I don't know if I'm infected with malware or a virus

Welcome To PCHF.

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

Once downloaded right click the FRST desktop icon and select “Run as administrator” from the menu"



If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
FRST will open with two dialogue boxes, accept the disclaimer.


[ol]
[li]Accept the default whitelist options,[/li][li]If the additions.txt options box is not checked please select it. [/li]
[li]Then select Scan[/li][/ol]



Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.



Please Copy and Paste the contents of these logs in your next post for review by our Security Team

Hello again,

I followed the steps and got 2 logs, and I will post them here.

Edit : I uploaded the txt file of FRTS, so it’s easier.

This is the second post about the txt file named ‘‘Addition’’

EDIT : Like all the others, I uploaded a txt file of this instead of copying.

I see that you have µTorrent installed. Though P2P programs themselves are not malicious, the chance of downloading a malicious file is like playing russian roullette. Any file could be the one that will turn your computer into a very expensive door stop, and I would appeciate if you disabled the software and refrained from using it while we are working on your current issue. For all we know, this could be how your system was infiltrated.

Please run these scans, while I look over your FRST logs.

Adware Cleaner Scan.

Please download AdwCleaner by Xplode onto your desktop.

[ul]
[li]Close all open programs and internet browsers.[/li][li]Double click on adwcleaner.exe to run the tool.[/li][li]Click on Scan button.[/li][li]When the scan has finished click on Clean button.[/li][li]Your computer will be rebooted automatically. A text file will open after the restart.[/li][li]Please post the contents of that logfile with your next reply.[/li][li]You can find the logfile at C:\AdwCleaner[S1].txt as well.[/li][/ul]

JRT Scan.

Please download Junkware Removal Tool and save it on your desktop.

[ul]
[li]Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.[/li][li]Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.[/li][li]The tool will open and start scanning your system.[/li][li]Please be patient as this can take a while to complete depending on your system’s specifications.[/li][li]On completion, a log is saved to your desktop and will automatically open.[/li][li]Please post the JRT log.[/li][/ul]

Rogue Killer Scan.

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
[ul]
[li]Close all the running programs[/li][li]Double click on downloaded setup.exe file to install the program.[/li][li]Click on Start Scan button.[/li][li]Click on another Start Scan button.[/li][li]Wait until the Status box shows Scan Finished[/li][li]Click on Delete.[/li][li]Wait until the Status box shows Deleting Finished.[/li][li]Click on Report and copy/paste the content of the Notepad into your next reply.[/li][li]RKreport.txt could also be found on your desktop.[/li][li]If more than one log is produced post all logs.[/li][/ul]

ZHP Scan.

Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator.

1. Once you have started the program, you will need to click the scanner button.

[IMG alt="EgsT69u" width="602px" height="129px"]https://windowsinstructed.com/wp-content/uploads/2015/06/EgsT69u.png[/IMG]

The program will close all open browsers!
3. Once the scan is completed, the you will want to click the Repair button.
[URL unfurl="true"]http://windowsinstructed.com/wp-content/uploads/2015/06/6QJjV50.png[/URL]

At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.
Copy and paste the report here in your next reply.

Security Check Scan.

[ul]
[li]Download Security Check to your desktop.[/li][li]Right click it run as administrator.[/li][li]When the program completes, the tool will automatically open a log file.[/li][li]Please post that log here in your next post.[/li][/ul]

One question?

Is the program Служба автоматического обновления программ (HKU\S-1-5-21-165627662-1409266448-3510752754-1001...\MailRuUpdater) (Version: - Mail.Ru) legit. Did you install this?

Once you have posted the above logs, then I will have your fix with FRST ready for you.

I’,m sorry for the late response, it’s 2 AM here, I will answer with full answers tomorrow if you don’t mind. I will do all the requests of yours and give you good answers
I’ll see you tomorrow

This is the result of the adwCleaner :

EDIT : Uploaded txt file of the results

This is the result of JRT cleaner :
EDIT : I uploaded a txt file, so this topic won’t be so long and easier to look over.

