Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with: "PUP.Optional", "MachineLearning/Anomalous.100%" etc


  • This topic is locked This topic is locked
60 replies to this topic

#16 Santibuduba

Santibuduba
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 18 April 2018 - 10:48 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 15.04.2018
Ran by Santi (18-04-2018 23:40:08) Run:4
Running from E:\
Loaded Profiles: Santi (Available Profiles: Santi)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
C:\WINDOWS\System32\Tasks\CCleaner Update
C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
C:\WINDOWS\System32\Tasks\{E99BF826-2C93-FBAE-3C64-CCBA227B8812}
C:\WINDOWS\System32\Tasks\{D84182F4-150B-0854-A78D-74B1D3AF2653}
Task: {19022932-6CBC-45F2-A0B1-0E658EA8AA00} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\SymErr.exe
Task: {62EA05AA-4B0B-4732-BD52-56EF8523A835} - System32\Tasks\EPSON XP-211 214 216 Series Update {FFF8FA78-183E-4CB9-893E-85AFA5D2E6DE} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {90C3B907-419D-4455-85CF-5EDAB406461D} - System32\Tasks\EPSON XP-211 214 216 Series Invitation {FFF8FA78-183E-4CB9-893E-85AFA5D2E6DE} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {A3EF8C08-574E-4446-A31D-0A9D0F9BE4FC} - System32\Tasks\EPSON XP-211 214 216 Series Update {F126981A-2314-4E2A-93CA-53BF623BD006} => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {CA04F4D2-FF61-457D-B04B-477BDA886DF2} - System32\Tasks\EPSON XP-211 214 216 Series Update {CCD030A0-F6A7-41FE-A3EE-5F351C414A00} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {EBF938FA-D723-4B4A-B1D2-B25EE3B9E600} - System32\Tasks\EPSON XP-211 214 216 Series Invitation {F126981A-2314-4E2A-93CA-53BF623BD006} => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {FFA3EAED-1BB4-4BB1-86FF-28A1AA4F3C04} - System32\Tasks\EPSON XP-211 214 216 Series Invitation {CCD030A0-F6A7-41FE-A3EE-5F351C414A00} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {2039F255-AD1A-4AB3-9C4B-904CBEF6089E} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_pepper.exe [2018-03-15] (Adobe Systems Incorporated)
Task: {21B3EDAD-FC12-4970-B7C7-3511390E9BD8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {73260907-06DD-4A3C-9DDB-468F7B709AA9} - System32\Tasks\AdobeAAMUpdater-1.0-SANTI-Santi => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {E0AC1880-727B-4534-826D-F3EA85FB7372} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-15] (Adobe Systems Incorporated)
Task: {EA866BD1-994A-4FA8-91C6-F985C42EE347} - System32\Tasks\AdobeGCInvoker-1.0-SANTI-Santi => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-01-05] (Adobe Systems, Incorporated)
Task: {5E00DB4E-1AA1-48B8-B6F6-0ED330447B4A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-04-06] (Google Inc.)
Task: {F4B37F58-089A-4DB2-BCEB-BFF08E07FB2E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-04-06] (Google Inc.)
 
*****************
 
"C:\WINDOWS\System32\Tasks\CCleaner Update" => not found
"C:\WINDOWS\System32\Tasks\CCleanerSkipUAC" => not found
"C:\WINDOWS\System32\Tasks\{E99BF826-2C93-FBAE-3C64-CCBA227B8812}" => not found
"C:\WINDOWS\System32\Tasks\{D84182F4-150B-0854-A78D-74B1D3AF2653}" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19022932-6CBC-45F2-A0B1-0E658EA8AA00} => could not remove. Access Denied.
"C:\WINDOWS\System32\Tasks\Norton Anti-Theft\Norton Error Analyzer" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Anti-Theft\Norton Error Analyzer => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62EA05AA-4B0B-4732-BD52-56EF8523A835} => could not remove. Access Denied.
"C:\WINDOWS\System32\Tasks\EPSON XP-211 214 216 Series Update {FFF8FA78-183E-4CB9-893E-85AFA5D2E6DE}" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPSON XP-211 214 216 Series Update {FFF8FA78-183E-4CB9-893E-85AFA5D2E6DE} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90C3B907-419D-4455-85CF-5EDAB406461D} => could not remove. Access Denied.
"C:\WINDOWS\System32\Tasks\EPSON XP-211 214 216 Series Invitation {FFF8FA78-183E-4CB9-893E-85AFA5D2E6DE}" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPSON XP-211 214 216 Series Invitation {FFF8FA78-183E-4CB9-893E-85AFA5D2E6DE} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3EF8C08-574E-4446-A31D-0A9D0F9BE4FC} => could not remove. Access Denied.
"C:\WINDOWS\System32\Tasks\EPSON XP-211 214 216 Series Update {F126981A-2314-4E2A-93CA-53BF623BD006}" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPSON XP-211 214 216 Series Update {F126981A-2314-4E2A-93CA-53BF623BD006} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA04F4D2-FF61-457D-B04B-477BDA886DF2} => could not remove. Access Denied.
"C:\WINDOWS\System32\Tasks\EPSON XP-211 214 216 Series Update {CCD030A0-F6A7-41FE-A3EE-5F351C414A00}" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPSON XP-211 214 216 Series Update {CCD030A0-F6A7-41FE-A3EE-5F351C414A00} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EBF938FA-D723-4B4A-B1D2-B25EE3B9E600} => could not remove. Access Denied.
"C:\WINDOWS\System32\Tasks\EPSON XP-211 214 216 Series Invitation {F126981A-2314-4E2A-93CA-53BF623BD006}" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPSON XP-211 214 216 Series Invitation {F126981A-2314-4E2A-93CA-53BF623BD006} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FFA3EAED-1BB4-4BB1-86FF-28A1AA4F3C04} => could not remove. Access Denied.
"C:\WINDOWS\System32\Tasks\EPSON XP-211 214 216 Series Invitation {CCD030A0-F6A7-41FE-A3EE-5F351C414A00}" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPSON XP-211 214 216 Series Invitation {CCD030A0-F6A7-41FE-A3EE-5F351C414A00} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2039F255-AD1A-4AB3-9C4B-904CBEF6089E} => could not remove. Access Denied.
"C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player PPAPI Notifier => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21B3EDAD-FC12-4970-B7C7-3511390E9BD8} => could not remove. Access Denied.
"C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73260907-06DD-4A3C-9DDB-468F7B709AA9} => could not remove. Access Denied.
"C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-SANTI-Santi" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeAAMUpdater-1.0-SANTI-Santi => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0AC1880-727B-4534-826D-F3EA85FB7372} => could not remove. Access Denied.
"C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA866BD1-994A-4FA8-91C6-F985C42EE347} => could not remove. Access Denied.
"C:\WINDOWS\System32\Tasks\AdobeGCInvoker-1.0-SANTI-Santi" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeGCInvoker-1.0-SANTI-Santi => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E00DB4E-1AA1-48B8-B6F6-0ED330447B4A} => could not remove. Access Denied.
"C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4B37F58-089A-4DB2-BCEB-BFF08E07FB2E} => could not remove. Access Denied.
"C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => could not remove. Access Denied.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 18-04-2018 23:42:30)
 
 
Result of scheduled keys to remove after reboot:
 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19022932-6CBC-45F2-A0B1-0E658EA8AA00} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Anti-Theft\Norton Error Analyzer => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62EA05AA-4B0B-4732-BD52-56EF8523A835} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPSON XP-211 214 216 Series Update {FFF8FA78-183E-4CB9-893E-85AFA5D2E6DE} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90C3B907-419D-4455-85CF-5EDAB406461D} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPSON XP-211 214 216 Series Invitation {FFF8FA78-183E-4CB9-893E-85AFA5D2E6DE} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3EF8C08-574E-4446-A31D-0A9D0F9BE4FC} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPSON XP-211 214 216 Series Update {F126981A-2314-4E2A-93CA-53BF623BD006} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA04F4D2-FF61-457D-B04B-477BDA886DF2} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPSON XP-211 214 216 Series Update {CCD030A0-F6A7-41FE-A3EE-5F351C414A00} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EBF938FA-D723-4B4A-B1D2-B25EE3B9E600} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPSON XP-211 214 216 Series Invitation {F126981A-2314-4E2A-93CA-53BF623BD006} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FFA3EAED-1BB4-4BB1-86FF-28A1AA4F3C04} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPSON XP-211 214 216 Series Invitation {CCD030A0-F6A7-41FE-A3EE-5F351C414A00} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2039F255-AD1A-4AB3-9C4B-904CBEF6089E} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player PPAPI Notifier => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21B3EDAD-FC12-4970-B7C7-3511390E9BD8} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73260907-06DD-4A3C-9DDB-468F7B709AA9} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeAAMUpdater-1.0-SANTI-Santi => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0AC1880-727B-4534-826D-F3EA85FB7372} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA866BD1-994A-4FA8-91C6-F985C42EE347} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeGCInvoker-1.0-SANTI-Santi => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E00DB4E-1AA1-48B8-B6F6-0ED330447B4A} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4B37F58-089A-4DB2-BCEB-BFF08E07FB2E} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => could not remove. Access Denied.
 
==== End of Fixlog 23:42:32 ====
 
All right, here's the fixlog!
 
The memory usage has improved! now it uses around 40% of it!
 
Huge thanks (:
 
Do you suggest any other change or improvment for my pc?


BC AdBot (Login to Remove)

 


#17 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:20 PM

Posted 19 April 2018 - 05:25 AM

Disk De-fragmentation would be another option.

 

Since there are no signs of infection anymore in your logs I guess we're done here.

 

Remove quarantined items.

 

Please download DelFix by Xplode and save to your Desktop.

  • Double-click on delfix.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator.
  • Put a check mark next to these items:
    - Remove disinfection tools
    - Create registry backup
    delfix.jpg
    .
  • Click the "Run" button.
  • When the tool has finished, it will create and open a log report (DelFix.txt)

 
Windows Updates
 
Keeping Windows up to date is one of the first steps in having a safe and secure system.

Keeping your programs up-to-date
 
As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few:


As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them.
 
Other recommendations
 
It's your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program.
Here are a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices :

Best regards. :)

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#18 Santibuduba

Santibuduba
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 19 April 2018 - 12:32 PM

Al right, Ill do that! thank you.
 
One last thing, every time that i boot up my pc, a notification from malwarebytes is shown, stating that awebsite has been blocked  from google chrome... any ideas? I attach a screenshot.

 

 

Attached Files



#19 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:20 PM

Posted 19 April 2018 - 03:52 PM

mmofreegames.online is tagged as a source of malware web site. The Chrome extension is not present. Does it provide more information?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#20 Santibuduba

Santibuduba
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 19 April 2018 - 07:10 PM

mmm nope, here i put the complete log. That site its not the only one that malwarebytes is blocking.. :(

 

here's the log from delfix

 

# DelFix v1.013 - Logfile created 19/04/2018 at 21:04:34
# Updated 17/04/2016 by Xplode
# Username : Santi - SANTI
# Operating System : Windows 10 Home  (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\CARLOS\Downloads\AdwCleaner.exe
Deleted : C:\Users\CARLOS\Downloads\RogueKiller_portable64.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
 
~ Creating registry backup ... OK
 
########## - EOF - ##########
 

Attached Files



#21 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:20 PM

Posted 19 April 2018 - 09:34 PM

After running Delfix, you will need to re-download FRST.

 

Open FRST as you did before.

Type the following in the edit box on FRST, after "Search:".

*.json

It then should look like:

Search: *.json

Click Search Files button and post the log (Search.txt) it will produce in your next reply.
 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#22 Santibuduba

Santibuduba
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 20 April 2018 - 12:26 PM

All right, here it is

 

Farbar Recovery Scan Tool (x64) Version: 19.04.2018
Ran by Santi (20-04-2018 14:23:55)
Running from E:\
Boot Mode: Normal
 
================== Search Files: "Search: *.json" =============
 
 
====== End of Search ======


#23 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:20 PM

Posted 20 April 2018 - 01:39 PM

No. Search just for *.json

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#24 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:20 PM

Posted 20 April 2018 - 01:40 PM

Do not include the word search.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#25 Santibuduba

Santibuduba
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 20 April 2018 - 02:37 PM

Attached File  Search.txt   525.78KB   2 downloads

I couldnt copy it here, cause it was too long..



#26 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:20 PM

Posted 20 April 2018 - 06:42 PM

The .json file being blocked is no longer in your computer. Lets perform a viruscan:

 

Temporarily disable your AntiVirus and AntiSpyware protection - instructions here.

  • Please visit the ESET Online Scanner website
  • Click the SCAN NOW button to download the esetonlinescanner_enu.exe file to the Desktop
  • Double click esetonlinescanner_enu.exe. Accept the Terms of Use
  • Select Enable detection of potentially unwanted applications
  • In Advanced Settings: make sure that Clean threats automatically is unchecked
  • And Enable detection of potentially unsafe applications, Enable detection of suspicious applications, Scan archives, and Enable Anti-Stealth technology are all checked.
  • Click Scan
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When completed it'll show a list of "Threats found", click beneath it on Save to text file.... and save it as ESET log.txt on your Desktop.
  • Then click Do not clean. Place a checkmark at Delete application's data on close, click Finish and close the program.

Post the ESET log.txt report.

Don't forget to re-enable previously switched-off protection software!

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#27 Santibuduba

Santibuduba
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 21 April 2018 - 05:30 AM

Okay, I copy the log! 

 

  Attached File  ESET log .txt   3.65KB   5 downloads



#28 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:20 PM

Posted 21 April 2018 - 10:17 AM

These are keygens and cracked software, which in turn hijack your browser. Want to remove them?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#29 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:20 PM

Posted 23 April 2018 - 05:34 PM

Are you still with us?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#30 Santibuduba

Santibuduba
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 23 April 2018 - 08:58 PM

What does it mean that the hijack my browser? Ok, let's remove them.

 I have another problem with windows update. Every time I want to turn off my pc it says that it has to update, but it does not update anything, and when i turn it up again, it takes a lot of time to boot... any suggestions?






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users