C9797EB8AF288C4AF77B0C2A320C3FA1D33B892FFF56E0CD17F8DF3DF895F4BD
PUP.Optional.SearchManager.BITSRST, C:\USERS\JUNDRIL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Secure Preferences, Replaced, 283, 628563, 1.0.41655, , ame, , AD0B2A1520BAD2BA1D44118C1B2C4028, 07908CBBFF415FD8330B4A778AE6C6E1F2058424E0529C385039FCDD650422EF
PUP.Optional.SearchManager.BITSRST, C:\USERS\JUNDRIL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Secure Preferences, Replaced, 283, 626729, 1.0.41655, , ame, , AD0B2A1520BAD2BA1D44118C1B2C4028, 07908CBBFF415FD8330B4A778AE6C6E1F2058424E0529C385039FCDD650422EF
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)
 
ESET
15/06/2021 22:54:09 PM
Files scanned: 556188
Detected files: 0
Cleaned files: 0
Total scan time: 10:28:08
Scan status: Finished

  • 0

#20
DR M
Posted 15 June 2021 - 01:10 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,113 posts

Apologies for no response yet. I will be with you tomorrow.


  • 0

#21
rybards
Posted 16 June 2021 - 01:48 AM

rybards

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

Okay. No probs! :)


  • 0

#22
DR M
Posted 16 June 2021 - 06:47 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,113 posts

Hi, Ryan.

 

Now we made this cleaning, let's see if you can run AdwCleaner. Instructions here (Step 1).


  • 0

#23
rybards
Posted 16 June 2021 - 10:21 PM

rybards

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

Hi DR M,

 

AdwCleaner still won't run. :(


  • 0

#24
DR M
Posted 17 June 2021 - 05:28 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,113 posts

Strange. 
 
Try to run it in Safe mode.
 

Restart with Safe mode

  • Press the Windows icon on the keyboard together with the letter I, to get into the Settings.
  • Choose Update and Security.
  • From the menu at the left, choose Recovery.
  • Under the title Advanced startup at the right, choose Restart now.
  • From the window that will appear choose Troubleshoot and then Advanced options.
  • Choose Startup Settings and then Restart.
  • Press number 4, for choosing Safe mode.
  • You will know that you are in Safe mode, if the background is black and Safe mode is written at the four corners of the screen.

 

While in Safe mode, try to run AdwCleaner again. It is supposed that after the flash of the cmd window, the tool opens.


  • 0

#25
rybards
Posted 17 June 2021 - 09:01 PM

rybards

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

Hi DR M,

 

I tried running it in Safe Mode, but it still didn't run after the cmd window appeared. I even tried restarting my computer, then downloading the application again. It still won't run.

 

Apologies for the inconvenience. I'm really clueless about this stuff.

 

:(


  • 0

Advertisements

#26
DR M
Posted 18 June 2021 - 06:51 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,113 posts

No need to apologize, Ryan. It's my pleasure to be helping you.
 
Please let me see fresh FRST logs.

  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.

Note: To attach the logs: Select More Reply Options under the reply area and then the Attach File button.


  • 0

#27
DR M
Posted 19 June 2021 - 02:02 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,113 posts

Hi, Ryan.

 

Could you please watch this thread more frequently? It would help in the effort to effectively solve your issue. 

 

Thanks. 


  • 0

#28
rybards
Posted 19 June 2021 - 03:50 AM

rybards

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

Hi DR M,

 

Apologies for the delay. I'll be more responsive. Running the log now.


  • 0

#29
rybards
Posted 19 June 2021 - 04:46 AM

rybards

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

Please see the attached files. Apologies for the inconvenience.

Attached Files


  • 0

#30
DR M
Posted 19 June 2021 - 05:56 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,113 posts

Thank you, Ryan.
 
1. FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\StartupApproved\Run: => "uTorrent"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
FirewallRules: [{0B5B9609-4022-4200-BDE4-7B85A6894898}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE => No File
FirewallRules: [TCP Query User{18D45DE5-47B2-4297-B842-7189A5861864}C:\users\ryan\appdata\local\skypeplugin\pluginhost.exe] => (Block) C:\users\ryan\appdata\local\skypeplugin\pluginhost.exe => No File
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\Run: [Adobe Acrobat Synchronizer] => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe"
Task: {096C0699-B78C-486D-AD81-9006F08B8C89} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe
C:\WINDOWS\system32\Tasks\McAfee
C:\Program Files (x86)\Adobe\Acrobat DC
C:\ProgramData\BlueStacks
VirusTotal: C:\Users\Public\ASR.dat
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

 

2. In-place upgrade
 
Your operating system is two critical upgrades behind. By doing an in-place upgrade, you don't only upgrade your system, but also fix any possible corruptions, without losing any program/file.

  • Go to this Microsoft page and under the title Create Windows 10 installation media press on Download tool now.
  • Save the tool on your Desktop and double click to run it.
  • On the License terms page, if you accept the license terms, select Accept.
  • On the What do you want to do page, select Upgrade this PC now, and then select Next.
  • Follow the instructions and select Keep personal files and apps, when you are asked to.
  • It might take a couple of hours, depending on your wifi speed connection, to install Windows 10. Your PC will restart a few times. Make sure you don’t turn off your PC.
  • After downloading and installing, the tool will walk you through how to set up Windows 10 on your PC.

 

3. Fresh FRST logs

  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please copy and paste the content of these two logs in your next reply.

 

In your next reply please post:

  1. The fixlog.txt
  2. The fresh FRST logs after the upgrade (FRST and Addition)

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP