[DR M]

Well, the start:: and end:: lines are included inside the code I gave you. I wonder what you did and the fix included the whole content of my reply!  

 

Anyway, I gather that the fix ran, since you ran it twice, thus why the Not found indications. 

 

Waiting for your eset.txt. When you are ready. 

[Advertisements]

sorry, it took 6 hours or more to run that scan and I just got back in.

 

12/7/2023 18:02:22 PM

Files scanned: 482677

Detected files: 3

Cleaned files: 3

Total scan time 06:11:51

Scan status: Finished

C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\Uninstall.exe a variant of Win32/YTDDownloader.H potentially unwanted application cleaned by deleting

 

C:\Users\Lin\Downloads\Kurt-Power-Drawbar-Manual.exe PowerShell/Polazert.E trojan cleaned by deleting

 

C:\Users\Lin\Downloads\YTDSetup.exe a variant of Win32/YTDDownloader.H potentially unwanted application cleaned by deleting

[mx842]

sorry, it took 6 hours or more to run that scan and I just got back in.

 

12/7/2023 18:02:22 PM

Files scanned: 482677

Detected files: 3

Cleaned files: 3

Total scan time 06:11:51

Scan status: Finished

C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\Uninstall.exe a variant of Win32/YTDDownloader.H potentially unwanted application cleaned by deleting

 

C:\Users\Lin\Downloads\Kurt-Power-Drawbar-Manual.exe PowerShell/Polazert.E trojan cleaned by deleting

 

C:\Users\Lin\Downloads\YTDSetup.exe a variant of Win32/YTDDownloader.H potentially unwanted application cleaned by deleting

[DR M]

OK!
 
Some more checks, please:


1. Run AdwCleaner (scan only)

Download AdwCleaner and save it to your desktop.

• Double click AdwCleaner.exe to run it.
• Click Scan Now.
  • When the scan has finished, a Scan Results window will open.
  • Click Cancel (at this point do not attempt to Quarantine anything that is found)
• Now click the Log Files tab.
  • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
  • A Notepad file will open containing the results of the scan.
  • Please post the contents of the file in your next reply.

 

2. Run Malwarebytes (scan only)

• Download Malwarebytes and save it to your Desktop.
• Once downloaded, close all programs and Windows on your computer.
• Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
• Follow the instructions to install the program.
• When finished, double click the program's icon created on your Desktop.
• Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
  

  Under the title Scan Options, all the options are checked.
  Under the title Windows Security Center (Premium only) the option is NOT checked.
  Under the title Potentially unwanted items all options are set to Always.

• Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
• When finished, you will see the Threat Scan Summary window open.
• If threats are not found, click View Report and proceed to the two last steps below.
  
  If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

 

 

In your next reply, please post:

• The AdwCleaner[S0*].txt
• The Malwarebytes report

[mx842]

Malwarebytes

www.malwarebytes.com

 

-Log Details-

Scan Date: 12/8/2023

Scan Time: 8:46 AM

Log File: 3df59c0c-95d0-11ee-bb42-18037334bed0.json

 

-Software Information-

Version: 5.0.14.89

Components Version: 1.0.1091

Update Package Version: 1.0.78136

License: Trial

 

-System Information-

OS: Windows 10 (Build 19045.3758)

CPU: x64

File System: NTFS

User: DESKTOP-TB9AP1R\Lin

 

-Scan Summary-

Scan Type: Threat Scan

Scan Initiated By: Manual

Result: Completed

Objects Scanned: 225829

Threats Detected: 0

Threats Quarantined: 0

Time Elapsed: 7 min, 14 sec

 

-Scan Options-

Memory: Enabled

Startup: Enabled

File system: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Detect

PUM: Detect

 

-Scan Details-

Process: 0

(No malicious items detected)

 

Module: 0

(No malicious items detected)

 

Registry Key: 0

(No malicious items detected)

 

Registry Value: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Data Stream: 0

(No malicious items detected)

 

Folder: 0

(No malicious items detected)

 

File: 0

(No malicious items detected)

 

Physical Sector: 0

(No malicious items detected)

 

WMI: 0

(No malicious items detected)

 

 

(end)

 

I've run into a wall on the other scan I can't find it in clipboard. I probably have something set wrong on the scan page. The format as you posted above is different in the settings security tab box you posted above. I put in what I thought was right, but something is wrong along the line. I'm still not up to speed on win 10, I'm an XP guy. 

[DR M]

 

 

I've run into a wall on the other scan I can't find it in clipboard. I probably have something set wrong on the scan page. The format as you posted above is different in the settings security tab box you posted above. I put in what I thought was right, but something is wrong along the line. I'm still not up to speed on win 10, I'm an XP guy. 

 

Yes, I see what you mean about my instructions. The tool is getting updates very often so some things are indeed different.

 

You can take a photo and attach it for me here, to see at what step you stuck.

[mx842]

 

# -------------------------------

# Malwarebytes AdwCleaner 8.4.0.0

# -------------------------------

# Build:    08-30-2022

# Database: 2023-07-19.3 (Cloud)

# Support:  https://www.malwarebytes.com/support

#

# -------------------------------

# Mode: Scan

# -------------------------------

# Start:    12-08-2023

# Duration: 00:00:06

# OS:       Windows 10 (Build 19045.3758)

# Scanned:  32102

# Detected: 5

 

 

***** [ Services ] *****

 

No malicious services found.

