Computer opening and closing programs randomly

Moving to our [COLOR=rgb(209, 72, 65)]Malware section for them to contact you. Please be patient they are in different time zones.

@Malnutrition @gus jmarket[/COLOR]

[COLOR=rgb(209, 72, 65)]
thanks[/color]

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

Once downloaded right click the FRST desktop icon and select “Run as administrator” from the menu.



If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
Frst will open with two dialogue boxes, accept the disclaimer.


Accept the default whitelist options,
If the additions.txt options box is not checked please select it.
Then select “Scan”



Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.



Please Copy and Paste the contents of these logs in your next post for review by our Security Team

We will need a log from AdwCleaner for further information.

Please go HERE and download AdwCleaner to your Desktop. Once downloaded right click the new icon and select Run as Administrator from the context menu to open the program. It will open at the Dashboard tab and no further changes to the program are necessary at this stage.

Click the Scan Now button.

[IMG alt="oklj3amfOpqEpPVXnuqk79lHRApDnhPQVXn6z6Y3NoRuE Owdc4_mOGQu11P43d4Fb8OGSEeDJ_AsebIM9FWRakQeH_rBtmE r8_ua1VJwBd_Ws3-miUSngeShjQ7W5K4p6SytCWs2=w2400" width="627px" height="401px"]https://lh3.googleusercontent.com/oklj3amfOpqEpPVXnuqk79lHRApDnhPQVXn6z6Y3NoRuEOwdc4 _mOGQu11P43d4Fb8OGSEeDJ_AsebIM9FWRakQeH_rBtmEr8_ua 1VJwBd_Ws3-miUSngeShjQ7W5K4p6SytCWs2=w2400[/IMG]

Allow AdwCleaner to start scanning and depending on the amount of data on your PC it may take some time. At the conclusion of the scan any content considered unnecessary will be displayed in the Scan Results box. Ensure all items are selected for removal and click “Clean & Repair”
[IMG alt="7pQdUft-ojpPn88OGfzif4Zs2nG7cOkKWXOxq2hnIP5ll37IPbMzLUh9W3 aC0wQonD-NEIwql19Hh7DJiYPOF1HL71bdqy81MiaqpcsP5f0JtykiLSk-l96KByQKj1ou2rexlOpo=w2400" width="627px" height="401px"]https://lh3.googleusercontent.com/7pQdUft-ojpPn88OGfzif4Zs2nG7cOkKWXOxq2hnIP5ll37IPbMzLUh9W3 aC0wQonD-NEIwql19Hh7DJiYPOF1HL71bdqy81MiaqpcsP5f0JtykiLSk-l96KByQKj1ou2rexlOpo=w2400[/IMG]

After selecting “Clean & Repair” another dialogue box may appear asking to restart now or later. If so choose “Clean & Restart Now”
Once the PC has restarted if AdwCleaner does not restart then open it again and click “Log Files” tab on the left. All log files will be listed. If you have used the program previously you may have several logs to select from so double click the most recent “Clean” log and it will open a notepad file on your Desktop.

Please COPY and PASTE the contents of that file in your next post

[COLOR=rgb(61, 142, 185)]AdwCleaner:
[HEADING=1]-------------------------------[/HEADING]
[HEADING=1]Malwarebytes AdwCleaner 7.2.3.1[/HEADING]
[HEADING=1]-------------------------------[/HEADING]
[HEADING=1]Build: 09-03-2018[/HEADING]
[HEADING=1]Database: (Cloud)[/HEADING]
[HEADING=1]Support: https://www.malwarebytes.com/support[/HEADING]
[HEADING=1]-------------------------------[/HEADING]
[HEADING=1]Mode: Clean[/HEADING]
[HEADING=1]-------------------------------[/HEADING]
[HEADING=1]Start: 09-20-2018[/HEADING]
[HEADING=1]Duration: 00:00:06[/HEADING]
[HEADING=1]OS: Windows 10 Home[/HEADING]
[HEADING=1]Cleaned: 14[/HEADING]
[HEADING=1]Failed: 0[/HEADING]
***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run|Web Companion
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes{C0C3A6C6-03BC-4195-8FCB-AEA091301353}
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion \AppContainer\Storage\microsoft.microsoftedge_8wek yb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion \AppContainer\Storage\microsoft.microsoftedge_8wek yb3d8bbwe\Children\001\Internet Explorer\DOMStorage\en.softonic.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion \AppContainer\Storage\microsoft.microsoftedge_8wek yb3d8bbwe\Children\001\Internet Explorer\DOMStorage\chrome-64-bit.en.softonic.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion \AppContainer\Storage\microsoft.microsoftedge_8wek yb3d8bbwe\Children\001\Internet Explorer\DOMStorage\avast.en.softonic.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion \AppContainer\Storage\microsoft.microsoftedge_8wek yb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion \AppContainer\Storage\microsoft.microsoftedge_8wek yb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\en.softonic.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion \AppContainer\Storage\microsoft.microsoftedge_8wek yb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\chrome-64-bit.en.softonic.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion \AppContainer\Storage\microsoft.microsoftedge_8wek yb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\avast.en.softonic.com
Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\webcompanion.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

