[RiceCake]

Hello, every time i boot my pc i get two error messeges that there was a problem starting both StartupCheckLibrary.dll and winscomrssrv.dll are "and the specific modules could not be found" 

[Advertisements]

Hello, RiceCake. 
 
Welcome to GTG Forums!

Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.

If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe

• Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
• Press Scan button and wait for a while.
• The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
• Please attach the content of these two logs in your next reply.

(To attach the files, click on the More Reply Options at the bottom right of the reply area, and then choose Attach File)

[DR M]

Hello, RiceCake. 
 
Welcome to GTG Forums!

Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.

If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe

• Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
• Press Scan button and wait for a while.
• The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
• Please attach the content of these two logs in your next reply.

(To attach the files, click on the More Reply Options at the bottom right of the reply area, and then choose Attach File)

[RiceCake]

Hello, here are the files

Attached Files

•  FRST.txt   45.09KB   67 downloads
•  Addition.txt   68.02KB   72 downloads

[DR M]

I'm so glad to say that after so many years in the Forums, this is the first time I'm helping a Greek person, and/or cleaning a Greek language system!!!
 
Hi, RiceCake! 

 

Welcome to GTG Forums!   

 
Είμαι ο Πάνος. Εσύ; 

 

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.

 

 

=============================

 

Unfortunately, your computer is infected.

 

I'll need some time to review your logs and be back to you.

[DR M]

To begin with:
 
 
1. FRST
 
Please move the FRST tool from your Downloads folder on to your Desktop.
 
 
2. Uninstall outdated Java

There are very few reasons these days to continue having Java installed on your computer. However, if you do elect to keep Java, it needs to be updated to the latest version which you can find here: Java SE Runtime Environment 8 - Downloads. Note: UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.
 
For now: Just uninstall Java 8 Update 301 (64-bit). In case you need it, you can install the latest version when we finish from here. 
 
 
3. Uninstall a Chrome extension

• Open Chrome.
• At the top right choose More (the three vertical dots) > More Tools > Extensions
• Find AVG Secure Search, and remove it, clicking on Remove.
• Confirm the action by clicking Remove once again.

 

4. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

• Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.

Start::
CreateRestorePoint:
CloseProcesses:
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [5214]
AlternateDataStreams: C:\Users\user\Application Data:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\user\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
FirewallRules: [{7C962F1C-E23D-401D-9802-5CCB73186111}] => (Allow) C:\Windows\system32\winrmsrv.exe => No File
FirewallRules: [UDP Query User{C42E9D18-0EE6-4F1C-B029-0EC9FAFA83FF}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe => No File
FirewallRules: [TCP Query User{3F57588D-127F-4156-8697-46A6944363F3}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe => No File
FirewallRules: [UDP Query User{EFD3CD3D-F02D-4147-AC25-D568A93C9F7D}C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe => No File
FirewallRules: [TCP Query User{93EB7C0F-EEB8-48FC-8D6A-313516954E92}C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe => No File
FirewallRules: [{72B55342-D459-41C1-AA5F-31630E17DFAD}] => (Allow) D:\SteamLibrary\steamapps\common\Sea of Thieves\Athena\Binaries\Win64\SoTGame.exe => No File
FirewallRules: [{21E52BDF-D889-45EB-86BC-2D929EAD9849}] => (Allow) D:\SteamLibrary\steamapps\common\Sea of Thieves\Athena\Binaries\Win64\SoTGame.exe => No File
FirewallRules: [UDP Query User{0FBA98CF-C38A-4817-91BD-07E11ADF48EB}D:\games\life is strange 2\lis2\binaries\win64\lis2-win64-shipping.exe] => (Block) D:\games\life is strange 2\lis2\binaries\win64\lis2-win64-shipping.exe => No File
FirewallRules: [TCP Query User{94D6709C-1E80-4863-BDAE-DB5C77C6A13B}D:\games\life is strange 2\lis2\binaries\win64\lis2-win64-shipping.exe] => (Block) D:\games\life is strange 2\lis2\binaries\win64\lis2-win64-shipping.exe => No File
FirewallRules: [UDP Query User{A1DA7F04-A7EC-4E05-B797-82B28CE20922}D:\games\life is strange - before the storm\life is strange - before the storm.exe] => (Block) D:\games\life is strange - before the storm\life is strange - before the storm.exe => No File
FirewallRules: [TCP Query User{9C1F3FF5-BF5D-4DB4-A26A-6F25B8757D6D}D:\games\life is strange - before the storm\life is strange - before the storm.exe] => (Block) D:\games\life is strange - before the storm\life is strange - before the storm.exe => No File
FirewallRules: [UDP Query User{22900A05-D86C-48BB-A2FD-BBAD7CA91893}D:\games\life is strange before the storm episode 1\life is strange - before the storm.exe] => (Block) D:\games\life is strange before the storm episode 1\life is strange - before the storm.exe => No File
FirewallRules: [TCP Query User{E6E3E25C-FB87-4813-ACA7-66B178FA85C7}D:\games\life is strange before the storm episode 1\life is strange - before the storm.exe] => (Block) D:\games\life is strange before the storm episode 1\life is strange - before the storm.exe => No File
FirewallRules: [{A079C6B1-4F1C-4112-B8C3-3C84C6B18FE1}] => (Allow) D:\SteamLibrary\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe => No File
FirewallRules: [{758F25B2-1A09-4392-88CE-72C11BDFA2D9}] => (Allow) D:\SteamLibrary\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe => No File
FirewallRules: [{C3C9FBB8-B846-4420-A28D-EF20EEFD368A}] => (Allow) D:\SteamLibrary\steamapps\common\Call of Duty Black Ops III\BlackOps3.exe => No File
FirewallRules: [{384CA0EE-6D34-4802-BA09-0E9713E60D76}] => (Allow) D:\SteamLibrary\steamapps\common\Call of Duty Black Ops III\BlackOps3.exe => No File
FirewallRules: [UDP Query User{A0C734F6-BB21-4052-849D-D254DCBD0F7B}D:\downloaded games\genshin impact\genshin impact game\genshinimpact.exe] => (Block) D:\downloaded games\genshin impact\genshin impact game\genshinimpact.exe => No File
FirewallRules: [TCP Query User{6912006B-0F80-4FF7-A0F3-55BCB57AFED9}D:\downloaded games\genshin impact\genshin impact game\genshinimpact.exe] => (Block) D:\downloaded games\genshin impact\genshin impact game\genshinimpact.exe => No File
FirewallRules: [{F1CE9C7D-0C3F-4B8F-BE38-A7B99CDCA303}] => (Allow) D:\SteamLibrary\steamapps\common\TellMeWhy\TME-Win64-Shipping.exe => No File
FirewallRules: [{299019B7-E15F-4E27-B15E-D237C5E15357}] => (Allow) D:\SteamLibrary\steamapps\common\TellMeWhy\TME-Win64-Shipping.exe => No File
FirewallRules: [UDP Query User{0A89E569-5AAD-4B6F-ACFA-D0F99D9A03F2}D:\downloaded games\crac 4\the sims 4\game\bin\ts4_x64.exe] => (Block) D:\downloaded games\crac 4\the sims 4\game\bin\ts4_x64.exe => No File
FirewallRules: [TCP Query User{4B25A570-3E8E-4348-A860-57E0FCF1E32F}D:\downloaded games\crac 4\the sims 4\game\bin\ts4_x64.exe] => (Block) D:\downloaded games\crac 4\the sims 4\game\bin\ts4_x64.exe => No File
