Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Suspicious Behavior of Computer

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Suspicious Behavior of Computer

Unread postby Ore » September 28th, 2018, 7:22 pm

Hi ppmigg,

I had no problem executing the instructions, but I had one question. Was I supposed to clean what AdwCleaner found? I didn't just in case. Avast has been working normally over the past few days, nothing out of the ordinary happened. Contents of logs will be posted below.

-------------FixLog
Fix result of Farbar Recovery Scan Tool (x64) Version: 28.09.2018
Ran by Tam (28-09-2018 16:01:24) Run:1
Running from C:\Users\Tam\Desktop\Antiviruses
Loaded Profiles: Tam (Available Profiles: Tam)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation)
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKU\S-1-5-21-2257169433-888997055-2771706037-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
FF Plugin: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-04-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-04-29] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Chromium License) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\egebdhfpiokhoiflhfpfcafldnljfjhi [2018-09-14] [UpdateUrl: hxxp://goguardian.com/licenses/update.php] <==== ATTENTION
CHR Extension: (Chromium M) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\haldlgldplgnggkjaafhelgiaglafanh [2018-09-21] [UpdateUrl: hxxps://ext.goguardian.com/stable.xml] <==== ATTENTION
CHR Extension: (Chromium License) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\egebdhfpiokhoiflhfpfcafldnljfjhi [2018-09-24] [UpdateUrl: hxxp://goguardian.com/licenses/update.php] <==== ATTENTION
CHR Extension: (Chromium M) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\haldlgldplgnggkjaafhelgiaglafanh [2018-09-24] [UpdateUrl: hxxps://ext.goguardian.com/stable.xml] <==== ATTENTION
2018-07-13 10:30 - 2018-07-13 10:30 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-1010997884759045236.dll
2018-06-30 17:35 - 2018-06-30 17:35 - 000019968 _____ (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-114281658366092378.dll
2018-07-04 17:11 - 2018-07-04 17:11 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-1182409032652409725.dll
2018-07-03 10:57 - 2018-07-03 10:57 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-1247301502591679042.dll
2018-07-11 09:42 - 2018-07-11 09:42 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-1303097495445590414.dll
2018-07-06 13:33 - 2018-07-06 13:33 - 000019968 _____ (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-1603202929396162931.dll
2018-07-06 09:10 - 2018-07-06 09:10 - 000019968 _____ (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-1761239583132306730.dll
2018-06-27 20:37 - 2018-06-27 20:37 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-2047772158787543379.dll
2018-07-11 19:22 - 2018-07-11 19:22 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-2253401857238783313.dll
2018-07-09 17:27 - 2018-07-09 17:27 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-2337436248905988063.dll
2018-06-29 19:35 - 2018-06-29 19:35 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-2372963674945945934.dll
2018-07-08 19:34 - 2018-07-08 19:34 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-2521842757455238398.dll
2018-08-24 20:13 - 2018-08-24 20:13 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-2680262587391514660.dll
2018-08-11 10:25 - 2018-08-11 10:25 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-2707917457910123223.dll
2018-07-02 11:43 - 2018-07-02 11:43 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-2810650118798143401.dll
2018-07-03 10:27 - 2018-07-03 10:27 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-2870714046650673636.dll
2018-06-27 20:41 - 2018-06-27 20:41 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-3071523032528695610.dll
2018-07-11 14:25 - 2018-07-11 14:25 - 000019968 _____ (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-3385157986456784627.dll
2018-07-10 10:42 - 2018-07-10 10:42 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-3434624398456282948.dll
2018-07-01 14:23 - 2018-07-01 14:23 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-346477479070217186.dll
2018-07-04 09:29 - 2018-07-04 09:29 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-3631325410899275016.dll
2018-07-11 14:23 - 2018-07-11 14:23 - 000019968 _____ (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-373937473051150468.dll
2018-08-10 20:34 - 2018-08-10 20:34 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-3797971451813094983.dll
2018-07-12 18:28 - 2018-07-12 18:28 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-3926862313536065590.dll
2018-07-10 19:52 - 2018-07-10 19:52 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-4063391945295942949.dll
2018-07-08 10:06 - 2018-07-08 10:06 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-4066721505298895358.dll
2018-07-10 18:30 - 2018-07-10 18:30 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-4132040846415239579.dll
2018-07-12 11:35 - 2018-07-12 11:35 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-4144250482012100336.dll
2018-07-15 19:00 - 2018-07-15 19:00 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-437531092008481158.dll
2018-07-02 19:14 - 2018-07-02 19:14 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-4394814674473502463.dll
2018-07-08 19:31 - 2018-07-08 19:31 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-4600155326625628712.dll
2018-08-25 10:12 - 2018-08-25 10:12 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-4602828893507657241.dll
2018-07-06 13:19 - 2018-07-06 13:19 - 000019968 _____ (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-4905352235190754591.dll
2018-06-30 09:05 - 2018-06-30 09:05 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-5169747604384495880.dll
2018-07-06 13:32 - 2018-07-06 13:32 - 000019968 _____ (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-534242042647039370.dll
2018-07-13 18:31 - 2018-07-13 18:31 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-564741236961404434.dll
2018-07-11 11:59 - 2018-07-11 11:59 - 000019968 _____ (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-5669251281504923559.dll
2018-07-05 18:20 - 2018-07-05 18:20 - 000019968 _____ (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-5834296964424461125.dll
2018-07-02 19:11 - 2018-07-02 19:11 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-5948494479327703099.dll
2018-09-21 20:01 - 2018-09-21 20:01 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-6158942759581855103.dll
2018-07-05 20:55 - 2018-07-05 20:55 - 000019968 _____ (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-6403095216103572520.dll
2018-07-01 15:47 - 2018-07-01 15:47 - 000019968 _____ (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-6482936984306456604.dll
2018-07-06 11:22 - 2018-07-06 11:22 - 000019968 _____ (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-6502465683142607067.dll
2018-07-03 19:19 - 2018-07-03 19:19 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-6602546209477100510.dll
2018-07-08 12:14 - 2018-07-08 12:14 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-661082329947620103.dll
2018-06-28 10:14 - 2018-06-28 10:14 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-6989482188008190806.dll
2018-06-27 21:10 - 2018-06-27 21:10 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-7041843333542640632.dll
2018-06-30 09:29 - 2018-06-30 09:29 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-7108392836448466782.dll
2018-07-09 10:40 - 2018-07-09 10:40 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-7111294482199110590.dll
2018-07-06 11:06 - 2018-07-06 11:06 - 000019968 _____ (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-7275546105858303092.dll
2018-07-02 19:53 - 2018-07-02 19:53 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-7529871326098192204.dll
2018-06-29 14:17 - 2018-06-29 14:17 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-7546508394981004453.dll
2018-06-28 20:01 - 2018-06-28 20:01 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-7676497325359457392.dll
2018-07-30 18:39 - 2018-07-30 18:39 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-7697523056367623835.dll
2018-07-19 12:43 - 2018-07-19 12:43 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-7710967688979411009.dll
2018-07-08 19:35 - 2018-07-08 19:35 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-7731973479955226278.dll
2018-06-28 13:59 - 2018-06-28 13:59 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-8094715428981414831.dll
2018-07-05 10:33 - 2018-07-05 10:33 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-8151255613658643985.dll
2018-07-07 19:48 - 2018-07-07 19:48 - 000019968 _____ (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-8167974497104031064.dll
2018-06-29 09:39 - 2018-06-29 09:39 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-8284759178324540238.dll
2018-07-06 19:07 - 2018-07-06 19:07 - 000019968 _____ (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-8521551276089244759.dll
2018-07-02 21:16 - 2018-07-02 21:16 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-8645719817980766821.dll
2018-07-02 11:30 - 2018-07-02 11:30 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-8704415041380251485.dll
2018-07-11 11:55 - 2018-07-11 11:55 - 000019968 _____ (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-904380684433355865.dll
2018-08-26 20:45 - 2018-08-26 20:45 - 000019968 _____ (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-9102354454545170408.dll
Task: {56727B13-3A24-411A-91C6-EFC2345BFAF7} - \GyazoUpdateTaskMachine -> No File <==== ATTENTION
Task: {9A398686-900B-4A96-A87F-2A84B2145AF0} - \GyazoUpdateTaskMachineDaily -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\Public\AppData:CSM [474]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [470]

EmptyTemp:
*****************

Restore point was successfully created.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => not found
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => removed successfully
HKLM\Software\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => not found
"HKU\S-1-5-21-2257169433-888997055-2771706037-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => removed successfully
HKLM\Software\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => not found
HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.171.2 => not found
"C:\Program Files\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll" => not found
HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.171.2 => not found
"C:\Program Files\Java\jre1.8.0_171\bin\plugin2\npjp2.dll" => not found
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
CHR Extension: (Chromium License) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\egebdhfpiokhoiflhfpfcafldnljfjhi [2018-09-14] [UpdateUrl: hxxp://goguardian.com/licenses/update.php] <==== ATTENTION => Error: No automatic fix found for this entry.
CHR Extension: (Chromium M) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\haldlgldplgnggkjaafhelgiaglafanh [2018-09-21] [UpdateUrl: hxxps://ext.goguardian.com/stable.xml] <==== ATTENTION => Error: No automatic fix found for this entry.
CHR Extension: (Chromium License) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\egebdhfpiokhoiflhfpfcafldnljfjhi [2018-09-24] [UpdateUrl: hxxp://goguardian.com/licenses/update.php] <==== ATTENTION => Error: No automatic fix found for this entry.
CHR Extension: (Chromium M) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\haldlgldplgnggkjaafhelgiaglafanh [2018-09-24] [UpdateUrl: hxxps://ext.goguardian.com/stable.xml] <==== ATTENTION => Error: No automatic fix found for this entry.
C:\Users\Tam\AppData\Local\Temp\jansi-64-1010997884759045236.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-114281658366092378.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-1182409032652409725.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-1247301502591679042.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-1303097495445590414.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-1603202929396162931.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-1761239583132306730.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-2047772158787543379.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-2253401857238783313.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-2337436248905988063.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-2372963674945945934.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-2521842757455238398.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-2680262587391514660.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-2707917457910123223.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-2810650118798143401.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-2870714046650673636.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-3071523032528695610.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-3385157986456784627.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-3434624398456282948.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-346477479070217186.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-3631325410899275016.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-373937473051150468.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-3797971451813094983.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-3926862313536065590.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-4063391945295942949.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-4066721505298895358.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-4132040846415239579.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-4144250482012100336.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-437531092008481158.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-4394814674473502463.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-4600155326625628712.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-4602828893507657241.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-4905352235190754591.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-5169747604384495880.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-534242042647039370.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-564741236961404434.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-5669251281504923559.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-5834296964424461125.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-5948494479327703099.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-6158942759581855103.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-6403095216103572520.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-6482936984306456604.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-6502465683142607067.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-6602546209477100510.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-661082329947620103.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-6989482188008190806.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-7041843333542640632.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-7108392836448466782.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-7111294482199110590.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-7275546105858303092.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-7529871326098192204.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-7546508394981004453.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-7676497325359457392.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-7697523056367623835.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-7710967688979411009.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-7731973479955226278.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-8094715428981414831.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-8151255613658643985.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-8167974497104031064.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-8284759178324540238.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-8521551276089244759.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-8645719817980766821.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-8704415041380251485.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-904380684433355865.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-9102354454545170408.dll => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{56727B13-3A24-411A-91C6-EFC2345BFAF7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56727B13-3A24-411A-91C6-EFC2345BFAF7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GyazoUpdateTaskMachine" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9A398686-900B-4A96-A87F-2A84B2145AF0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A398686-900B-4A96-A87F-2A84B2145AF0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GyazoUpdateTaskMachineDaily" => removed successfully
C:\Users\Public\AppData => ":CSM" ADS removed successfully
C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 80316480 B
Java, Flash, Steam htmlcache => 394210441 B
Windows/system/drivers => 119905062 B
Edge => 0 B
Chrome => 1026323625 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 58592866 B
systemprofile32 => 66228 B
LocalService => 132244 B
NetworkService => 254006 B
Tam => 2799654052 B

RecycleBin => 6430271 B
EmptyTemp: => 4.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 16:04:31 ====


-------------AdwCleaner
# -------------------------------
# Malwarebytes AdwCleaner 7.2.3.0
# -------------------------------
# Build: 08-30-2018
# Database: (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 09-28-2018
# Duration: 00:00:25
# OS: Windows 7 Professional
# Scanned: 41933
# Detected: 13


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy C:\Users\Public\Documents\Downloaded Installers
PUP.Optional.SlimCleanerPlus C:\Users\Tam\AppData\Local\slimware utilities inc

***** [ Files ] *****

PUP.Optional.Legacy C:\Users\Tam\Desktop\SysInfo.exe
PUP.Optional.Legacy C:\Windows\System32\drivers\swdumon.sys

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.SlimCleanerPlus HKLM\Software\Wow6432Node\SlimWare Utilities Inc
PUP.Winlogon.Heuristic HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit

***** [ Chromium (and derivatives) ] *****

PUP.Optional.Legacy Share to Classroom

***** [ Chromium URLs ] *****

PUP.Optional.Legacy Ask
PUP.Optional.Legacy Ask
PUP.Optional.Legacy Ask
PUP.Optional.Legacy AOL
PUP.Optional.Legacy AOL
PUP.Optional.Legacy AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
Ore
Active Member
 
Posts: 12
Joined: September 23rd, 2018, 12:02 am
Advertisement
Register to Remove

Re: Suspicious Behavior of Computer

Unread postby pgmigg » September 29th, 2018, 1:23 am

Hi Ore,

Ore wrote:I had no problem executing the instructions, but I had one question. Was I supposed to clean what AdwCleaner found? I didn't just in case.
I asked you not to clean anything by AdwCleaner, because before something to delete it is necessary to check whether something is found that it makes sense to leave.
Ore wrote:Avast has been working normally over the past few days, nothing out of the ordinary happened.
Absence of symptoms does not mean that everything is clear.

Step 1.
Scan & Clean with AdwCleaner.
  1. Please download AdwCleaner and save it to your Desktop.
  2. Double click AdwCleaner.exe to run it.
  3. Click Yes on UAC question and I Agreeon Welcome window.
  4. Click Scan now button. If it will ask for update please decline it by click No.
  5. On Scan Results screen, please click Clean & Repair button and then Clean & Restart Now.
  6. On reboot a log will open AdwCleaner[Rxx].txt. Copy and paste the contents of that log file in your reply.

Step 2.
ESET Online Scanner
  1. Please close all open programs and windows.
  2. Please go HERE then click on Scan now and save esetonlinescanner_enu.exe on your Desktop.
  3. Double-click on esetsmartinstaller_enu.exe to run it.
  4. Select the option Accept for the Terms of Use and then follow the prompt.
  5. On the next screen please check Enable detection of potentially unwanted applications.
  6. Then click on Advanced Settings and select the following:
    • Enable detection of potentially unsafe applications
    • Enabled detection of suspicion applications
    • Scan archives
    • Enable Anti-Stealth technology
  7. Make sure that the option Clean threats automatically is NOT checked, as well as Use custom proxy settings.
  8. Now click on Scan button.
  9. The Downloading virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  10. Do not touch either the Mouse or Êeyboard during the scan otherwise it may stall.
  11. When completed you will be presented with a list of found threats ....
    • Click on the List of found threats link
    • Click on Export to text file
    • Save as ESET.txt to your Desktop
  12. Exit out of ESET Online Scanner.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the AdwCleaner[Rxx].txt log file
  3. Contents of the ESET.txt log file
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Suspicious Behavior of Computer

Unread postby Ore » September 29th, 2018, 11:05 am

Hello ppmigg,

I was able to successfully follow your instructions, but AdwCleaner found possible malignancies, but I didn't clean them because that may botch things in this process. My computer hasn't been acting up in the last few days, I'm not sure if that means that there was never a problem in the first place or the bug has become dormant. Logs will be posted below.

--------Fixlog
Fix result of Farbar Recovery Scan Tool (x64) Version: 28.09.2018
Ran by Tam (28-09-2018 16:01:24) Run:1
Running from C:\Users\Tam\Desktop\Antiviruses
Loaded Profiles: Tam (Available Profiles: Tam)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation)
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKU\S-1-5-21-2257169433-888997055-2771706037-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
FF Plugin: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-04-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-04-29] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Chromium License) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\egebdhfpiokhoiflhfpfcafldnljfjhi [2018-09-14] [UpdateUrl: hxxp://goguardian.com/licenses/update.php] <==== ATTENTION
CHR Extension: (Chromium M) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\haldlgldplgnggkjaafhelgiaglafanh [2018-09-21] [UpdateUrl: hxxps://ext.goguardian.com/stable.xml] <==== ATTENTION
CHR Extension: (Chromium License) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\egebdhfpiokhoiflhfpfcafldnljfjhi [2018-09-24] [UpdateUrl: hxxp://goguardian.com/licenses/update.php] <==== ATTENTION
CHR Extension: (Chromium M) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\haldlgldplgnggkjaafhelgiaglafanh [2018-09-24] [UpdateUrl: hxxps://ext.goguardian.com/stable.xml] <==== ATTENTION
2018-07-13 10:30 - 2018-07-13 10:30 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-1010997884759045236.dll
2018-06-30 17:35 - 2018-06-30 17:35 - 000019968 _____ (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-114281658366092378.dll
2018-07-04 17:11 - 2018-07-04 17:11 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-1182409032652409725.dll
2018-07-03 10:57 - 2018-07-03 10:57 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-1247301502591679042.dll
2018-07-11 09:42 - 2018-07-11 09:42 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-1303097495445590414.dll
2018-07-06 13:33 - 2018-07-06 13:33 - 000019968 _____ (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-1603202929396162931.dll
2018-07-06 09:10 - 2018-07-06 09:10 - 000019968 _____ (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-1761239583132306730.dll
2018-06-27 20:37 - 2018-06-27 20:37 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-2047772158787543379.dll
2018-07-11 19:22 - 2018-07-11 19:22 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-2253401857238783313.dll
2018-07-09 17:27 - 2018-07-09 17:27 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-2337436248905988063.dll
2018-06-29 19:35 - 2018-06-29 19:35 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-2372963674945945934.dll
2018-07-08 19:34 - 2018-07-08 19:34 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-2521842757455238398.dll
2018-08-24 20:13 - 2018-08-24 20:13 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-2680262587391514660.dll
2018-08-11 10:25 - 2018-08-11 10:25 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-2707917457910123223.dll
2018-07-02 11:43 - 2018-07-02 11:43 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-2810650118798143401.dll
2018-07-03 10:27 - 2018-07-03 10:27 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-2870714046650673636.dll
2018-06-27 20:41 - 2018-06-27 20:41 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-3071523032528695610.dll
2018-07-11 14:25 - 2018-07-11 14:25 - 000019968 _____ (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-3385157986456784627.dll
2018-07-10 10:42 - 2018-07-10 10:42 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-3434624398456282948.dll
2018-07-01 14:23 - 2018-07-01 14:23 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-346477479070217186.dll
2018-07-04 09:29 - 2018-07-04 09:29 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-3631325410899275016.dll
2018-07-11 14:23 - 2018-07-11 14:23 - 000019968 _____ (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-373937473051150468.dll
2018-08-10 20:34 - 2018-08-10 20:34 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-3797971451813094983.dll
2018-07-12 18:28 - 2018-07-12 18:28 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-3926862313536065590.dll
2018-07-10 19:52 - 2018-07-10 19:52 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-4063391945295942949.dll
2018-07-08 10:06 - 2018-07-08 10:06 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-4066721505298895358.dll
2018-07-10 18:30 - 2018-07-10 18:30 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-4132040846415239579.dll
2018-07-12 11:35 - 2018-07-12 11:35 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-4144250482012100336.dll
2018-07-15 19:00 - 2018-07-15 19:00 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-437531092008481158.dll
2018-07-02 19:14 - 2018-07-02 19:14 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-4394814674473502463.dll
2018-07-08 19:31 - 2018-07-08 19:31 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-4600155326625628712.dll
2018-08-25 10:12 - 2018-08-25 10:12 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-4602828893507657241.dll
2018-07-06 13:19 - 2018-07-06 13:19 - 000019968 _____ (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-4905352235190754591.dll
2018-06-30 09:05 - 2018-06-30 09:05 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-5169747604384495880.dll
2018-07-06 13:32 - 2018-07-06 13:32 - 000019968 _____ (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-534242042647039370.dll
2018-07-13 18:31 - 2018-07-13 18:31 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-564741236961404434.dll
2018-07-11 11:59 - 2018-07-11 11:59 - 000019968 _____ (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-5669251281504923559.dll
2018-07-05 18:20 - 2018-07-05 18:20 - 000019968 _____ (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-5834296964424461125.dll
2018-07-02 19:11 - 2018-07-02 19:11 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-5948494479327703099.dll
2018-09-21 20:01 - 2018-09-21 20:01 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-6158942759581855103.dll
2018-07-05 20:55 - 2018-07-05 20:55 - 000019968 _____ (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-6403095216103572520.dll
2018-07-01 15:47 - 2018-07-01 15:47 - 000019968 _____ (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-6482936984306456604.dll
2018-07-06 11:22 - 2018-07-06 11:22 - 000019968 _____ (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-6502465683142607067.dll
2018-07-03 19:19 - 2018-07-03 19:19 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-6602546209477100510.dll
2018-07-08 12:14 - 2018-07-08 12:14 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-661082329947620103.dll
2018-06-28 10:14 - 2018-06-28 10:14 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-6989482188008190806.dll
2018-06-27 21:10 - 2018-06-27 21:10 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-7041843333542640632.dll
2018-06-30 09:29 - 2018-06-30 09:29 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-7108392836448466782.dll
2018-07-09 10:40 - 2018-07-09 10:40 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-7111294482199110590.dll
2018-07-06 11:06 - 2018-07-06 11:06 - 000019968 _____ (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-7275546105858303092.dll
2018-07-02 19:53 - 2018-07-02 19:53 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-7529871326098192204.dll
2018-06-29 14:17 - 2018-06-29 14:17 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-7546508394981004453.dll
2018-06-28 20:01 - 2018-06-28 20:01 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-7676497325359457392.dll
2018-07-30 18:39 - 2018-07-30 18:39 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-7697523056367623835.dll
2018-07-19 12:43 - 2018-07-19 12:43 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-7710967688979411009.dll
2018-07-08 19:35 - 2018-07-08 19:35 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-7731973479955226278.dll
2018-06-28 13:59 - 2018-06-28 13:59 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-8094715428981414831.dll
2018-07-05 10:33 - 2018-07-05 10:33 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-8151255613658643985.dll
2018-07-07 19:48 - 2018-07-07 19:48 - 000019968 _____ (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-8167974497104031064.dll
2018-06-29 09:39 - 2018-06-29 09:39 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-8284759178324540238.dll
2018-07-06 19:07 - 2018-07-06 19:07 - 000019968 _____ (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-8521551276089244759.dll
2018-07-02 21:16 - 2018-07-02 21:16 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-8645719817980766821.dll
2018-07-02 11:30 - 2018-07-02 11:30 - 000019968 ____N (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-8704415041380251485.dll
2018-07-11 11:55 - 2018-07-11 11:55 - 000019968 _____ (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-904380684433355865.dll
2018-08-26 20:45 - 2018-08-26 20:45 - 000019968 _____ (Red Hat�, Inc.) C:\Users\Tam\AppData\Local\Temp\jansi-64-9102354454545170408.dll
Task: {56727B13-3A24-411A-91C6-EFC2345BFAF7} - \GyazoUpdateTaskMachine -> No File <==== ATTENTION
Task: {9A398686-900B-4A96-A87F-2A84B2145AF0} - \GyazoUpdateTaskMachineDaily -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\Public\AppData:CSM [474]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [470]

EmptyTemp:
*****************

Restore point was successfully created.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => not found
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => removed successfully
HKLM\Software\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => not found
"HKU\S-1-5-21-2257169433-888997055-2771706037-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => removed successfully
HKLM\Software\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => not found
HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.171.2 => not found
"C:\Program Files\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll" => not found
HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.171.2 => not found
"C:\Program Files\Java\jre1.8.0_171\bin\plugin2\npjp2.dll" => not found
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
CHR Extension: (Chromium License) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\egebdhfpiokhoiflhfpfcafldnljfjhi [2018-09-14] [UpdateUrl: hxxp://goguardian.com/licenses/update.php] <==== ATTENTION => Error: No automatic fix found for this entry.
CHR Extension: (Chromium M) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\haldlgldplgnggkjaafhelgiaglafanh [2018-09-21] [UpdateUrl: hxxps://ext.goguardian.com/stable.xml] <==== ATTENTION => Error: No automatic fix found for this entry.
CHR Extension: (Chromium License) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\egebdhfpiokhoiflhfpfcafldnljfjhi [2018-09-24] [UpdateUrl: hxxp://goguardian.com/licenses/update.php] <==== ATTENTION => Error: No automatic fix found for this entry.
CHR Extension: (Chromium M) - C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\haldlgldplgnggkjaafhelgiaglafanh [2018-09-24] [UpdateUrl: hxxps://ext.goguardian.com/stable.xml] <==== ATTENTION => Error: No automatic fix found for this entry.
C:\Users\Tam\AppData\Local\Temp\jansi-64-1010997884759045236.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-114281658366092378.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-1182409032652409725.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-1247301502591679042.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-1303097495445590414.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-1603202929396162931.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-1761239583132306730.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-2047772158787543379.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-2253401857238783313.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-2337436248905988063.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-2372963674945945934.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-2521842757455238398.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-2680262587391514660.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-2707917457910123223.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-2810650118798143401.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-2870714046650673636.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-3071523032528695610.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-3385157986456784627.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-3434624398456282948.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-346477479070217186.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-3631325410899275016.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-373937473051150468.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-3797971451813094983.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-3926862313536065590.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-4063391945295942949.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-4066721505298895358.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-4132040846415239579.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-4144250482012100336.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-437531092008481158.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-4394814674473502463.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-4600155326625628712.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-4602828893507657241.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-4905352235190754591.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-5169747604384495880.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-534242042647039370.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-564741236961404434.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-5669251281504923559.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-5834296964424461125.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-5948494479327703099.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-6158942759581855103.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-6403095216103572520.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-6482936984306456604.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-6502465683142607067.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-6602546209477100510.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-661082329947620103.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-6989482188008190806.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-7041843333542640632.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-7108392836448466782.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-7111294482199110590.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-7275546105858303092.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-7529871326098192204.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-7546508394981004453.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-7676497325359457392.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-7697523056367623835.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-7710967688979411009.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-7731973479955226278.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-8094715428981414831.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-8151255613658643985.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-8167974497104031064.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-8284759178324540238.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-8521551276089244759.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-8645719817980766821.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-8704415041380251485.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-904380684433355865.dll => moved successfully
C:\Users\Tam\AppData\Local\Temp\jansi-64-9102354454545170408.dll => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{56727B13-3A24-411A-91C6-EFC2345BFAF7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56727B13-3A24-411A-91C6-EFC2345BFAF7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GyazoUpdateTaskMachine" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9A398686-900B-4A96-A87F-2A84B2145AF0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A398686-900B-4A96-A87F-2A84B2145AF0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GyazoUpdateTaskMachineDaily" => removed successfully
C:\Users\Public\AppData => ":CSM" ADS removed successfully
C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 80316480 B
Java, Flash, Steam htmlcache => 394210441 B
Windows/system/drivers => 119905062 B
Edge => 0 B
Chrome => 1026323625 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 58592866 B
systemprofile32 => 66228 B
LocalService => 132244 B
NetworkService => 254006 B
Tam => 2799654052 B