Just an FYI. The adware cleaner log is there. We just have to wait on a mod to make it visible. Continue posting even if you can not see them.

I can’t copy and paste the txt file of rogue killer for some reason so I will just upload the txt file here instead of copying i.

This is the txt file of ZPHcleaner, I will upload the txt file, since it takes less space and less time to scroll down.

I got the logs from SecurityCheck, but since the laptop is originally installed in russian, the text document is also in russian.
I don’t know how to change this, if you know please tell me but if it’s not that big of an issue then alright.

SecurityCheck by glax24 & Severnyj v.1.4.0.46 [22.09.16]
WebSite: www.safezone.cc
DateLog: 14.01.2017 19:20:53
Path starting: C:\Users\orchoi\AppData\Local\Temp\SecurityCheck\S ecurityCheck.exe
Log directory: C:\SecurityCheck
IsAdmin: True
User: orchoi
VersionXML: 3.73is-14.01.2017

---

Windows 8(6.2.9200) (x86) ProfessionalWMC Lang: Russian(0419)
Дата установки ОС: 16.10.2016 17:20:53
Статус лицензии: Windows(R), ProfessionalWMC edition Срок истечения многопользовательской активации: 43124 мин.
Статус лицензии: Office 16, Office16ProPlusVL_KMS_Client edition Срок истечения многопользовательской активации: 253607 мин.
Режим загрузки: Normal
Браузер по умолчанию: Internet Explorer (C:\Program Files\Internet Explorer\iexplore.exe)
Системный диск: C: ФС: [NTFS] Емкость: [232.4 Гб] Занято: [151.5 Гб] Свободно: [80.9 Гб]
------------------------------- [ Windows ] -------------------------------
Service Pack не установлен Внимание! Скачать обновления
^Возможно потребуется повторная активация Windows[1]
Internet Explorer 10.0.9200.17607
Контроль учётных записей пользователя включен
Загружать автоматически обновления и устанавливать по заданному расписанию
Дата установки обновлений: 2017-01-13 13:02:58
Windows Update (wuauserv) - Служба остановлена
Security Center (wscsvc) - Служба работает
Remote Registry (RemoteRegistry) - Служба остановлена
SSDP Discovery (SSDPSRV) - Служба работает
Remote Desktop Services (TermService) - Служба остановлена
Windows Remote Management (WS-Management) (WinRM) - Служба остановлена
---------------------------- [ Antivirus_WMI ] ----------------------------
ESET Smart Security 8.0 (включен и обновлен)
Windows Defender (выключен и обновлен)
---------------------------- [ Firewall_WMI ] -----------------------------
Персональный файервол ESET (включен)
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (выключен и обновлен)
ESET Smart Security 8.0 (включен и обновлен)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
ESET Smart Security v.8.0.319.1
--------------------------- [ OtherUtilities ] ----------------------------
TeamViewer 11 v.11.0.66695 Внимание! Скачать обновления
VLC media player v.2.2.4
WinRAR 5.40 (32-bit) v.5.40.0
Wireshark 2.2.3 (32-bit) v.2.2.3
TeamViewer 11 (TeamViewer) - Служба работает
--------------------------------- [ IM ] ----------------------------------
Skype™ 7.30 v.7.30.105
--------------------------------- [ P2P ] ---------------------------------
µTorrent v.1.8.2 Внимание! Клиент сети P2P! Может содержать рекламные модули или использоваться для скачивания нежелательного контента.
--------------------------- [ AppleProduction ] ---------------------------
iTunes v.12.5.3.17 Внимание! Скачать обновления
^Для проверки новой версии используйте приложение Apple Software Update[2]
Bonjour v.3.1.0.1
Bonjour-service (Bonjour Service) - Служба работает
------------------------------- [ Browser ] -------------------------------
Google Chrome v.55.0.2883.87
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files\Google\Chrome\Application\chrome.exe v.55.0.2883.87
------------------ [ AntivirusFirewallProcessServices ] -------------------
C:\Program Files\ESET\ESET Smart Security\egui.exe v.8.0.319.0
ESET Service (ekrn) - Служба работает
C:\Program Files\ESET\ESET Smart Security\ekrn.exe v.8.0.319.0
??? ??? Windows (WinDefend) - Служба остановлена
---------------------------- [ UnwantedApps ] -----------------------------
Driver Booster 4.0 v.4.0.2 Внимание! Приложение распространяется в рамках партнерских программ и сборников-бандлов. Рекомендуется деинсталляция. Возможно Вы стали жертвой обмана или социальной инженерии.
Popcorn Time v.5.5.1.2 Внимание! Подозрение на Adware! Если данная программа Вам неизвестна, рекомендуется ее деинсталляция и сканирование ПК с помощью Malwarebytes Anti-Malware и Malwarebytes AdwCleaner Перед деинсталляцией и сканированием обязательно проконсультируйтесь в теме форума, где Вам оказывается помощь!!!
Unity Web Player v.5.3.5f1 Внимание! Приложение распространяется в рамках партнерских программ и сборников-бандлов. Рекомендуется деинсталляция. Возможно Вы стали жертвой обмана или социальной инженерии.
----------------------------- [ End of Log ] ------------------------------

---

1. /b ↩︎
2. /b ↩︎

We copy and paste logs here. It is easier for me to check things… No matter when this is done I will change it. From this point on, copy and paste logs.

FRST Fix.

Download attached fixlist.txt file and save it to the Desktop. NOTE. It’s important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


Zemana Deep Scan.

[ul]

• [li]Right click on Zemana and run as admin.[/li][/ul]
  [ul]
  [li]Click the Cog/Sproket Wheel, at the top right of Zemana[/li][/ul]
  [ul]
  [li]Select Advanced - I have read the warning and wish to proceed.[/li][/ul]
  [ul]
  [li]Place a tick next to Detect Suspicious (Root CA) Certificates.[/li][/ul]
  [ul]
  [li]Then click the house icon in Zemana.[/li][/ul]
  [ul]
  [li]Then hit your start button at the lower left hand corner of your desktop.[/li][/ul]
  [ul]
  [li]Then left click on Computer.[/li][/ul]
  [ul]
  [li]Drag Local Disk C: Into the area of Zemana that reads Drag and drop files here to scan them.[/li][/ul]
  [ul]
  [li]http://i.imgur.com/bOVO6lY.png[/li][/ul]
  [ul]
  [li]Once the scan has completed click graph icon on the top right of the programs User interface.[/li][/ul]
  [ul]
  [li]Double click to open the latest log-file.[/li][/ul]
  [ul]
  [li]Copy it to your clipboard.[/li][/ul]
  [ul]
  [li]Post the log here in your next reply.[/li][/ul]

Zoek Scan

Note: Zoek Can take up to an hour to run, this is normal. Do not try and stop it even it if seems to be stalled. Let it run it’s course!
---- Please run this tool from Safe Mode with networking.----- If it has trouble starting in normal mode.

Disable your antivirus prior to this scan.
Download Zoek
Save the file to your desktop.
Right click Zoek.exe and run as administrator. (Xp Users double click)
Copy and paste the items in red below and paste them into Zoek.

createsrpoint;
emptyfolderscheck;delete
emptyclsid;
emptyalltemp;
ipconfig /flushdns;b
ResetHosts;
autoclean;

Now hit the run script button.
The log will appear after a reboot, also you can find it on the C: drive.
Post the log in your next reply.

Fresh FRST Logs.

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

[ul]
[li]Right-click on FRST icon and select Run as Administrator to start the tool.[/li](XP users click run after receipt of Windows Security Warning - Open File).
[li]Make sure that Addition option is checked.[/li][li]Press Scan button and wait.[/li][li]The tool will produce two logfiles on your desktop: FRST.txt, and Addition.txt.[/li][/ul]
Please Copy & Paste them into your next reply