FirewallRules: [UDP Query User{095A43DB-97E8-4881-ACB5-91B12EB4CD11}D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe => No File
FirewallRules: [TCP Query User{38042AB1-EFA6-4083-B8DD-795B16CCD7C9}D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe => No File
FirewallRules: [{11BD92F5-08EE-43BC-94AB-E73A7E7CD29C}] => (Allow) D:\SteamLibrary\steamapps\common\Super Jigsaw Puzzle Generations\Super Jigsaw Puzzle Generations.exe => No File
FirewallRules: [{E68EDDA1-1ACD-4079-8A0C-10F98993AEB3}] => (Allow) D:\SteamLibrary\steamapps\common\Super Jigsaw Puzzle Generations\Super Jigsaw Puzzle Generations.exe => No File
FirewallRules: [{DF9BECE5-F47D-4E8E-B97F-17146DD9ABF7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{85E19E63-751B-4F10-BB46-EFB968C21EC8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{DBE2F316-8646-40E0-9E9C-2313719655FE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{052B74B8-87D4-44E4-AF6A-37E02898D24B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [TCP Query User{CA5627F9-256A-4E65-BFA2-8E4C97379605}C:1\avengers.exe] => (Block) C:1\avengers.exe => No File
FirewallRules: [UDP Query User{6FE77037-D258-44A0-B68F-FF3227E82131}C:1\avengers.exe] => (Block) C:1\avengers.exe => No File
FirewallRules: [{D1161E24-5DA3-4F43-9D0A-55015ECEC187}] => (Allow) D:\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\ExecPubg.exe => No File
FirewallRules: [{3D8D0E49-7214-4666-9742-A6F6C56C4FB6}] => (Allow) D:\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\ExecPubg.exe => No File
FirewallRules: [{4A03ABC2-5E4A-4066-A459-F68F921BDDF6}] => (Allow) D:\SteamLibrary\steamapps\common\Grand Theft Auto V\PlayGTAV.exe => No File
FirewallRules: [{5C9ACFCA-02D9-472F-8E05-0F77D6887A2E}] => (Allow) D:\SteamLibrary\steamapps\common\Grand Theft Auto V\PlayGTAV.exe => No File
FirewallRules: [TCP Query User{29F94393-0F01-4E70-AD15-A6CF1727B1D3}D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe => No File
FirewallRules: [UDP Query User{B5CF3D31-0F13-4EF7-A88A-68B97A0EA0BF}D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe => No File
FirewallRules: [TCP Query User{77F5A0D9-8AA8-4615-A3E1-02F2AB8B4260}D:\games\the sims 4\game\bin\ts4_x64.exe] => (Block) D:\games\the sims 4\game\bin\ts4_x64.exe => No File
FirewallRules: [UDP Query User{49C87CE7-559E-4900-A851-9DBD0517F3E7}D:\games\the sims 4\game\bin\ts4_x64.exe] => (Block) D:\games\the sims 4\game\bin\ts4_x64.exe => No File
FirewallRules: [TCP Query User{361A09FD-2D8A-4027-A383-10EE5AFF0637}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Block) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe => No File
FirewallRules: [UDP Query User{9913FB9E-B23B-4596-A2EE-B339C9E100C2}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Block) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe => No File
HKLM-x32\...\Run: [] => [X]
HKLM\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\Update\OneDriveSetup.exe" (No File)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKLM\Software\Policies\...\system: [EnableSmartScreen] 0
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk [2023-01-16]
ShortcutTarget: IMVU.lnk -> C:\Users\user\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe (No File)
Task: {18C712AC-B0C4-4AD4-97B0-C26E8C9C73A4} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => C:\WINDOWS\system32\rundll32.exe [71680 2023-10-10] (Microsoft Windows -> Microsoft Corporation) -> StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION
Task: {F1E6EF82-2E75-417F-AD84-3F3DB14B8E85} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => C:\WINDOWS\system32\rundll32.exe [71680 2023-10-10] (Microsoft Windows -> Microsoft Corporation) -> winscomrssrv.dll,SrvMainHost <==== ATTENTION
Task: {CB01A83A-D781-439C-A7FE-A0B18F9887EB} - System32\Tasks\Microsoft\Windows\Wininet\Winlogui => winlogui.exe  -o pool.supportxmr.com:80 -u 8AhFMmrfRy7H1hhdjLcikGfg9aC4YSr2NXYkqayusoB6exD1YaNjwCsjD7i7PRJodW22PZ7vGzMCn6eux57jrSjDJ3sBWpB -p x (No File) <==== ATTENTION
S3 BraveElevationService; "C:\Program Files\BraveSoftware\Brave-Browser\Application\119.1.60.114\elevation_service.exe" [X]
C:\Windows\System32\7B296FC0-376B-497d-B013-58F4D9633A22-5P-1.B5841A4C-A289-439d-8115-50AB69CD450
C:\Windows\System32\7B296FC0-376B-497d-B013-58F4D9633A22-5P-1.B5841A4C-A289-439d-8115-50AB69CD450B
cmd: netsh advfirewall reset
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
Hosts:
EmptyTemp:
End::

• Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
• Press the Fix button once and wait.
• FRST will process fixlist.txt
• When finished, it will produce a log fixlog.txt on your Desktop.
• Post the log in your next reply.

 

 

In your next reply please post:

1. If uninstalling Java and the Chrome extension ran smoothly
2. The fixlog.txt

[RiceCake]

Γεία σου Πάνο, Αλεξ εδώ. Ευχαριστώ εκ τον προτέρων για την βοήθεια. 

 

 

I managed to remove both java and the chrome extension as you told me to. 

 

 

Attached Files

•  Fixlog.txt   23.99KB   63 downloads

[DR M]

Γεια σου, Άλεξ!

 

Προχωρούμε.

 

 

Search with FRST

• Double-click FRST.exe/FRST64.exe to run it.
• Copy and paste the following into the Search box:

SearchAll: winlogui.exe;winscomrssrv.dll;StartupCheckLibrary.dll;winrmsrv.exe

• Press the Search Files button.
• When complete, FRST will generate a log, named Search.txt, in the same location it was run from.
• Please copy and paste its contents into your reply.

[RiceCake]

Here!

Attached Files

•  Search.txt   769bytes   67 downloads

[DR M]

1. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

• Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.

Start::
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\winlogui.exe
Reboot:
End::

• Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
• Press the Fix button once and wait.
• FRST will process fixlist.txt
• When finished, it will produce a log fixlog.txt on your Desktop.
• Post the log in your next reply.

 

2. Run AdwCleaner (scan only)

Download AdwCleaner and save it to your desktop.

• Double click AdwCleaner.exe to run it.
• Click Scan Now.
  • When the scan has finished, a Scan Results window will open.
  • Click Cancel (at this point do not attempt to Quarantine anything that is found)
• Now click the Log Files tab.
  • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
  • A Notepad file will open containing the results of the scan.
  • Please post the contents of the file in your next reply.

 

2. Run Malwarebytes (scan only)

• Download Malwarebytes and save it to your Desktop.
• Once downloaded, close all programs and Windows on your computer.
• Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
• Follow the instructions to install the program.
• When finished, double click the program's icon created on your Desktop.
• Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
  

  Under the title Scan Options, all the options are checked.
  Under the title Windows Security Center (Premium only) the option is NOT checked.
  Under the title Potentially unwanted items all options are set to Always.

• Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
• When finished, you will see the Threat Scan Summary window open.
• If threats are not found, click View Report and proceed to the two last steps below.
  
  If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

 

 

In your next reply please post: 

1. The fixlog.txt
2. The AdwCleaner[S0*].txt
3. The Malwarebytes report

[RiceCake]

Here!

Attached Files

•  Fixlog.txt   620bytes   66 downloads
•  AdwCleanerS00.txt   2.06KB   65 downloads
•  Malwarebytes.txt   12.29KB   65 downloads

[DR M]

Question:

 

Are you aware of this user in your Users folder? 

 

C:\USERS\ANASTASIA

 

There is no such a user in the FRST logs.

[RiceCake]

Yes, It was my sister's acc.

[DR M]

Γεια σου, Άλεξ.
 
Επόμενα βήματα:
 
 
1. Stop Google Sync
 
Turn off Google Sync for ALL the devices you are using. DO NOT turn it on, until I tell you. This is very important. 
 
Helpful link: Sign in & sync in Chrome - Computer - Google Chrome Help
 
 
2. AdwCleaner (Clean mode)

Let me explain to you the log created by AdwCleaner:

The findings in Files, Folders, Registry and Chromium parts of the log, are adware and PUPs which stands for Potentially Unwanted Programs. In the instructions below, I will list them all to be removed.

The section at the bottom under Preinstalled Software is software that was apparently installed when the device was new, which you may or may not use. Personally, I do not keep anything I don't use/need. But it's your computer, so your decision.

WildTangentGames is also came preinstalled in your computer. Since you or your granddaughter may be using it, you can keep it. The decision here is yours.

To proceed, please do the following:

• Double click AdwCleaner.exe on your Desktop, to run it as you did before.
• Click Scan Now.
• When the scan has finished a Scan Results window will open.
• Please check all the boxes and then click Quarantine.
• Click Next.
  • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
  • Check any pre-installed software items you want to remove.
  • Click Quarantine.
• A prompt to save your work will appear.
  • Click Continue when you're ready to proceed.
• A prompt to restart your computer will appear.
  • Click Restart Now.
• Once your computer has restarted:
  • If it doesn't open automatically, please start AdwCleaner.
  • Click the Log Files tab.
  • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
  • A Notepad file will open containing the results of the removal.
  • Please post the contents of the file in your next reply.

 

3. Run Malwarebytes (Clean mode)

• Double click the program's icon on your Desktop, as you did before.
• Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
  

  Under the title Scan Options, all the options are checked.
  Under the title Windows Security Center (Premium only) the option is unchecked.
  Under the title Potentially unwanted items all options are set to Always.

• Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
• When finished, you will see the Thread Scan Summary window open.
• If threats are not found, click View Report and proceed to the two last steps below.
• If threats are found, make sure that all threats are selected, and click on Quarantine/Remove selected.
• You may need to restart the computer.
• Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
• Find the report with the most recent date and double click on it.
• Click on Export and then Copy to Clipboard.
• Paste its content here, in your next reply.

 

 

In your next reply, please post:

• If you successfully tuned off Google Sync for ALL your devices
• The AdwCleaner[C0*].txt
• The Malwarebytes report

[RiceCake]

I turned off google sync on both  my PC and phone. 

Attached Files

•  AdwCleanerC01.txt   2.05KB   63 downloads
•  Malwarebytes 2.txt   11.48KB   63 downloads

[DR M]

Can you please run Malwarebytes once again as you did before and post the report?