RecycleBin => 6430271 B
EmptyTemp: => 4.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 16:04:31 ====


--------AdwCleanr
# -------------------------------
# Malwarebytes AdwCleaner 7.2.3.0
# -------------------------------
# Build: 08-30-2018
# Database: (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 09-28-2018
# Duration: 00:00:25
# OS: Windows 7 Professional
# Scanned: 41933
# Detected: 13


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy C:\Users\Public\Documents\Downloaded Installers
PUP.Optional.SlimCleanerPlus C:\Users\Tam\AppData\Local\slimware utilities inc

***** [ Files ] *****

PUP.Optional.Legacy C:\Users\Tam\Desktop\SysInfo.exe
PUP.Optional.Legacy C:\Windows\System32\drivers\swdumon.sys

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.SlimCleanerPlus HKLM\Software\Wow6432Node\SlimWare Utilities Inc
PUP.Winlogon.Heuristic HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit

***** [ Chromium (and derivatives) ] *****

PUP.Optional.Legacy Share to Classroom

***** [ Chromium URLs ] *****

PUP.Optional.Legacy Ask
PUP.Optional.Legacy Ask
PUP.Optional.Legacy Ask
PUP.Optional.Legacy AOL
PUP.Optional.Legacy AOL
PUP.Optional.Legacy AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
Ore
Active Member
 
Posts: 12
Joined: September 23rd, 2018, 12:02 am

Re: Suspicious Behavior of Computer

Unread postby pgmigg » September 29th, 2018, 12:11 pm

Hi Ore,

Unfortunately, this time we can not move on, because you did not do anything from what I asked for. Both logs do not match my request.

Please be more careful and follow my previous instructions literally, exactly as I asked, step by step.

This time you have to Scan and Clean by AdwCleaner - it's what was found the first time, you do not need it and it should be removed for one reason or another. Please pay attention that the logs produced by AdwCleaner are distinguished by one letter only: Sxx means scan, Rxx means repair, and xx is just a serial number.
Do not mistake it when you choose the one that is necessary for me now - the one that has inside Rxx.

Then ESET online scan will check your computer from the outside and probably will find something else that was missed during the previous searches.

The process of cleaning the computer in many respects is similar to the treatment of a person - the diagnosis is made, the medicines are written out, and the patient, trusting the doctor, accurately fulfills his instructions.
Let's just say, your computer has a mild chronic cold. :)

Waiting for contents of the AdwCleaner[Rxx].txt and ESET.txt log files,
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Suspicious Behavior of Computer

Unread postby Ore » September 30th, 2018, 11:15 pm

Hi ppmigg,

When looking back at the thread I thought that my previous reply hadn't gone through, so I rewrote it, my apologies. The logs will be posted below.

