Windows 10 - runs very slowly

qba91

Member
Joined
Oct 30, 2024
Posts
20
I have a problem with Windows 10 on Dell XPS 15 9560. Everything seems to work but you have to wait a moment for a response, as if in slow motion and the mouse cursor can freeze. After clicking I have to wait a moment for the action to take place.
I have Norton 360 Delux antivirus but for 3 years now, although it is partition c with 274GB there is 20GB left.
About a month ago I changed the thermal paste on the processor and graphics to the Honeywell PTM7950 thermopad - supposedly not from Ali.. but I am not sure if it is original, it is hard to detect.
I am afraid that the PCIe NvMe SSD hard drive may have been damaged because the battery is damaged and the laptop sometimes suddenly turned off unexpectedly.
Diagnostics:
I did a RAM test - ok
I did a CHKDSK /F /R /X memory test supposedly no problems.
CPU temperature while watching YT HD max 52*C (min 40*C)
I ran cCleaner but I didn't fix the issue with this tool, I prefer to ask here first

Laptop: Dell XPS 15 9560
CPU: Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz 2.80 GHz
RAM: 16.0 GB
HDD: PC300 NVMe SK hynix 512GB
 

Attachments

Do not try to use cCleaner Registry Cleaner. It's not your answer (or IMO, anybody's). Delete Norton and use Windows Security. This alone might solve your problem. It's been the answer since Windows 10 first appeared.
 
Hello, qba91.

FRST is a tool that will help us to see what is happening in your system.

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.

If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe

  • Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.
 
Hi.

Thanks for your patience. I would like to let you know that I didn't forget about your topic. The last days, however, were extremely busy for me. Thus, I'll review your logs by tomorrow.

Meanwhile, read the basic guidelines for the procedure we are going to follow:


1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.
 
Hi.

I hope you are still with me.

Your system needs some cleaning and maintenance. Before we begin, though, I have some first comments/instructions for you.

1. P2P program

You have qBittorrent installed in your computer. This is a P2P program. P2P programs form a direct conduit on to a computer. They have always been a target of malware writers and are increasingly so of late. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program. If you don't uninstall it, your computer will probably get infected again, as soon as you use it again. But it is your computer and of course your decision.
  • If you decide to keep it, DON'T use it during the cleaning procedure.
  • If you decide to uninstall it, uninstall it now.

2. Java

There are very few reasons these days to continue having Java installed on your computer. However, if you do elect to keep Java, it needs to be updated to the latest version which you can find here: Java SE Runtime Environment 8 - Downloads.

For now, just uninstall:

Java 8 Update 421
Java(TM) SE Development Kit 22.0.1

If you need Java, you will install the newest version as soon as we finish from here.


3. Edge

Are you using Edge? It seems that there is a problem with your recently created profile.



In your next reply, please post:
  1. What did you do with the torrent client and Java
  2. A reply about Edge
 
Hi, Thanks
I've had qBittorrent for literally a week, but after my computer slowed down - Should I use Windows sandbox or maybe a virtual machine for such programs?.
- I uninstalled qBittorrent.
- I uninstalled Java, I had both 32bit and 64bit installed, and I need it for some programs.
- As for Edge, I use it sometimes, usually for WhatsApp online, or when something doesn't work well on Chrome. I haven't logged in or changed my account on Edge for a long time, and when I checked, mine is logged in, which should have been logged in for a few years..
 
Why do you need a P2P program? It is a security risk, and I don't recommend it.

Let's move on a bit.