 

***** [ Folders ] *****

 

PUP.Optional.Legacy             C:\Program Files (x86)\GreenTree Applications

PUP.Optional.Legacy             C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader

PUP.Optional.Legacy             C:\ProgramData\ytd video downloader

 

***** [ Files ] *****

 

No malicious files found.

 

***** [ DLL ] *****

 

No malicious DLLs found.

 

***** [ WMI ] *****

 

No malicious WMI found.

 

***** [ Shortcuts ] *****

 

No malicious shortcuts found.

 

***** [ Tasks ] *****

 

No malicious tasks found.

 

***** [ Registry ] *****

 

PUP.Optional.YTDToolbar         HKCU\Software\{DAF8B7E5-449D-4180-8281-10E536E597F2}

PUP.Optional.YTDToolbar         HKLM\Software\{DAF8B7E5-449D-4180-8281-10E536E597F2}

 

***** [ Chromium (and derivatives) ] *****

 

No malicious Chromium entries found.

 

***** [ Chromium URLs ] *****

 

No malicious Chromium URLs found.

 

***** [ Firefox (and derivatives) ] *****

 

No malicious Firefox entries found.

 

***** [ Firefox URLs ] *****

 

No malicious Firefox URLs found.

 

***** [ Hosts File Entries ] *****

 

No malicious hosts file entries found.

 

***** [ Preinstalled Software ] *****

 

No Preinstalled Software found.

 

 

 

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

 

Edited by mx842, 08 December 2023 - 10:43 AM.

[DR M]

This is the same scan result you already posted. I would like to see the scan result of AdwCleaner. 

[mx842]

it should be in post # 21. I did post the same one but went back and corrected it.

Edited by mx842, 08 December 2023 - 11:07 AM.

[DR M]

OK, you corrected it.
 
Let's clean:

To proceed, please do the following:

• Double click AdwCleaner.exe on your Desktop, to run it as you did before.
• Click Scan Now.
• When the scan has finished a Scan Results window will open.
• Please check all the boxes and then click Quarantine.
• Click Next.
  • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
  • Check any pre-installed software items you want to remove.
  • Click Quarantine.
• A prompt to save your work will appear.
  • Click Continue when you're ready to proceed.
• A prompt to restart your computer will appear.
  • Click Restart Now.
• Once your computer has restarted:
  • If it doesn't open automatically, please start AdwCleaner.
  • Click the Log Files tab.
  • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
  • A Notepad file will open containing the results of the removal.
  • Please post the contents of the file in your next reply.

[mx842]

Not sure what you mean pre-installed software.

[DR M]

In my instructions above, I wrote:

 

 

If any pre-installed software was found on your machine, a prompt window will open. 

 

No pre-installed software in your computer, so a prompt window didn't open. So move on to quarantine the detected items. 

[mx842]

I never got a prompt to restart

[DR M]

That is strange. Restart, and post the requested log, please. 

[mx842]

# -------------------------------

# Malwarebytes AdwCleaner 8.4.0.0

# -------------------------------

# Build:    08-30-2022

# Database: 2023-07-19.3 (Cloud)

# Support:  https://www.malwarebytes.com/support

#

# -------------------------------

# Mode: Clean

# -------------------------------

# Start:    12-08-2023

# Duration: 00:00:01

# OS:       Windows 10 (Build 19045.3758)

# Cleaned:  5

# Failed:   0

 

 

***** [ Services ] *****

 

No malicious services cleaned.

 

***** [ Folders ] *****

 

Deleted       C:\Program Files (x86)\GreenTree Applications

Deleted       C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader

Deleted       C:\ProgramData\ytd video downloader

 

***** [ Files ] *****

 

No malicious files cleaned.

 

***** [ DLL ] *****

 

No malicious DLLs cleaned.

 

***** [ WMI ] *****

 

No malicious WMI cleaned.

 

***** [ Shortcuts ] *****

 

No malicious shortcuts cleaned.

 

***** [ Tasks ] *****

 

No malicious tasks cleaned.

 

***** [ Registry ] *****

 

Deleted       HKCU\Software\{DAF8B7E5-449D-4180-8281-10E536E597F2}

Deleted       HKLM\Software\{DAF8B7E5-449D-4180-8281-10E536E597F2}

 

***** [ Chromium (and derivatives) ] *****

 

No malicious Chromium entries cleaned.

 

***** [ Chromium URLs ] *****

 

No malicious Chromium URLs cleaned.

 

***** [ Firefox (and derivatives) ] *****

 

No malicious Firefox entries cleaned.

 

***** [ Firefox URLs ] *****

 

No malicious Firefox URLs cleaned.

 

***** [ Hosts File Entries ] *****

 

No malicious hosts file entries cleaned.

 

***** [ Preinstalled Software ] *****

 

No Preinstalled Software cleaned.

 

 

*************************

 

[+] Delete Tracing Keys

[+] Reset Winsock

 

*************************

 

AdwCleaner[S00].txt - [1780 octets] - [08/12/2023 08:19:18]

AdwCleaner[S01].txt - [1841 octets] - [08/12/2023 12:45:37]

 

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

[DR M]

Time to check fresh FRST logs now.

 

Please run FRST once more, as you did before, and attach for me the 2 logs, Addition and FRST.

 

Also, give me feedback: how is the computer running now?