---

[+] Delete Tracing Keys
[+] Reset Winsock

---

AdwCleaner[S00].txt - [3691 octets] - [20/09/2018 16:30:43]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########[/COLOR]

While I analyze your log, go ahead and do the following for me:

We will need a log from Zemana, can you please download the free trial HERE. Save it to somewhere you can find, double click the downloaded file and start the installation. Accept the default install options and you can safely ignore any security warnings and allow Zemana to complete the install. Once completed click the new desktop icon https://pchelpforum.net/attachments/zamicon-jpg.786 to open the program. If Zemana opens and informs of any available updates allow it to so. Next change Zemana’s default from “Smart Scan” to Deep Scan as shown below.



Then click scan



When the scan is complete allow Zemana to Quarantine any infections found by clicking Next



Once the infections are quarantined a message box will indicate success, then click the logs icon as below.



Select the latest scan and choose Open Report from the upper menu. or simply double left click on the scan just run.



The log will open as a text file. Please Copy and Paste the contents of that file in your next post

We need you to run Malwarebytes Anti-Malware (MBAM) to get a log. Please download the free version of Malwarebytes HERE

Save the file to somewhere you can easily find it. Double click the saved file to start the install, accept any security warnings that may appear and after the install click the new desktop icon https://pchelpforum.net/attachments/mwb-jpg.481 to start the program. We need to modify a couple of things with MalwareBytes before we use it so please follow the steps below.

[ul]If the dashboard is not already displayed select it.[/ul]
[ul]Then select Update to get the latest definition database.[/ul]



[ul]Next we need to change a scanning option, select Settings on the main menu[/ul]
[ul]Then Detection and Protection on the left.[/ul]
[ul]Then select Scan for rootkits in the detection options, as well as the other two options already checked.[/ul]



Now return to Dashboard on the main menu and select Scan Now at the bottom of the screen.



[ul]Allow Malwarebytes to scan your system. It may take some time depending on how much data loaded onto your hard drive. When the scan is finished any threats will be listed for action. Ensure all threats are selected, and click Remove Selected
[/ul]



A dialogue box may open and ask to restart the computer, if so select Yes



Once the computer restarts open Malwarebytes again and select History on the menu bar, Application logs, then click the scan just completed, then click Export, choose text file. Name the text file and select a location, preferably the desktop and close Malwarebytes.



Please copy and paste the contents of the text file in your next post

[COLOR=rgb(44, 130, 201)]Malware bytes didn’t find anything.
[COLOR=rgb(44, 130, 201)]I also forgot to mention that the reason I got this is very probably because of some .onion websites that weren’t very trusty. I didn’t download anything so they probably used my IP.
The attached files are all the reports I got from Zemana after the scan. [/COLOR][COLOR=rgb(44, 130, 201)][/color][/COLOR]

You have a HOSTS file hijack and hijacked Firefox. Reset it using the following:

Download ResetBrowser to your desktop.

Now close all open browsers. All browsers MUST be closed during this operation!

Right click and Run as Administrator



Click on Reset Firefox– Allow completion.
Click on Reset Chrome– Allow completion.

Now reboot your machine.

Reset Host File

[ul]
[li]Click here to download RstHosts v2.0[/li][li]Save the file to your desktop.[/li][li]Right Click and Run as Administrator.[/li][li]Click on Restaurer, then click OK at the prompt.[/li][li]This will restore the default host file.[/li][li]Next Click on Creer Un Rapport.[/li][li]This will open a logfile, post that in your next reply.[/li][/ul]
After doing the above, please re-run FRST and post the logs, as well as RstHosts’s log.

Also, before we go any further, please remove uTorrent from your PC. It can be a source of malware and we don’t work on PCs that have uTorrent on them. You may add uTorrent back later if you wish, but please remove it for now so that way I can ensure no new infections happen during the cleaning

Done

Download attached fixlist.txt file and save it to the Desktop. NOTE. It’s important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system. Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

[COLOR=rgb(61, 142, 185)]Here it is[/COLOR]

How does the computer run now?

Let-me test it for some hours

Everything is alright, thank you very much!

Let it run for a few days and then you can run Delfix to remove the tools we used if you want. To do so do the following (only after a few days to ensure no other issues arise):

Please go HERE and download Delfix Save it to your desktop.

Right click the new Delfix desktop icon and then click “run as administrator”

Place a tick in the following checkboxes

[ol][li]Remove disinfection tools[/li][li]Create registry backup[/li][li]Purge system restore[/li][/ol]

Then select “Run”


Delfix will remove the tools used to clean your PC and remove itself. When finished a .txt file will display on your desktop. A copy of this file will be also located as C:\Delfix.txt.

Please post a copy of this file in your next post