1. FRST

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
CreateRestorePoint:
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-3614399670-1168835466-867837764-1002_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\jakub\AppData\Local\Microsoft\OneDrive\19.232.1124.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3614399670-1168835466-867837764-1002_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\jakub\AppData\Local\Microsoft\OneDrive\19.232.1124.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3614399670-1168835466-867837764-1002_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\jakub\AppData\Local\Microsoft\OneDrive\19.232.1124.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3614399670-1168835466-867837764-1002_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\localserver32 -> C:\Users\jakub\AppData\Local\Microsoft\OneDrive\19.232.1124.0008\FileCoAuth.exe => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ContextMenuHandlers1: [WinArchiver] -> {A6630968-27DC-8DB8-9BCE-E12B3198A9B1} => C:\Program Files\WinArchiver\WASHELL.DLL -> No File
ContextMenuHandlers4: [WinArchiver] -> {A6630968-27DC-8DB8-9BCE-E12B3198A9B1} => C:\Program Files\WinArchiver\WASHELL.DLL -> No File
ContextMenuHandlers6: [WinArchiver] -> {A6630968-27DC-8DB8-9BCE-E12B3198A9B1} => C:\Program Files\WinArchiver\WASHELL.DLL -> No File
HKU\S-1-5-21-3614399670-1168835466-867837764-1002\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-3614399670-1168835466-867837764-1002\...\StartupApproved\Run: => "Application Restart #2"
FirewallRules: [TCP Query User{D923830A-9ED4-4996-8E3C-8CE03C6DB721}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe => No File
FirewallRules: [UDP Query User{DC3C9C73-B8A9-41D9-AD92-69BF91ED6AD0}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe => No File
FirewallRules: [{16425FF0-0506-4D73-9946-038E17CC8713}] => (Allow) LPGTECH Gas Setting => No File
FirewallRules: [{B7E10DD0-BF86-4819-9EDC-E142ED47B77A}] => (Allow) LPGTECH Gas Setting => No File
FirewallRules: [{5F8BDA30-C584-4816-9CDF-0AF9EBEF4571}] => (Allow) LPGTECH Gas Setting => No File
FirewallRules: [{0D310AAD-AD96-4C51-852F-89DCE2DD05A3}] => (Allow) C:\Ross-Tech\VCDS\VCDS.EXE => No File
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-3614399670-1168835466-867837764-1002\...\RunOnce: [Application Restart #2] => C:\Users\jakub\.stm32cubeide\.jxbrowser-7.35.1\Chromium\chromium.exe [2402136 2023-09-17] (TEAMDEV LTD. -> The Chromium Authors)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {DA9511E5-D2DA-41B7-842E-4F5A9A79A9F0} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe  (No File)
Task: {28190CDD-6372-4B34-944B-A17035C40B48} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3614399670-1168835466-867837764-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe  (No File)
CHR StartupUrls: Default -> "hxxp://www.youndoo.com/?z=e9221411d78f41fa99b09f4g6z1b8cbt1e4q0z0w9e&from=amz&uid=395049983_397186_A84F1DD4&type=hp","hxxp://www.trotux.com/?z=c45ad897b970a08281734c0g0zdbccct3e7bbg6o6q&from=isr&uid=395049983_397186_A84F1DD4&type=hp","hxxps://www.google.com/"
S4 nvvhci; \SystemRoot\System32\drivers\nvvhci.sys [X]
C:\Users\jakub\.stm32cubeide\.jxbrowser-7.35.1\Chromium
Edge Profile: C:\Users\jakub\AppData\Local\Microsoft\Edge\User Data\cId=128000000001363769&path= [2024-12-13] <==== ATTENTION
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.


2. Run Malwarebytes (scan only)
  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear on the top right (Settings) and when it opens, click the General tab. Under the title Windows Security Center, make sure the option is disabled.
  • Click the Scan and Detections tab and under the Scan options title, enable Scan for rootkits option. Do not change any other option.
  • Return to the Dashboard and choose Scan.
  • When finished, you will see the Threat Scan Summary window open.
  • If threats are not found, click View Report and proceed to the two last steps below.

    If threats are found, make sure that all threats are not selected,close the program and proceed to the next steps below.
    • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
    • Find the report with the most recent date and double click on it.
    • Click on Export and then Copy to Clipboard.
    • Paste its content here, in your next reply.


3. Run AdwCleaner (scan only)

Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click the Scan Now button.
  • Once the scan completes, AdwCleaner shows you all detected PUPs and adware. DO NOT check anything found, and click Next.
  • If any preinstalled software was detected on your device, a message notifies you that your action is requested. DO NOT check anything, and click Cancel to continue.
  • Click the Log Files tab.
  • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
  • A Notepad file will open containing the results of the removal.
  • Please post the contents of the file in your next reply.
Note: Click Skip Basic Repair if you are asked to.




In your next reply, please post:
  1. The fixlog.txt
  2. The AdwCleaner[S0*].txt
  3. The Malwarebytes report
 
Code:
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/24/2024
Scan Time: 11:57 AM
Log File: e6c0f8d0-c1e5-11ef-8456-9cb6d0e080c0.json

-Software Information-
Version: 5.2.4.157
Components Version: 1.0.5116
Update Package Version: 1.0.93508
License: Trial

-System Information-
OS: Windows 10 (Build 19045.5247)
CPU: x64
File System: NTFS
User: DESKTOP-EGF16K0\jakub

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 247109
Threats Detected: 38
Threats Quarantined: 0
Time Elapsed: 18 min, 2 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
File system: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 2
Adware.Elex.ShrtCln, C:\USERS\JAKUB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, No Action By User, 4071, 454749, 1.0.93508, , ame, , ,
Adware.Elex.ShrtCln, C:\USERS\JAKUB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, No Action By User, 4071, 454738, 1.0.93508, , ame, , ,

File: 36
Malware.AI.1679980635, C:\USERS\JAKUB\DESKTOP\PRZENIESC\OPEL DIAGNOSTYKA\AUTOSCANNER OPEL 1.0.1.70 A92.RAR, No Action By User, 1000000, 1679980635, 1.0.93508, E61474EC99CB40D36422785B, dds, 03145504, 0FFF466F7B48E6AAFFB09161702A0589, 163CFE8F6E475169ECDC2A0110CABA07F3C9A5F71AD75A89CA39CCC9A87B3240
Malware.AI.4082330195, C:\USERS\JAKUB\DOWNLOADS\RENAULT IMMO CALCULATOR.RAR, No Action By User, 1000000, -212637101, 1.0.93508, 571C4F502C3C28C0F3536A53, dds, 03145504, 9F4841586FF01C552C6F064435220B28, E81D718853777224CCF09D9240032104883B79335FE27513B225ED9CDC7F2C13
Generic.Malware.AI.DDS, C:\USERS\JAKUB\DOWNLOADS\TACHOSOFT-S-MILEAGE-CALCULATOR-V21.5.RAR, No Action By User, 1000002, 0, 1.0.93508, 15C1984030CF71A1620ECE12, dds, 03145504, E27CFAAC4E2DAF2EC9D2ABDD787A729C, 0ECB8EC6D5EC02FA70A068FF4C1F3F339948D972951BE77B83E5E6F6D8571B58
Malware.AI.4221423503, C:\USERS\JAKUB\DOWNLOADS\RENAULT_ECU_TOOL.RAR, No Action By User, 1000000, -73543793, 1.0.93508, 231D084179F9D17AFB9DCF8F, dds, 03145504, 73E6012C29F53F6C3AE826FABA6EE727, 19B1B5E8A00B5AF97B1AD363DEF245728EFE2036490E0C39139C49C82E19E672
Neshta.Virus.FileInfector.DDS, C:\USERS\JAKUB\DOWNLOADS\LICENSE REQUEST INSTRUCTIONS.ZIP, No Action By User, 1000002, 0, 1.0.93508, 4B9D4DC6C1C92857FB77E4A2, dds, 03145504, B1F03ED7F6B2370E1B3E454F3E5DC743, CF55E32925CF9DDF0A9059F1E0A285423CCD88EDD7D8DEC017DA914986689056
Malware.AI.52668141, C:\USERS\JAKUB\DOWNLOADS\TOYOTACOMANDERFORALL.RAR, No Action By User, 1000000, 52668141, 1.0.93508, AC2E76C5EA53D4BB0323A6ED, dds, 03145504, B769E11A9D777E29D3E297EBB011A7F5, 37D91FCF4C67B1FF4E41BE45FDE6BA8D9489F50FF4C2520B871527277A1E08D5
Generic.Malware.AI.DDS, C:\USERS\JAKUB\DOWNLOADS\HYUNDAI_PIN.ZIP, No Action By User, 1000002, 0, 1.0.93508, 00ADC6749490F9055A33A039, dds, 03145504, 67D662BF7557A5116D5035B2ABBBC09D, 94CD73177C3B5F2E369DB4626B0F08ADCFE022107A301AC87E38DF133F302B6B
Malware.AI.4217103300, C:\USERS\JAKUB\DOWNLOADS\HYUNDAIAUTOCALC.ZIP, No Action By User, 1000000, -77863996, 1.0.93508, 7F8EB0DA5084AF7CFB5BE3C4, dds, 03145504, 4ADEF5CCD32E2CCCB706EE3CEBE9DD46, F22FF87FABD50A808F1692A4E086DCE0BD49BBAF4D552D04A951A44DBE308611
Generic.Malware.AI.DDS, C:\USERS\JAKUB\DOWNLOADS\STEROWNIKI VAG KKL USB STARE PRZED 2013.RAR, No Action By User, 1000002, 0, 1.0.93508, ABFB7F1697F416F32BE80E00, dds, 03145504, 3B1C89051CA2386012E72E15BFCAB29D, FFAFE47BCC68F0D42A63702C44578253DC5503559DD81FC49A8DDC6D91666E9C
Malware.Heuristic.2025, C:\USERS\JAKUB\DOWNLOADS\SOFTWARE IMMO-EMULATOR FREE.RAR, No Action By User, 1000001, 1163561, 1.0.93508, 0000000000000000000007E9, dds, 03145504, 60CDA2AD0C20DEC3A1F4761E12ADF324, 4B31EFB3856694B994A70029B4F1B828018F603F85374E6EFB538F1990852C0E
Malware.Sandbox.1, C:\USERS\JAKUB\DESKTOP\PRZENIESC\OPEL DIAGNOSTYKA\AUTOSCANNEROPEL_169.EXE, No Action By User, 1, 0, 1.0.93508, 1, dds, 03145504, 6D39A610F741C5C20EC59E5CEA283E63, CCC8C79873A3BF58305120B43BDEB586D2D49F4C8F578061E24EF9A9A0E0A3BF
Malware.AI.4082330195, C:\USERS\JAKUB\DOWNLOADS\RENAULT IMMO CALCULATOR (2).RAR, No Action By User, 1000000, -212637101, 1.0.93508, 571C4F502C3C28C0F3536A53, dds, 03145504, 659F6C329397430B6AE24AD1F4C661B2, C5B513DBB9E7677C4946192CEFF115D45FCEB55D496EB91E122250F3E64FA317
Generic.Malware.AI.DDS, C:\USERS\JAKUB\DOWNLOADS\STEROWNIKI2.RAR, No Action By User, 1000002, 0, 1.0.93508, ABFB7F1697F416F32BE80E00, dds, 03145504, 3B1C89051CA2386012E72E15BFCAB29D, FFAFE47BCC68F0D42A63702C44578253DC5503559DD81FC49A8DDC6D91666E9C
Malware.AI.2182705252, C:\USERS\JAKUB\DOWNLOADS\HI-SCAN PRO WCASCADE(2).ZIP, No Action By User, 1000000, -2112262044, 1.0.93508, D4A8B551538CC4C882197064, dds, 03145504, 04D45A99B4DDDB8BB9B302F5C7FE1B06, EE373635CFF327C5B534DC772260A306EA87656F21CF19FEABF19FB0DDCAB3D3
Malware.AI.3665298931, C:\USERS\JAKUB\DOWNLOADS\ELS27BAUDRATE.ZIP, No Action By User, 1000000, -629668365, 1.0.93508, 5FEB7B73E139BDD3DA7805F3, dds, 03145504, A13E0DCDA567BDB21243901AA706046A, 4A3AEC2FAF3ECDEC0EDEA6574A39307E02F488B24F040085DAC2A65602A9F698
Malware.AI.4247664861, C:\USERS\JAKUB\DOWNLOADS\CAR_TOOL_1.06.ZIP, No Action By User, 1000000, -47302435, 1.0.93508, 098E388210331A34FD2E38DD, dds, 03145504, AFE5031FF10802E2AC8704A98FD564A3, 99F423F2D09AF70B9EA08C541BF9E8442EA685BC6ADDA37FF71FF9E39F656F72
Malware.AI.4204386520, C:\USERS\JAKUB\DOWNLOADS\TACHOCALC.RAR, No Action By User, 1000000, -90580776, 1.0.93508, B3863C994C759B39FA99D8D8, dds, 03145504, BCE5B86A3F54FB7A8754BACE9B484A93, D32A7DDD0404AE96E25306460EE420E624B895FB3CA9E87012B4E6CCA54D9569
Generic.Trojan.Malpack.DDS, C:\USERS\JAKUB\DOWNLOADS\EFFI MHHAUTO\EFFI.EXE, No Action By User, 1000002, 0, 1.0.93508, 09F06237FE87A3028D820599, dds, 03145504, 05529268A2EB991158ED884BD7A76B7F, 5443154F35416456B568138D9A687C4AEB39ACC5055E4AC0C1B1644F68547972
Adware.IStartSurf, C:\USERS\JAKUB\DOWNLOADS\ZDJECIE PALCA\ALTERIS-NAWIGATOR.EXE, No Action By User, 3813, 451216, 1.0.93508, , ame, , AC8C975878A259BDC1359B1DADE965DD, E4AD295793CF2D4F33DE1D5B29F8441D6BE139D52BD139B471640D849BF58F34
Malware.AI.4247664861, C:\USERS\JAKUB\DOWNLOADS\CAR_TOOL_1.06\CAR TOOL 1.06.EXE, No Action By User, 1000000, -47302435, 1.0.93508, 098E388210331A34FD2E38DD, dds, 03145504, C06AE57D83B7AF3785B4EC4AD5B5D69E, 55C3A7B4D22937BD883AA94633C8305D341EF558BCE2552469646A5C2940B07F
Adware.Elex.ShrtCln, C:\USERS\JAKUB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, 4071, 454749, 1.0.93508, , ame, , FE36E056ACC497CC5754BC97D9DBBC3C, 0F0DBF672A1B43E59EC99D38AECCA0E980A7654032521E3BFF276BDE25D0C877
Adware.Elex.ShrtCln, C:\Users\jakub\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb, No Action By User, 4071, 454749, 1.0.93508, , ame, , 8AF584AB95883527CAF098FC5E5CE068, 7C84C0209B697E818F437F026ADD8C1C91F69EDB6F044F47F7AF8B0D839E2BC7
Adware.Elex.ShrtCln, C:\Users\jakub\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000119.ldb, No Action By User, 4071, 454749, 1.0.93508, , ame, , 6F0514BFEC2F59893688535AAF17A338, 2C64B2AD1701756EFB2F33E29A02DBD463D3B113FC9B3E4573ABB5FEEFB96667
Adware.Elex.ShrtCln, C:\Users\jakub\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000122.ldb, No Action By User, 4071, 454749, 1.0.93508, , ame, , 7C6BD117442F3F09566B86CD6EDC4B05, ED1DA020F4F39E523316FB97474FDF556E4722A62B0FC62A4AF3EEFDCDB24B85
Adware.Elex.ShrtCln, C:\Users\jakub\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000124.ldb, No Action By User, 4071, 454749, 1.0.93508, , ame, , 5485F6529351CDA5BF5AC6C2266AE651, CF7DDE7FBBA1DDC92D1BBD9FE2A8716A979E18D267A70D2E988F11E5C067D4FC
Adware.Elex.ShrtCln, C:\Users\jakub\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000125.log, No Action By User, 4071, 454749, 1.0.93508, , ame, , F3622ECB4ADC3C4C7AA55503467609E6, 571432AFC24C488BE9A78CDACEA8D8669DAD9AA247E737EFF167ACBD71206712
Adware.Elex.ShrtCln, C:\Users\jakub\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000126.ldb, No Action By User, 4071, 454749, 1.0.93508, , ame, , 157B8A53102F3F558CE38D6F22D77B20, 799DCCC31DF0ED909277FB9AB4CDA5371342EB04691E69D21E2B6796F3B2910F
Adware.Elex.ShrtCln, C:\Users\jakub\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, No Action By User, 4071, 454749, 1.0.93508, , ame, , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
Adware.Elex.ShrtCln, C:\Users\jakub\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, No Action By User, 4071, 454749, 1.0.93508, , ame, , ,
Adware.Elex.ShrtCln, C:\Users\jakub\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, No Action By User, 4071, 454749, 1.0.93508, , ame, , E968FB78E95D28D14F520EEBB0D74002, BC228D5926DCB0D2A9D4617462491D5936AD937A98E76AD37CF2AEE8255D3682
Adware.Elex.ShrtCln, C:\Users\jakub\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, No Action By User, 4071, 454749, 1.0.93508, , ame, , 0902655F93EF7C7E77A964F6BFE86802, 3B36CA626A7A63391FAD5EFEBF8EB5B3F9A03715FE4744026936749ADC8F64AA
Adware.Elex.ShrtCln, C:\Users\jakub\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, No Action By User, 4071, 454749, 1.0.93508, , ame, , AE952595355A653025DB8436DC27A43A, 31A0470124813CC0F1BC64186FCF67F60BC05D82033AFB2CA92947F3357F7320
Malware.AI.4191116250, C:\USERS\JAKUB\DOWNLOADS\OP COM\OP-COM_ID.7Z, No Action By User, 1000000, -103851046, 1.0.93508, 0577A977C421F445F9CF5BDA, dds, 03145504, 0BA28C0B1BEF399CFE3DE696FEBE4AD9, 1B740963136B6C1E6A12091079DEF042AE3846ECF2B86B202589B3D1D997343E
Adware.Elex.ShrtCln, C:\USERS\JAKUB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, 4071, 454738, 1.0.93508, , ame, , FE36E056ACC497CC5754BC97D9DBBC3C, 0F0DBF672A1B43E59EC99D38AECCA0E980A7654032521E3BFF276BDE25D0C877
Malware.AI.4204386520, C:\USERS\JAKUB\DOWNLOADS\TACHOCALC\TACHOCALC.EXE, No Action By User, 1000000, -90580776, 1.0.93508, B3863C994C759B39FA99D8D8, dds, 03145504, B8C4F5744B1D543070CC81C62E864056, 6ABEC55482CB5370D9FF29371A9FAA3F9A38C9F9EE27A5D3645998669335D1BB
HackTool.Agent, C:\USERS\JAKUB\DOWNLOADS\SCANMASTER-ELM V2.1\KEYGEN.EXE, No Action By User, 22, 586481, 1.0.93508, 70F276EB1515D2C2FD19CA4A, dds, 03145504, 3E3CB7800823BA66843A74EE77AD0E7D, 5A2AFD68F2B16C3F3F22BA51450267C469A350431ACA974BA36F5991ACDD6F38

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Code:
# -------------------------------
# Malwarebytes AdwCleaner 8.4.2.0
# -------------------------------
# Build:    03-04-2024
# Database: 2024-03-04.1 (Local)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    12-24-2024
# Duration: 00:00:49
# OS:       Windows 10 (Build 19045.5247)
# Scanned:  32091
# Detected: 22


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

PUP.Optional.Legacy             http://www.trotux.com/?z=c45ad897b970a08281734c0g0zdbccct3e7bbg6o6q&from=isr&uid=395049983_397186_A84F1DD4&type=hp
PUP.Optional.Legacy             http://www.youndoo.com/?z=e9221411d78f41fa99b09f4g6z1b8cbt1e4q0z0w9e&from=amz&uid=395049983_397186_A84F1DD4&type=hp

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.DellDigitalDelivery   Folder   C:\Program Files (x86)\DELL DIGITAL DELIVERY
Preinstalled.DellDigitalDelivery   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{A9758B6E-19FC-4DB4-A031-AFE6C2327A35}
Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SAREMEDIATION\AGENT
Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SAREMEDIATION\AUDIT
Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SAREMEDIATION\PLUGIN
Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SUPPORTASSISTAGENT
Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\DELL\SAREMEDIATION\AGENT
Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\DELL\SAREMEDIATION\AUDIT
Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\DELL\SAREMEDIATION\PLUGIN
Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\DELL\SUPPORTASSIST
Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DELL\SUPPORTASSIST
Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\SUPPORTASSIST\CLIENT\TECHNICIANTOOLKIT
Preinstalled.DellSupportAssistAgent   Folder   C:\Users\jakub\Documents\DELL\SUPPORTASSIST
Preinstalled.DellSupportAssistAgent   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4C9C1F6F-B750-4375-A67E-8B539A1346FA} 
Preinstalled.DellSupportAssistAgent   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C9C1F6F-B750-4375-A67E-8B539A1346FA} 
Preinstalled.DellSupportAssistAgent   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dell SupportAssistAgent AutoUpdate
Preinstalled.DellSupportAssistAgent   Task   C:\Windows\System32\Tasks\DELL SUPPORTASSISTAGENT AUTOUPDATE
Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files (x86)\DELL\UPDATESERVICE
Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files\DELL\UPDATE
Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\DELL\UPDATESERVICE


AdwCleaner[S00].txt - [3759 octets] - [01/08/2021 19:05:19]
AdwCleaner[C00].txt - [1819 octets] - [01/08/2021 19:07:02]
AdwCleaner[S01].txt - [3619 octets] - [01/08/2021 19:07:25]
AdwCleaner[C01].txt - [1745 octets] - [01/08/2021 19:07:46]
AdwCleaner[S02].txt - [4131 octets] - [01/09/2022 00:18:38]
AdwCleaner[C02].txt - [2063 octets] - [01/09/2022 00:19:21]
AdwCleaner[S03].txt - [3991 octets] - [01/09/2022 00:20:09]
AdwCleaner[S04].txt - [4304 octets] - [13/12/2024 10:34:00]
AdwCleaner[C04].txt - [2320 octets] - [13/12/2024 10:36:12]
AdwCleaner[S05].txt - [4069 octets] - [13/12/2024 10:37:25]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S06].txt ##########

AdwCleaner scan report done a week ago:

Code:
# -------------------------------
# Malwarebytes AdwCleaner 8.4.2.0
# -------------------------------
# Build:    03-04-2024
# Database: 2024-10-23.4 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    12-13-2024
# Duration: 00:00:59
# OS:       Windows 10 (Build 19045.5247)
# Scanned:  32095
# Detected: 20


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.DellDigitalDelivery   Folder   C:\Program Files (x86)\DELL DIGITAL DELIVERY
Preinstalled.DellDigitalDelivery   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{A9758B6E-19FC-4DB4-A031-AFE6C2327A35}
Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SAREMEDIATION\AGENT
Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SAREMEDIATION\AUDIT
Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SAREMEDIATION\PLUGIN
Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SUPPORTASSISTAGENT
Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\DELL\SAREMEDIATION\AGENT
Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\DELL\SAREMEDIATION\AUDIT
Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\DELL\SAREMEDIATION\PLUGIN
Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\DELL\SUPPORTASSIST
Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DELL\SUPPORTASSIST
Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\SUPPORTASSIST\CLIENT\TECHNICIANTOOLKIT
Preinstalled.DellSupportAssistAgent   Folder   C:\Users\jakub\Documents\DELL\SUPPORTASSIST
Preinstalled.DellSupportAssistAgent   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4C9C1F6F-B750-4375-A67E-8B539A1346FA} 
Preinstalled.DellSupportAssistAgent   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C9C1F6F-B750-4375-A67E-8B539A1346FA} 
Preinstalled.DellSupportAssistAgent   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dell SupportAssistAgent AutoUpdate
Preinstalled.DellSupportAssistAgent   Task   C:\Windows\System32\Tasks\DELL SUPPORTASSISTAGENT AUTOUPDATE
Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files (x86)\DELL\UPDATESERVICE
Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files\DELL\UPDATE
Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\DELL\UPDATESERVICE


AdwCleaner[S00].txt - [3759 octets] - [01/08/2021 19:05:19]
AdwCleaner[C00].txt - [1819 octets] - [01/08/2021 19:07:02]
AdwCleaner[S01].txt - [3619 octets] - [01/08/2021 19:07:25]
AdwCleaner[C01].txt - [1745 octets] - [01/08/2021 19:07:46]
AdwCleaner[S02].txt - [4131 octets] - [01/09/2022 00:18:38]
AdwCleaner[C02].txt - [2063 octets] - [01/09/2022 00:19:21]
AdwCleaner[S03].txt - [3991 octets] - [01/09/2022 00:20:09]
AdwCleaner[S04].txt - [4304 octets] - [13/12/2024 10:34:00]
AdwCleaner[C04].txt - [2320 octets] - [13/12/2024 10:36:12]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S05].txt ##########
 

Attachments

Last edited:
You have many files in your Downloads folder which are marked as malware. Have you seen the log created by Malwarebytes? My instructions will remove all those files. Is that OK by you?

You have also downloaded a Keygen which has been also detected by Malwarebytes.

Here, I'll remind you that one of our basic rules here is that users must get rid of any program not activated with a legal license. It's not only the ethical part of this action. Having such programs and using tools to make them work, is the best way to infect your computer, and cleaning a system is a waste of time if these programs are present. So, if you have any program which belongs to this category, please remove it now and let me know.

I'll be waiting for your reply before giving to you any other instruction.
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top