------------AdwCleaner
# -------------------------------
# Malwarebytes AdwCleaner 7.2.3.0
# -------------------------------
# Build: 08-30-2018
# Database: (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 09-30-2018
# Duration: 00:00:24
# OS: Windows 7 Professional
# Cleaned: 13
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\Public\Documents\Downloaded Installers
Deleted C:\Users\Tam\AppData\Local\slimware utilities inc

***** [ Files ] *****

Deleted C:\Users\Tam\Desktop\SysInfo.exe
Deleted C:\Windows\System32\drivers\swdumon.sys

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\Software\Wow6432Node\SlimWare Utilities Inc
Deleted HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit

***** [ Chromium (and derivatives) ] *****

Deleted Share to Classroom

***** [ Chromium URLs ] *****

Deleted Ask
Deleted Ask
Deleted Ask
Deleted AOL
Deleted AOL
Deleted AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1839 octets] - [28/09/2018 16:19:03]
AdwCleaner[S01].txt - [1900 octets] - [30/09/2018 13:12:48]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########


------------ESET
C:\AdwCleaner\Quarantine\v1\20180930.131257\1\Downloaded Installers\{06E0CADE-89B2-4EFD-B0AF-0DDCE4400E70}\setup.msi#7B238CD47778005F a variant of Win32/UwS.SlimDrivers.A application
Ore
Active Member
 
Posts: 12
Joined: September 23rd, 2018, 12:02 am

Re: Suspicious Behavior of Computer

Unread postby pgmigg » October 1st, 2018, 4:51 pm

Hello Ore,

Your latest set of logs appear to be clean! :cheers:
This is my general post for when your logs show no more signs of malware.
Before I give you instructions how to keep your computer clean and secure, you need to make a few additional steps.

Step 1.
FRST Fix
  1. Close all your programs.
  2. You should still have FRST64.exe in your Desktop\Antiviruses directory.
  3. Click Start and type notepad.exe in the search programs and files box and click Enter - a blank Notepad page should open.
    • Copy and Paste the following script into Notepad, but do not include the words Code: Select all.
    • (Click the Select all button next to Code: to select the entire script).
    Code: Select all
    Move: C:\Users\Tam\Desktop\Antiviruses\Frst64.exe C:\Users\Tam\Desktop\Antiviruses\Uninstall.exe
    Cmd: start Uninstall.exe
    
  4. Save it next to FRST64.exe as fixlist.txt.
    Important! fixlist.txt must be saved in the same directory as FRST64.exe to work.
  5. Right click on FRST64.exe and select Run as administrator.
  6. Press the Fix button one time only and wait.
  7. When FRST finishes you will be prompted to reboot your computer. Click OK.
  8. Your computer should now restart.
  9. You can now delete any tools/logs we used if they remain on your computer.

Then:
  • Please don't forget to enable and update all your defense software!

Finally:
Please click HERE
to find a short guide to staying safer online.


Please don't hesitate to ask any additional questions.

Stay Safe! ;)
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Suspicious Behavior of Computer

Unread postby Ore » October 3rd, 2018, 7:05 pm

Hello pgmigg,

I just realized that I have been spelling your name wrong this whole time, I would like to apologize for that. Secondly, Antiviruses is a folder on my desktop where I keep all of my antimalware programs, like FRST, rkill, Avast, and Malwarebytes, is it necessary to run the fix?
Ore
Active Member
 
Posts: 12
Joined: September 23rd, 2018, 12:02 am

Re: Suspicious Behavior of Computer

Unread postby pgmigg » October 3rd, 2018, 8:41 pm

Hi Ore,

Ore wrote:I just realized that I have been spelling your name wrong this whole time, I would like to apologize for that.
No big deal, please never mind, especially since this is not a name, but a nickname. :)

Secondly, Antiviruses is a folder on my desktop where I keep all of my antimalware programs, like FRST, rkill, Avast, and Malwarebytes, is it necessary to run the fix?
Saving old versions of tools, and especially those that you do not know thoroughly, is not a good practice. Best of all, download the latest version when the need arises. My fix should be executed and it will remove only what was installed at my request, including the log files that are no longer needed.

Thanks,
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Suspicious Behavior of Computer

Unread postby pgmigg » October 8th, 2018, 1:15 am

As the problems seem to be resolved and due to a lack of response, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see
Feedback for Our Helpers - Say "Thanks" Here.
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 290 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware