Assigned nslookup keeps popping up, managed to fix it but it's still running in my task manager, is that normal?

This thread is being handled by a member of the staff.
Status
Not open for further replies.

kiramisu

New Member
Thread author
Mar 15, 2022
12
I think I downloaded some virus that keeps executing nslookup. I've deleted some suspicious files and the popping up stopped. but nslookup is still running in the background when I checked my task manager, is it normal or should I worry about it?
 

icotonev

Moderator
Verified
Staff Member
Mar 9, 2017
514
Hello, Welcome to MalwareTips..! :)

Please follow the following instruction ..:

Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.
If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe

Note:
You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.
---------------------------------------------------

In your next reply, please include:
  • FRST.txt
  • Addition.txt
 

kiramisu

New Member
Thread author
Mar 15, 2022
12
Hello, Welcome to MalwareTips..! :)

Please follow the following instruction ..:

Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.
If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe

Note:
You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.
---------------------------------------------------

In your next reply, please include:
  • FRST.txt
  • Addition.txt
 

Attachments

  • Addition.txt
    31.8 KB · Views: 23

kiramisu

New Member
Thread author
Mar 15, 2022
12
When I try to sent the FRST.txt, it fails to send it. every other txt that I try to send works but the FRST.txt wont, tried to copy paste the content of the FRST.txt on another .txt file but it still wont send. also checked the console for what's causing the error and it says "Failed to load resource: the server responded with a status of 403 ()"
 
Last edited:

icotonev

Moderator
Verified
Staff Member
Mar 9, 2017
514
When I try to sent the FRST.txt, it fails to send it. every other txt that I try to send works but the FRST.txt wont, tried to copy paste the content of the FRST.txt on another .txt file but it still wont send. also checked the console for what's causing the error and it says "Failed to load resource: the server responded with a status of 403 ()"

I need to see your FRST.txt log as well.

Attach it to your next post please.

If it won't attach, then zip it by right clicking on it and selecting Send To > Compressed (zipped) folder, and then attach the folder created.
 

kiramisu

New Member
Thread author
Mar 15, 2022
12
I need to see your FRST.txt log as well.

Attach it to your next post please.

If it won't attach, then zip it by right clicking on it and selecting Send To > Compressed (zipped) folder, and then attach the folder created.
the zip file wont send even when I do it on rar. also when sending the FRST.txt it says that it's an invalid message
 

icotonev

Moderator
Verified
Staff Member
Mar 9, 2017
514
Copy and paste the contents of the FRST.txt here:


Post the link in your next post..!
 

icotonev

Moderator
Verified
Staff Member
Mar 9, 2017
514
Okay .. copy all the content in your next post using the spoiler feature..!
..show..:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2022
Ran by Sj (17-03-2022 09:58:30)
Running from C:\Users\Sj\Downloads
Microsoft Windows 10 Pro Version 1909 18363.418 (X64) (2022-03-13 11:49:52)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-352846210-1366433661-320065120-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-352846210-1366433661-320065120-503 - Limited - Disabled)
Guest (S-1-5-21-352846210-1366433661-320065120-501 - Limited - Disabled)
Sj (S-1-5-21-352846210-1366433661-320065120-1002 - Administrator - Enabled) => C:\Users\Sj
WDAGUtilityAccount (S-1-5-21-352846210-1366433661-320065120-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-352846210-1366433661-320065120-1002\...\uTorrent) (Version: 3.5.5.46200 - BitTorrent Inc.)
Discord (HKU\S-1-5-21-352846210-1366433661-320065120-1002\...\Discord) (Version: 1.0.9004 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{209F4B4B-3DF2-4825-9906-D4D6A80EC09E}) (Version: 1.3.0.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{32C68D93-D32F-4B01-8250-61642BFC22F8}) (Version: 2.0.28.0 - Epic Games, Inc.)
Garena (remove only) (HKLM-x32\...\gxx) (Version: 2.0.1909.2618 - Garena)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 99.0.4844.51 - Google LLC)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5070 - Intel Corporation)
Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lively Wallpaper version 1.7.4.2 (HKU\S-1-5-21-352846210-1366433661-320065120-1002\...\{E3E43E1B-DEC8-44BF-84A6-243DBA3F2CB1}}_is1) (Version: 1.7.4.2 - rocksdanister)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 99.0.1150.39 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-352846210-1366433661-320065120-1002\...\OneDriveSetup.exe) (Version: 22.033.0213.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{B5664346-4402-4834-81BE-9687BF653BA2}) (Version: 3.26.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.31.31103 (HKLM-x32\...\{2aaf1df0-eb13-4099-9992-962bb4e596d1}) (Version: 14.31.31103.0 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 3.1.21 (x86) (HKLM-x32\...\{d1c9f155-e14a-4486-b545-dde658719aac}) (Version: 3.1.21.30622 - Microsoft Corporation)
NVIDIA FrameView SDK 1.1.4923.29968894 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29968894 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.23.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.23.0.74 - NVIDIA Corporation)
NVIDIA Graphics Driver 425.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 425.31 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7885 - Realtek Semiconductor Corp.)
Roblox Player for Sj (HKU\S-1-5-21-352846210-1366433661-320065120-1002\...\roblox-player) (Version: - Roblox Corporation)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TLauncher (HKLM-x32\...\TLauncher) (Version: 2.841 - TLauncher Inc.)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 130.0.10655 - Ubisoft)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{B652B695-C849-4EF2-B09A-72771C7AD2BA}) (Version: 2.71.0.0 - Microsoft Corporation)
WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH)
Wondershare Filmora X(Build 10.1.21.0) (HKLM\...\Wondershare Filmora X_is1) (Version: - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
Zoom (HKU\S-1-5-21-352846210-1366433661-320065120-1002\...\ZoomUMX) (Version: 5.9.7 (3931) - Zoom Video Communications, Inc.)

Packages:
=========
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.2180.0_x64__8wekyb3d8bbwe [2022-03-14] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.180.699.0_x86__zpdnekdrzrea0 [2022-03-15] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2019-05-06] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2019-04-09] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2022-03-16 12:53 - 2016-07-21 10:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2022-03-16 12:53 - 2017-09-12 10:34 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2022-03-13 14:15 - 2021-07-07 15:34 - 006159480 _____ (The Qt Company Oy -> The Qt Company Ltd.) [File not signed] D:\Games\Genshin Impact\Qt5Core.dll
2022-03-16 12:53 - 2017-09-12 10:36 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2022-03-15] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2022-03-15] (Oracle America, Inc. -> Oracle Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 12:49 - 2022-03-16 12:54 - 000001090 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 cbs.wondershare.com
127.0.0.1 www.cbs.wondershare.com
127.0.0.1 platform.wondershare.com
127.0.0.1 www.wondershare.com127.0.0.1 cbs.wondershare.com
127.0.0.1 www.cbs.wondershare.com
127.0.0.1 platform.wondershare.com
127.0.0.1 www.wondershare.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\dotnet\
HKU\S-1-5-21-352846210-1366433661-320065120-1002\Control Panel\Desktop\\Wallpaper -> D:\DOCUMENTS\SJ\Pictures\FBFoVq0VQAIh4WM.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-352846210-1366433661-320065120-1002\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-352846210-1366433661-320065120-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-352846210-1366433661-320065120-1002\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-352846210-1366433661-320065120-1002\...\StartupApproved\Run: => "ut"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F0D300F6-6A1E-41FB-8984-98E61D30F0BA}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{528C1FEC-840B-4E39-A148-E325385FB7BE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{ABE91015-4AAE-421A-BA1B-E1F5A04452AD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{663CA76C-A459-4381-BF32-F4A758F07B2A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{0E3622C1-E350-40F2-A1BC-A1CFE41FE736}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{15A20CF4-BFF1-4F6A-B286-CDFACCFA5AF7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A7CB2BED-0A49-4ADF-B95E-51E27ECE0899}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{EBDE9816-A215-43A0-8E0F-29E83E0577FA}] => (Allow) C:\Users\Sj\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{E3248577-4E83-45A6-BD33-4FD3663CFF4A}] => (Allow) C:\Users\Sj\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{DFA1DF57-210F-4AD9-B7E4-93B8BEC4F563}] => (Allow) C:\Users\Sj\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{3A17AC3A-E187-4C97-BA3C-1F9C6B19F840}] => (Allow) D:\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{8FF090C0-7CDA-4BC5-B9B1-7FF27FC5B952}] => (Allow) D:\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{76B5C290-7AF5-4F37-8F6B-EC1C1F533E55}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1909.2618\gxxsvc.exe (Garena Online Pte Ltd -> Garena Online)
FirewallRules: [{8CD19C5A-F3D5-4B50-893F-7116F6DF89DD}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{351356E9-7A4C-4B34-9C03-80EE79AB87A0}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{81F99217-FA41-4C9A-B8BD-CDAECCA39308}] => (Allow) D:\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{CF3C69EB-75AE-421C-89C6-E57A5B723A70}] => (Allow) D:\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{68E18AEA-FE57-4E01-BBE1-4C8A9510C0E2}] => (Allow) D:\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_Vulkan.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{5D01ECDD-E741-4D09-81D6-C3191157A921}] => (Allow) D:\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_Vulkan.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [TCP Query User{670358ED-C22A-4DB7-9EE6-033BEE0D9C82}C:\users\sj\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sj\appdata\roaming\spotify\spotify.exe => No File
FirewallRules: [UDP Query User{D954C685-5A13-43E4-AB95-260250258B11}C:\users\sj\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sj\appdata\roaming\spotify\spotify.exe => No File
FirewallRules: [TCP Query User{EDA4A095-B459-4C44-A6ED-E60436E2130C}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{8F624FC2-13AF-4BC7-A4D9-310C39119379}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{B06E0D71-F837-428E-B424-85D7F618700B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{901286AF-EBF0-48AA-BB67-A481E45C170D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0C53B5D2-A8C2-4946-9200-64CF13A49C45}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9425DDB9-2332-4467-BE5E-5618C495086A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2808F71C-5FD5-4A74-8E3C-B083012AD04C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.180.699.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3B763903-20D3-42F0-BEAB-CB3221F85712}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.180.699.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8458A7A4-756E-4304-81B3-E9366D51D750}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.180.699.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{87F27C4B-6D8D-4265-957B-1DB9C439EE69}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.180.699.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{07C73712-6E69-42DC-BBA5-391D5DEF4113}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.180.699.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{20E3F51C-760C-4091-80A1-99BDBEB329B7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.180.699.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5F222EA1-6E3F-4BE3-9C16-16DE71BE9333}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.180.699.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3E7FE89E-09FF-464A-BA74-62389406C744}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.180.699.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{6409E698-D012-48E9-9AF6-D683FFC68C8F}C:\users\sj\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\sj\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe
FirewallRules: [UDP Query User{E1AFFD2C-BDF2-469B-85BF-E3F60D835908}C:\users\sj\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\sj\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe
FirewallRules: [{46F08235-3B7E-4C32-A0E5-EAA13FB22801}] => (Allow) D:\Steam\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{B3DB8529-E049-461D-8283-E5E61B1972A9}] => (Allow) D:\Steam\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{5914C31B-9DBE-4383-857F-9B02221275D9}] => (Allow) C:\Users\Sj\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{8A06EB7A-6C6C-4FB5-810E-87FBD69A7BE3}] => (Allow) C:\Users\Sj\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{9A31D852-8A59-4195-9098-B5269FDFBBD6}C:\users\sj\appdata\roaming\utorrent\updates\3.5.5_46206.exe] => (Allow) C:\users\sj\appdata\roaming\utorrent\updates\3.5.5_46206.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{4D754583-70D3-4CD8-AE5E-73BB71F216CC}C:\users\sj\appdata\roaming\utorrent\updates\3.5.5_46206.exe] => (Allow) C:\users\sj\appdata\roaming\utorrent\updates\3.5.5_46206.exe (BitTorrent Inc -> BitTorrent Inc.)

==================== Restore Points =========================

16-03-2022 10:27:33 Restore Point Created by FRST

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (03/17/2022 09:58:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nslookup.exe, version: 10.0.18362.1, time stamp: 0x61db4208
Faulting module name: nslookup.exe, version: 10.0.18362.1, time stamp: 0x61db4208
Exception code: 0xc0000005
Fault offset: 0x00000000000daaec
Faulting process id: 0x2978
Faulting application start time: 0x01d839a28588e005
Faulting application path: C:\Windows\System32\nslookup.exe
Faulting module path: C:\Windows\System32\nslookup.exe
Report Id: 9013cb93-dbff-494a-b11e-bc1ba071d91d
Faulting package full name:
Faulting package-relative application ID:

Error: (03/17/2022 09:56:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nslookup.exe, version: 10.0.18362.1, time stamp: 0x61db4208
Faulting module name: nslookup.exe, version: 10.0.18362.1, time stamp: 0x61db4208
Exception code: 0xc0000005
Fault offset: 0x00000000000daaec
Faulting process id: 0x2664
Faulting application start time: 0x01d839a223fc9c61
Faulting application path: C:\Windows\System32\nslookup.exe
Faulting module path: C:\Windows\System32\nslookup.exe
Report Id: 4b516a5a-ea9d-46b5-a0e2-9155acb9331a
Faulting package full name:
Faulting package-relative application ID:

Error: (03/17/2022 09:55:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ZFGameBrowser.exe, version: 0.0.0.0, time stamp: 0x61ae0030
Faulting module name: ntdll.dll, version: 10.0.18362.418, time stamp: 0x99ca0526
Exception code: 0xc0000374
Fault offset: 0x00000000000f9269
Faulting process id: 0x4c0
Faulting application start time: 0x01d8399c70c1d535
Faulting application path: D:\Games\Genshin Impact\Genshin Impact game\GenshinImpact_Data\Plugins\ZFGameBrowser.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: a529f231-4f48-46e9-8e35-c3b6610be7bd
Faulting package full name:
Faulting package-relative application ID:

Error: (03/17/2022 09:53:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nslookup.exe, version: 10.0.18362.1, time stamp: 0x61db4208
Faulting module name: nslookup.exe, version: 10.0.18362.1, time stamp: 0x61db4208
Exception code: 0xc0000005
Fault offset: 0x00000000000daaec
Faulting process id: 0x21fc
Faulting application start time: 0x01d839a1ba236b10
Faulting application path: C:\Windows\System32\nslookup.exe
Faulting module path: C:\Windows\System32\nslookup.exe
Report Id: e7431eb5-9b20-458f-92a6-f7ecafe48e54
Faulting package full name:
Faulting package-relative application ID:

Error: (03/17/2022 09:50:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nslookup.exe, version: 10.0.18362.1, time stamp: 0x61db4208
Faulting module name: nslookup.exe, version: 10.0.18362.1, time stamp: 0x61db4208
Exception code: 0xc0000005
Fault offset: 0x00000000000daaec
Faulting process id: 0x2020
Faulting application start time: 0x01d839a155d4b751
Faulting application path: C:\Windows\System32\nslookup.exe
Faulting module path: C:\Windows\System32\nslookup.exe
Report Id: 2ce750af-12f7-45c0-b399-c6e4e8dd2234
Faulting package full name:
Faulting package-relative application ID:

Error: (03/17/2022 09:47:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nslookup.exe, version: 10.0.18362.1, time stamp: 0x61db4208
Faulting module name: nslookup.exe, version: 10.0.18362.1, time stamp: 0x61db4208
Exception code: 0xc0000005
Fault offset: 0x00000000000daaec
Faulting process id: 0x1104
Faulting application start time: 0x01d839a0dbcc069e
Faulting application path: C:\Windows\System32\nslookup.exe
Faulting module path: C:\Windows\System32\nslookup.exe
Report Id: 40ca0e6a-bdf2-4925-b13d-c07473cbb36b
Faulting package full name:
Faulting package-relative application ID:

Error: (03/17/2022 09:43:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nslookup.exe, version: 10.0.18362.1, time stamp: 0x61db4208
Faulting module name: nslookup.exe, version: 10.0.18362.1, time stamp: 0x61db4208
Exception code: 0xc0000005
Fault offset: 0x00000000000daaec
Faulting process id: 0x28fc
Faulting application start time: 0x01d839a065bd903b
Faulting application path: C:\Windows\System32\nslookup.exe
Faulting module path: C:\Windows\System32\nslookup.exe
Report Id: 1bc79823-b879-4367-a738-3afbcd672f60
Faulting package full name:
Faulting package-relative application ID:

Error: (03/17/2022 09:40:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nslookup.exe, version: 10.0.18362.1, time stamp: 0x61db4208
Faulting module name: nslookup.exe, version: 10.0.18362.1, time stamp: 0x61db4208
Exception code: 0xc0000005
Fault offset: 0x00000000000daaec
Faulting process id: 0x3208
Faulting application start time: 0x01d8399fff153e42
Faulting application path: C:\Windows\System32\nslookup.exe
Faulting module path: C:\Windows\System32\nslookup.exe
Report Id: e16f36b0-c5e9-4179-87a3-728ec6018944
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (03/17/2022 08:12:30 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NTI8UTP)
Description: The server Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

Error: (03/17/2022 07:53:33 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NTI8UTP)
Description: The server Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

Error: (03/16/2022 08:09:45 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NTI8UTP)
Description: The server Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

Error: (03/16/2022 07:40:00 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NTI8UTP)
Description: The server Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

Error: (03/16/2022 07:12:45 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NTI8UTP)
Description: The server Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

Error: (03/16/2022 07:10:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Previous Versions Library service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (03/16/2022 07:10:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the Previous Versions Library service to connect.

Error: (03/16/2022 07:10:12 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NTI8UTP)
Description: The server Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.


Windows Defender:
================
Date: 2022-03-16 19:11:01.025
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: VirTool:powerShell/MaleficAms.H
Severity: Severe
Category: Tool
Path: amsi:_\Device\HarddiskVolume4\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: AMSI
Process Name: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Security intelligence Version: AV: 1.361.68.0, AS: 1.361.68.0, NIS: 1.361.68.0
Engine Version: AM: 1.1.19000.8, NIS: 1.1.19000.8

Date: 2022-03-16 12:59:38.890
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: VirTool:powerShell/MaleficAms.H
Severity: Severe
Category: Tool
Path: amsi:_\Device\HarddiskVolume4\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: AMSI
Process Name: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Security intelligence Version: AV: 1.361.68.0, AS: 1.361.68.0, NIS: 1.361.68.0
Engine Version: AM: 1.1.19000.8, NIS: 1.1.19000.8

Date: 2022-03-16 12:58:23.752
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: VirTool:powerShell/MaleficAms.H
Severity: Severe
Category: Tool
Path: amsi:_\Device\HarddiskVolume4\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: AMSI
Process Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Security intelligence Version: AV: 1.361.68.0, AS: 1.361.68.0, NIS: 1.361.68.0
Engine Version: AM: 1.1.19000.8, NIS: 1.1.19000.8

Date: 2022-03-16 10:30:34.872
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: VirTool:powerShell/MaleficAms.H
Severity: Severe
Category: Tool
Path: amsi:_\Device\HarddiskVolume4\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: AMSI
Process Name: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Security intelligence Version: AV: 1.361.67.0, AS: 1.361.67.0, NIS: 1.361.67.0
Engine Version: AM: 1.1.19000.8, NIS: 1.1.19000.8

Date: 2022-03-16 09:33:32.311
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: VirTool:powerShell/MaleficAms.H
Severity: Severe
Category: Tool
Path: amsi:_\Device\HarddiskVolume4\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: AMSI
Process Name: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Security intelligence Version: AV: 1.361.36.0, AS: 1.361.36.0, NIS: 1.361.36.0
Engine Version: AM: 1.1.19000.8, NIS: 1.1.19000.8
Event[0]:

Date: 2022-03-13 20:01:31.823
Description:
Microsoft Defender Antivirus has encountered an error trying to load security intelligence and will attempt reverting back to a known-good version.
Security intelligence Attempted: Current
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Security intelligence version: 0.0.0.0;0.0.0.0
Engine version: 0.0.0.0

==================== Memory info ===========================

BIOS: Insyde Corp. 2.10 08/18/2014
Motherboard: TOSHIBA All In One PC
Processor: Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz
Percentage of memory in use: 40%
Total physical RAM: 16296.09 MB
Available physical RAM: 9749.52 MB
Total Virtual: 19240.09 MB
Available Virtual: 10350.9 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:879.28 GB) (Free:773.7 GB) NTFS
Drive d: () (Fixed) (Total:1903.23 GB) (Free:1613.85 GB) NTFS
Drive e: (USB JULIE) (Removable) (Total:7.47 GB) (Free:7.19 GB) FAT32
Drive g: (J_CCSA_X64FRE_EN-US_DV5) (CDROM) (Total:3.8 GB) (Free:0 GB) UDF

\\?\Volume{efbe6ece-36be-11e3-9bd6-daccae0d8219}\ (System) (Fixed) (Total:1 GB) (Free:0.55 GB) NTFS
\\?\Volume{b6fb848b-b481-11e3-a63c-008cfaad9bf4}\ (Recovery) (Fixed) (Total:10.79 GB) (Free:0.33 GB) NTFS
\\?\Volume{efbe6ed6-36be-11e3-9bd6-daccae0d8219}\ () (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 2794.5 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 500A0DFF)
No partition Table on disk 1.

==================== End of Addition.txt =======================
 

icotonev

Moderator
Verified
Staff Member
Mar 9, 2017
514
Good job ..! :) Everything is alright now. Looking over your logs now. Dependent on how much I need to research this may take a while.Back as soon as I've finished analysing them.
 

icotonev

Moderator
Verified
Staff Member
Mar 9, 2017
514
We are dealing with Bitcoin minier..! :(


Farbar Recovery Scan Tool - Fix

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.


Please download the attached file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.


In your next reply, please include:
  • Fixlog.txt
 

Attachments

  • fixlist.txt
    4.5 KB · Views: 23
Last edited:

kiramisu

New Member
Thread author
Mar 15, 2022
12
We are dealing with Bitcoin minier..! :(


Farbar Recovery Scan Tool - Fix

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.


Please download the attached file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.


In your next reply, please include:
  • Fixlog.txt
 

Attachments

  • Fixlog.txt
    10.9 KB · Views: 22

icotonev

Moderator
Verified
Staff Member
Mar 9, 2017
514
Well done..! :) How your computer behaves ..? Next ....:

Malwarebytes Anti-Malware

  • If you already have Malwarebytes installed then open Malwarebytes and click on the Scan button. It will automatically check for updates and run a Threat Scan.
  • If you don't have Malwarebytes installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and select Scan and let it run.
  • Once the scan is completed make sure you have it quarantine any detections it finds.
  • If no detections were found click on the Save results drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If there were detections then once the quarantine has completed click on the View report button, Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know in your next reply that the scanner would not run.


Run AdwCleaner (Scan mode)

Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Filestab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

FRST scan
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste the logs in your next reply.


Scanning with SecurityCheck by glax24
  • Download SecurityCheck by glax24 from here and remember the tool on the desktop.
  • Run the program right-click the administrator name
  • Wait for the scan to finish. It will open in a text file named SecurityType.txt. Copy the contents of this file to your next post
  • You can find this file in the root of the system disk in a folder called SecurityCheck, C: \\ SecurityCheck \\ SecurityCheck.txt

In your next reply, please include:
  • The AdwCleaner[S0*].txt
  • The Malwarebytes report
  • FRST.txt
  • Addition.txt
  • SecurityCheck.txt
 

kiramisu

New Member
Thread author
Mar 15, 2022
12
Well done..! :) How your computer behaves ..? Next ....:

Malwarebytes Anti-Malware

  • If you already have Malwarebytes installed then open Malwarebytes and click on the Scan button. It will automatically check for updates and run a Threat Scan.
  • If you don't have Malwarebytes installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and select Scan and let it run.
  • Once the scan is completed make sure you have it quarantine any detections it finds.
  • If no detections were found click on the Save results drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If there were detections then once the quarantine has completed click on the View report button, Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know in your next reply that the scanner would not run.


Run AdwCleaner (Scan mode)

Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Filestab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

FRST scan
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste the logs in your next reply.


Scanning with SecurityCheck by glax24
  • Download SecurityCheck by glax24 from here and remember the tool on the desktop.
  • Run the program right-click the administrator name
  • Wait for the scan to finish. It will open in a text file named SecurityType.txt. Copy the contents of this file to your next post
  • You can find this file in the root of the system disk in a folder called SecurityCheck, C: \\ SecurityCheck \\ SecurityCheck.txt

In your next reply, please include:
  • The AdwCleaner[S0*].txt
  • The Malwarebytes report
  • FRST.txt
  • Addition.txt
  • SecurityCheck.txt
 

Attachments

  • SecurityCheck.txt
    7.6 KB · Views: 21
  • Addition.txt
    35.2 KB · Views: 20
  • The Malwarebytes report.txt
    2.9 KB · Views: 21
  • AdwCleaner[S00].txt
    1.6 KB · Views: 21
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top