help in analyzing log

[corri57]

Welcome !
Thank you for joining the section of VIRUSNET association support.

---

BEFORE ASKING HELP, READ CAREFULLY THIS INSTRUCTION:

---

Step 1: Are you in the right place?

• Do you need assistance in PC cure from viruses?
• Or would you like to report a bug or propose a feature for HiJackThis?

If yes, see the next step.

Step 2: Show us required logs (for PC cure):

• Read carefully: How to make a request for help in the PC cure section

• Attach 'Collection-[Date].zip' log created by AutoLogger

• Describe your problem in details: It is long time I don't clean my PC. Recently I receive a lot of scam email messages. Moreover there are some other generic PC behavior, but I am not able to describe them.
  Pls can yuo help me to understand and fix the problem wchich are in the attached log?

CollectionLog-2019.09.05-16.21.zip

1. What did you done before the problem occurs: _________________
2. What programs (browsers) affected by the problem: ________________
3. Steps to reproduce: _________________

[Sandor-Helper]

Hello,

1. Uninstall via Control Panel - Programs following PUPs:

Advanced SystemCare 9
IObit Malware Fighter 5
IObit Uninstaller 8

Download AdwCleaner (by Malwarebytes) and save it to Desktop.
Run (it should be run by right-clicking as Administrator), press "Scan" and wait.
At the end of the scan log will be found at:
C:\AdwCleaner\Logs\AdwCleaner[Sxx].txt (where x is any digit).
Attach it to your next post here.

[corri57]

Hi,
thank you for taking in charge my problem.
Here is the requested log
AdwCleaner[S00].txt

[Sandor-Helper]

In Preinstalled Software window you could mark all or not mark - it's by your decision.

1. Run again AdwCleaner (by Malwarebytes) (it should be run by right-clicking as Administrator).
   Go to Settings and switch on:

Reset IE policies
Reset Chrome policies

Go to Dashboard, press Scan now and after scan ends press Clean & Repair.
System should be restarted.
After restart log will be found at:
C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt (where x is any digit).
Attach it to your next post here.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce logs called FRST.txt and Addition.txt in the same directory the tool is run from.
• Please attach the logs back here.

[corri57]

Hi,
here is logs.
I put preinstalled sw in quarantina. Moreover I run adwcleaner two times.
AdwCleaner[C02].txt
AdwCleaner[C03].txt
Addition.txt
FRST.txt

[Sandor-Helper]

Temporarily turn off any antivirus.
Highlight following code:

Start::
CreateRestorePoint:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {FD6EA974-26A5-4A07-9AE0-9EFAC61EAF6B} - \CCleanerSkipUAC -> No File <==== ATTENTION
FF user.js: detected! => C:\Users\corrado\AppData\Roaming\Mozilla\Firefox\Profiles\u3e1s4vi.default\user.js [2017-04-08]
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-15] (IObit Information Technology -> IObit)
2019-09-06 15:07 - 2016-10-07 10:25 - 000000000 ____D C:\Users\corrado\AppData\LocalLow\IObit
2019-09-06 15:07 - 2016-05-21 09:41 - 000000000 ____D C:\Users\corrado\AppData\Roaming\IObit
2019-09-06 15:07 - 2016-05-21 09:41 - 000000000 ____D C:\ProgramData\IObit
2019-09-06 15:07 - 2016-05-21 09:41 - 000000000 ____D C:\Program Files (x86)\IObit
2019-09-02 14:26 - 2016-05-21 09:41 - 000000000 ____D C:\ProgramData\ProductData
ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
FirewallRules: [{7CD892A1-7045-40AF-BDA3-989C9A8324B0}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.3.0\AutoUpdate.exe No File
FirewallRules: [{23C16F1E-5CB8-4377-9E4D-1F06C48E76D5}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.3.0\AutoUpdate.exe No File
FirewallRules: [{9690BB4A-6212-4782-AC56-8D95066DC96C}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.3.0\DBDownloader.exe No File
FirewallRules: [{17D8FE2E-C9E3-4C89-A53E-745F7F35A377}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.3.0\DBDownloader.exe No File
FirewallRules: [{BB2D1909-2E7C-4F24-AA6B-86E2A04812E2}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.3.0\DriverBooster.exe No File
FirewallRules: [{FDBE892C-AB96-44AC-912C-159D10D93CA4}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.3.0\DriverBooster.exe No File
FirewallRules: [{DDCDE10D-97D5-487C-9A4C-37EB95601E8F}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe No File
FirewallRules: [{D945BD4A-D75F-4080-A4E8-99F90ED246E4}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe No File
EmptyTemp:
Reboot:
End::

Copy highlighted text (right click - Copy).
Run FRST (FRST64) as Administrator.
Press Fix button once and wait. Program will create (Fixlog.txt). Attach it to the next post.

PC will reboot.

[corri57]

Fixlog.txt

[Sandor-Helper]

Ok, what kind of problems you still have? Or is your system became better now?

[corri57]

I have tested my PC for these 2 days, now is surely better, thank you very much for your support.
Last request, could you tell me 2 words about the usage we made of adwcleaner and FRST.

[Sandor-Helper]

Good news, thank you for coming back!

We've cleaned PUPs (potentially unwanted progams) and its "tails".

At the end of cureing please do following steps:
Start AdwCleaner, at the Settings menu scroll down to Remove AdwCleaner and press Remove.

Next, rename frst64.exe to uninstall,exe and run it.

Other files and folders could be simply deleted.

To check security and outdated progams download SecurityCheck by glax24 & Severnyj
Extract it from zip, run and wait for the end of scan.
Report will be opened in Notepad. Attach file C:\SecurityCheck\SecurityCheck.txt to your next post.

[corri57]

SecurityCheck.txt

[Sandor-Helper]

--------------------------- [ FirewallWindows ] ---------------------------
Windows Defender Firewall (mpssvc) - The service is running
Disabled the domain profile of Windows Firewall
Disabled the public profile of Windows Firewall
Disabled the standard profile for Windows Firewall
--------------------------- [ OtherUtilities ] ----------------------------
GIMP 2.8.16 v.2.8.16 Download Update
VLC media player v.3.0.0 Download Update
-------------------------------- [ Arch ] ---------------------------------
7-Zip 18.01 (x64 edition) Download Update
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 191 v.8.0.1910.12
Uninstall old version and install new one (jre-8u221-windows-i586.exe). Download Update
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Shockwave Player 12.3 v.12.3.1.201 Warning! This software is no longer supported. Please uninstall it.

[corri57]

Thankyou for all.
Corrado