Solved I keep running out of memory

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

geearevee33431

Thread Starter
Joined
Jul 25, 2021
Messages
21
I installed some 2-4 softwares from other websites, and now I keep running out of memory, game suddenly stops, webages stops with a error aww snap! I have 8gb of ram and ryzen processor space in my disc is 200 gb free. I did not had this problem earlier but now it has started happening after installing some softwares. I am not able to trace which one to delete to remove this error. I need expertise. thanks
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,203
Hello, geearevee33431.

It would be easier to call you with your real name if you don't mind.

Officially, welcome to TSG Forums.


I will be assisting you regarding your computer's issues. Here, we will check your computer for malware.

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

4. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.


======================

Give me some time to review your logs. I will be back to you when I am ready.
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,203
Hi, Gaurav.

The computer is infected. Although the FRST log is not completed, I prepared for you an initial fix.

To make things easier, please move the FRST tool from your Downloads folder on your Desktop. Just drag it from the Downloads folder on the Desktop.

Here are my first comments/instructions:

1. P2P program

You have Tixati installed in your computer. This is a P2P program. P2P programs form a direct conduit on to a computer. They have always been a target of malware writers and are increasingly so of late. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program. If you don't uninstall it, your computer will probably get infected again, as soon as you use it again. But it is your computer and of course your decision.
  • If you decide to keep it, DON'T use it during the cleaning procedure.
  • If you decide to uninstall it, uninstall it along with the unwanted programs in Step 2 below.

2. Uninstall programs
  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following programs in the list:
Code:
Extension_game
Windows Installer
  • Select the above programs, one by one, and click Uninstall.
  • Restart the computer.

3. Uninstall an Opera extension

Remove Newtab.club
This guide may help you if you don't know how.


4. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
CreateRestorePoint:
CloseProcesses:
Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.7.0 - Microleaves) Hidden <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1325159558-4166210389-1291552661-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> "C:\Users\grv33\AppData\Local\Microsoft\Teams\current\Teams.exe" --toast => No File
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://newtab.club
HKU\S-1-5-21-1325159558-4166210389-1291552661-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://newtab.club
URLSearchHook: HKU\S-1-5-21-1325159558-4166210389-1291552661-1001 - (No Name) - {2C6A44CB-AD42-4731-A544-3FBD3D83AB5B} - No File
SearchScopes: HKU\S-1-5-21-1325159558-4166210389-1291552661-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search-cdn.net/?e=g&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1325159558-4166210389-1291552661-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search-cdn.net/?e=g&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1325159558-4166210389-1291552661-1001 -> {993F5746-4C15-42BC-99C1-064A1764271B} URL = hxxps://securesearch.org?q={searchTerms}
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1325159558-4166210389-1291552661-1001\...\webcompanion.com -> hxxp://webcompanion.com
FirewallRules: [{E067E26F-9C76-4376-9320-36AF3B7F9D8F}] => (Allow) C:\Users\grv33\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{71A82E20-6594-4B64-A9D0-700930A569B5}] => (Allow) C:\Users\grv33\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [TCP Query User{8D7BF13B-E943-4EBE-8E82-80748C1F7756}C:\users\grv33\appdata\local\programs\opera\73.0.3856.284\opera.exe] => (Allow) C:\users\grv33\appdata\local\programs\opera\73.0.3856.284\opera.exe => No File
FirewallRules: [UDP Query User{9507A85A-047E-4AE0-84B5-607AE98E5218}C:\users\grv33\appdata\local\programs\opera\73.0.3856.284\opera.exe] => (Allow) C:\users\grv33\appdata\local\programs\opera\73.0.3856.284\opera.exe => No File
FirewallRules: [TCP Query User{7A93767D-4F39-4FE7-BCDF-BE6DDA19C59C}C:\users\grv33\appdata\local\programs\opera\73.0.3856.329\opera.exe] => (Allow) C:\users\grv33\appdata\local\programs\opera\73.0.3856.329\opera.exe => No File
FirewallRules: [UDP Query User{C09786B5-774C-4B27-9FC4-61D3C5B08D18}C:\users\grv33\appdata\local\programs\opera\73.0.3856.329\opera.exe] => (Allow) C:\users\grv33\appdata\local\programs\opera\73.0.3856.329\opera.exe => No File
FirewallRules: [TCP Query User{7D640BAE-50A7-4B9E-994C-B8052C140696}C:\users\grv33\appdata\local\programs\opera\73.0.3856.344\opera.exe] => (Allow) C:\users\grv33\appdata\local\programs\opera\73.0.3856.344\opera.exe => No File
FirewallRules: [UDP Query User{8DE9AB7C-9E5B-4E38-9458-C77133B49ED5}C:\users\grv33\appdata\local\programs\opera\73.0.3856.344\opera.exe] => (Allow) C:\users\grv33\appdata\local\programs\opera\73.0.3856.344\opera.exe => No File
FirewallRules: [TCP Query User{B083FEBB-AF6F-440B-A2F1-161F08D3DAB1}C:\users\grv33\appdata\local\programs\opera\74.0.3911.107\opera.exe] => (Allow) C:\users\grv33\appdata\local\programs\opera\74.0.3911.107\opera.exe => No File
FirewallRules: [UDP Query User{B958FB26-6929-463F-9474-8E544D72E86A}C:\users\grv33\appdata\local\programs\opera\74.0.3911.107\opera.exe] => (Allow) C:\users\grv33\appdata\local\programs\opera\74.0.3911.107\opera.exe => No File
FirewallRules: [TCP Query User{9CE7A592-9DEC-496A-BA62-6570FBA37656}C:\users\grv33\appdata\local\programs\opera\74.0.3911.160\opera.exe] => (Block) C:\users\grv33\appdata\local\programs\opera\74.0.3911.160\opera.exe => No File
FirewallRules: [UDP Query User{EA9D03C3-6C4F-46BF-913E-53C32256B9FC}C:\users\grv33\appdata\local\programs\opera\74.0.3911.160\opera.exe] => (Block) C:\users\grv33\appdata\local\programs\opera\74.0.3911.160\opera.exe => No File
FirewallRules: [TCP Query User{EE02C45C-B7B5-46C1-9ABB-C87A8BDA3BDE}C:\users\grv33\appdata\local\programs\opera\74.0.3911.203\opera.exe] => (Allow) C:\users\grv33\appdata\local\programs\opera\74.0.3911.203\opera.exe => No File
FirewallRules: [UDP Query User{2FB34D94-9277-4EA5-8497-A2F0307E66B1}C:\users\grv33\appdata\local\programs\opera\74.0.3911.203\opera.exe] => (Allow) C:\users\grv33\appdata\local\programs\opera\74.0.3911.203\opera.exe => No File
FirewallRules: [TCP Query User{FCD726F3-E753-44E0-9EE1-07F1736937E5}C:\users\grv33\appdata\local\programs\opera\74.0.3911.218\opera.exe] => (Allow) C:\users\grv33\appdata\local\programs\opera\74.0.3911.218\opera.exe => No File
FirewallRules: [UDP Query User{DD79BB7D-3797-4729-91CC-911FBE7DBE73}C:\users\grv33\appdata\local\programs\opera\74.0.3911.218\opera.exe] => (Allow) C:\users\grv33\appdata\local\programs\opera\74.0.3911.218\opera.exe => No File
FirewallRules: [TCP Query User{7E65C34E-CEC2-4018-8538-2E0A015C4CCE}C:\users\grv33\appdata\local\programs\opera\75.0.3969.149\opera.exe] => (Block) C:\users\grv33\appdata\local\programs\opera\75.0.3969.149\opera.exe => No File
FirewallRules: [UDP Query User{16A189A1-2F4C-4476-910B-61424C2D98A3}C:\users\grv33\appdata\local\programs\opera\75.0.3969.149\opera.exe] => (Block) C:\users\grv33\appdata\local\programs\opera\75.0.3969.149\opera.exe => No File
FirewallRules: [TCP Query User{50C3CE7B-54CB-4AB2-A9A4-2ECB01A2FEFF}C:\users\grv33\appdata\local\programs\opera\75.0.3969.171\opera.exe] => (Allow) C:\users\grv33\appdata\local\programs\opera\75.0.3969.171\opera.exe => No File
FirewallRules: [UDP Query User{73C99E79-81D3-4A96-97C9-F4A89D004A59}C:\users\grv33\appdata\local\programs\opera\75.0.3969.171\opera.exe] => (Allow) C:\users\grv33\appdata\local\programs\opera\75.0.3969.171\opera.exe => No File
FirewallRules: [TCP Query User{21993483-DA31-4C4E-8CCA-72EDAFB75FA9}C:\users\grv33\appdata\local\programs\opera\75.0.3969.218\opera.exe] => (Block) C:\users\grv33\appdata\local\programs\opera\75.0.3969.218\opera.exe => No File
FirewallRules: [UDP Query User{FDF9FA47-06DF-4A25-A511-03560FCCAB88}C:\users\grv33\appdata\local\programs\opera\75.0.3969.218\opera.exe] => (Block) C:\users\grv33\appdata\local\programs\opera\75.0.3969.218\opera.exe => No File
FirewallRules: [{DA7FF3D6-D465-4C18-8F6C-3DD3FC1D7321}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
FirewallRules: [TCP Query User{1A6DE7FC-C823-4CF8-9D30-4C5D7528288A}C:\users\grv33\appdata\local\programs\opera\76.0.4017.107\opera.exe] => (Block) C:\users\grv33\appdata\local\programs\opera\76.0.4017.107\opera.exe => No File
FirewallRules: [UDP Query User{EBB5150D-80B8-4FD7-8689-BC46A7F33FFC}C:\users\grv33\appdata\local\programs\opera\76.0.4017.107\opera.exe] => (Block) C:\users\grv33\appdata\local\programs\opera\76.0.4017.107\opera.exe => No File
FirewallRules: [TCP Query User{3C6CE196-8320-4B74-8D40-4604BCE1098A}C:\users\grv33\appdata\local\programs\opera\76.0.4017.123\opera.exe] => (Block) C:\users\grv33\appdata\local\programs\opera\76.0.4017.123\opera.exe => No File
FirewallRules: [UDP Query User{847E2AD3-8F4E-47B4-8DDF-3A192F6AB046}C:\users\grv33\appdata\local\programs\opera\76.0.4017.123\opera.exe] => (Block) C:\users\grv33\appdata\local\programs\opera\76.0.4017.123\opera.exe => No File
FirewallRules: [TCP Query User{5105CEA0-12E4-4D04-A140-EE5130958CAE}C:\users\grv33\appdata\local\programs\opera\76.0.4017.154\opera.exe] => (Block) C:\users\grv33\appdata\local\programs\opera\76.0.4017.154\opera.exe => No File
FirewallRules: [UDP Query User{1011385B-92B2-478E-A7EA-598C0342B2A0}C:\users\grv33\appdata\local\programs\opera\76.0.4017.154\opera.exe] => (Block) C:\users\grv33\appdata\local\programs\opera\76.0.4017.154\opera.exe => No File
FirewallRules: [TCP Query User{051CE3BA-E5A1-4548-9A6E-EB84BF21B506}C:\users\grv33\appdata\local\programs\opera\76.0.4017.177\opera.exe] => (Block) C:\users\grv33\appdata\local\programs\opera\76.0.4017.177\opera.exe => No File
FirewallRules: [UDP Query User{E675DDF9-848C-41A8-AF43-F091B5D4527A}C:\users\grv33\appdata\local\programs\opera\76.0.4017.177\opera.exe] => (Block) C:\users\grv33\appdata\local\programs\opera\76.0.4017.177\opera.exe => No File
FirewallRules: [TCP Query User{B5638DAD-FE76-413B-A9E7-C17FA18D4760}C:\users\grv33\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\grv33\appdata\local\microsoft\teams\current\teams.exe => No File
FirewallRules: [UDP Query User{19AF8CAD-46AD-492B-842F-B073672BF9C6}C:\users\grv33\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\grv33\appdata\local\microsoft\teams\current\teams.exe => No File
FirewallRules: [TCP Query User{40A95ACC-B9CB-4029-BC9B-B72B8540BC32}C:\users\grv33\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\grv33\appdata\local\microsoft\teams\current\teams.exe => No File
FirewallRules: [UDP Query User{B196D04F-409C-457E-A8DD-5642F27860E6}C:\users\grv33\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\grv33\appdata\local\microsoft\teams\current\teams.exe => No File
FirewallRules: [TCP Query User{50BAFA92-94AE-443D-9D2B-02E52B131FCD}C:\users\grv33\appdata\local\programs\opera\77.0.4054.90\opera.exe] => (Block) C:\users\grv33\appdata\local\programs\opera\77.0.4054.90\opera.exe => No File
FirewallRules: [UDP Query User{E86D92A1-45E8-448C-B6B3-61E47DC2DE3A}C:\users\grv33\appdata\local\programs\opera\77.0.4054.90\opera.exe] => (Block) C:\users\grv33\appdata\local\programs\opera\77.0.4054.90\opera.exe => No File
C:\Users\grv33\AppData\Roaming\Microleaves
HKU\S-1-5-21-1325159558-4166210389-1291552661-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-1325159558-4166210389-1291552661-1001\...\Run: [Extension_game] => C:\Users\grv33\AppData\Roaming\Extension_game\python\pythonw.exe [95760 2019-07-08] (Python Software Foundation -> Python Software Foundation) <==== ATTENTION
HKU\S-1-5-21-1325159558-4166210389-1291552661-1001\...\MountPoints2: {7139102b-5bad-11eb-81af-d8c0a6422b0c} - "E:\OnePlus_setup.exe" /s
HKU\S-1-5-21-1325159558-4166210389-1291552661-1001\...\MountPoints2: {e5feb629-8d22-11eb-81b8-d8c0a6422b0c} - "D:\OnePlus_setup.exe" /s
GroupPolicy: Restriction - Chrome <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {341871C6-C232-4F3A-BCFD-4A7219D71E23} - System32\Tasks\AdvancedWindowsManager #2 => C:\Program Files (x86)\AdvancedWindowsManager\Windows Installer\AdvancedWindowsManager.exe [482120 2021-04-09] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {4EEE4807-B41D-4E25-A2E1-DC4E9FD83E62} - System32\Tasks\AdvancedUpdater => C:\Program Files (x86)\AdvancedWindowsManager\Windows Installer\Windows Updater.exe [1020024 2021-04-09] (Microleaves LTD -> AdvancedWindowsManager) <==== ATTENTION
Task: {727D55EA-D873-4498-B6BF-B2D3EA7E284D} - System32\Tasks\Extension_game => C:\Users\grv33\AppData\Roaming\Extension_game\python\pythonw.exe [95760 2019-07-08] (Python Software Foundation -> Python Software Foundation) <==== ATTENTION
Task: {864585C9-D878-4284-A15F-D932B9B9A8AB} - System32\Tasks\AdvancedWindowsManager #3 => C:\Program Files (x86)\AdvancedWindowsManager\Windows Installer\AdvancedWindowsManager.exe [482120 2021-04-09] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {8DC296CF-1936-42FC-9097-7E8827BCC41C} - System32\Tasks\Extension_game2 => C:\Users\grv33\AppData\Roaming\Extension_game\python\pythonw.exe [95760 2019-07-08] (Python Software Foundation -> Python Software Foundation) <==== ATTENTION
Task: {B02CD426-6EB7-46DD-9605-71B52EEF3D50} - System32\Tasks\AdvancedWindowsManager #6 => C:\Program Files (x86)\AdvancedWindowsManager\Windows Installer\AdvancedWindowsManager.exe [482120 2021-04-09] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {BB86C476-24DC-4C41-BD33-492539ED75D0} - System32\Tasks\AdvancedWindowsManager #5 => C:\Program Files (x86)\AdvancedWindowsManager\Windows Installer\AdvancedWindowsManager.exe [482120 2021-04-09] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {CEAB924B-C2A7-4CFD-904A-F42224655B95} - System32\Tasks\AdvancedWindowsManager #1 => C:\Program Files (x86)\AdvancedWindowsManager\Windows Installer\AdvancedWindowsManager.exe [482120 2021-04-09] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {E856AD5C-D0B9-48F7-890F-68FCEB1E0ABB} - System32\Tasks\SoundBass => C:\Users\grv33\AppData\Roaming\Unpacker\Unpacker.exe [290332672 2021-07-21] (Unpacker) [File not signed] <==== ATTENTION
Task: {EAEF8AFB-3C2A-447F-BE4F-8B83288F73FD} - System32\Tasks\AdvancedWindowsManager #4 => C:\Program Files (x86)\AdvancedWindowsManager\Windows Installer\AdvancedWindowsManager.exe [482120 2021-04-09] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
CHR HomePage: Default -> hxxps://newtab.club/
CHR StartupUrls: Default -> "hxxps://newtab.club/"
OPR DefaultSearchURL: Opera Stable -> hxxps://newtab.club/search?q={searchTerms}
OPR DefaultSearchKeyword: Opera Stable -> newtab.club
C:\Program Files (x86)\Lavasoft
C:\Users\grv33\AppData\Roaming\Extension_game
C:\Program Files (x86)\AdvancedWindowsManager
C:\Users\grv33\AppData\Roaming\Unpacker
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

5. Run AdwCleaner (Scan mode)

Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Filestab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

6. Run Malwarebytes (Scan mode)
  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Code:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) the option is NOT checked.
    Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.
If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

In your next reply, please post:
  1. What programs you uninstalled and if the process went fine
  2. The fixlog.txt
  3. The AdwCleaner[S0*].txt
  4. The Malwarebytes report
 
Last edited:

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,203
Yes it is! If you need help at any step, please stop and ask me. ;)
 

geearevee33431

Thread Starter
Joined
Jul 25, 2021
Messages
21
Please check once if I have sent everything. It was a lot of work. I unistalled tixati, game extension and windows extension. also i removed opera extension. still my ram is showing 60% used i have 4 tabs of chrome 1 notepad thats it. let me know if you need anything.






Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/25/21
Scan Time: 10:56 PM
Log File: 7e02017c-ed6d-11eb-835e-d45d646850f0.json

-Software Information-
Version: 4.4.3.125
Components Version: 1.0.1387
Update Package Version: 1.0.43528
License: Trial

-System Information-
OS: Windows 10 (Build 19043.1110)
CPU: x64
File System: NTFS
User: LAPTOP-VK87MA2Q\grv33

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 309213
Threats Detected: 29
Threats Quarantined: 0
Time Elapsed: 5 min, 14 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 4
PUP.Optional.OnlineIO.E, HKLM\SOFTWARE\WOW6432NODE\AdvancedWindowsManager, No Action By User, 5186, 787645, 1.0.43528, , ame, , ,
Adware.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\Microleaves, No Action By User, 1409, 716215, 1.0.43528, , ame, , ,
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, No Action By User, 3800, 398592, 1.0.43528, , ame, , ,
PUP.Optional.NeoBar, HKU\S-1-5-21-1325159558-4166210389-1291552661-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2C6A44CB-AD42-4731-A544-3FBD3D83AB5B}, No Action By User, 538, 411842, 1.0.43528, , ame, , ,

Registry Value: 2
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}|CONTACT, No Action By User, 3800, 333852, 1.0.43528, , ame, , ,
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}|URLINFOABOUT, No Action By User, 3800, 321304, 1.0.43528, , ame, , ,

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 5
PUP.Optional.OnlineIO, C:\WINDOWS\INSTALLER\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, No Action By User, 3800, 391425, 1.0.43528, , ame, , ,
Adware.OnlineIO, C:\ProgramData\Microleaves\Online Application\updates, No Action By User, 1409, 399763, , , , , ,
Adware.OnlineIO, C:\ProgramData\Microleaves\Online Application, No Action By User, 1409, 399763, , , , , ,
Adware.OnlineIO, C:\PROGRAMDATA\MICROLEAVES, No Action By User, 1409, 399763, 1.0.43528, , ame, , ,
PUP.Optional.NewTabClub, C:\USERS\GRV33\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, No Action By User, 384, 455264, , , , , ,

File: 18
PUP.Optional.OnlineIO, C:\WINDOWS\INSTALLER\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, No Action By User, 3800, 391431, 1.0.43528, , ame, , BA505110E54A251B605DCDC4F45A8436, D919C53199CDEE8FD7E8C8E38FB482EB969E88210793034F93F0D049653301F7
PUP.Optional.OnlineIO, C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}\online.exe, No Action By User, 3800, 391425, , , , , 9DD9EC86D8E45F11F44B14F243664E59, 6BF09C573E64635C5CF4AD63DDCB2FB6CEAAE8E8874377078A305CE9C68B69C2
PUP.Optional.OnlineIO, C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}\SystemFoldermsiexec.exe, No Action By User, 3800, 391425, , , , , C2649AD15118FD46780D6FCBC38447D0, F0F4D5BF1DE9D2463031520AFF51FEB1E7D432ECEA447534A91CBBD79832AC89
Adware.OnlineIO, C:\ProgramData\Microleaves\Online Application\updates\basic_updates.aiu, No Action By User, 1409, 399763, , , , , ABF120AFC9EE1693BB7D2975327CC6E1, 5336D697E2854AF56B74822E5EAF3A75764739A19EBA255ED539E4D995C7A49E
Trojan.Dropper.Generic, C:\USERS\GRV33\DOWNLOADS\ZFNV0QD_BANDICAM-5101822-CRACK-FULL-TORRENT-LATEST-VERSION-2021.ZIP, No Action By User, 11018, 947409, 1.0.43528, D70D39732794DAE77AF2A1AD, dds, 01348821, C8AE00234A12697B0946936F8FE3DD3E, 8FA346B6C34719718561823C7B1CB09E67B9B4C98A153E94164742149762E705
Trojan.Dropper.NSIS, C:\USERS\GRV33\DOWNLOADS\{DOWNLOAD+THE+FILE+-+FILEGO}-AIGVSWBPYWQAVHWCAELOFWASAPEUZM8A (1).ZIP, No Action By User, 7464, 942647, 1.0.43528, , ame, , 435ABA5890E06AA2901C04F07552D9AE, D16A3E3920143BB2A2FC46A90B7C26D769E546F5BC0F3C989BE605F2BFF0E8D8
RiskWare.BitCoinMiner, C:\USERS\GRV33\DOWNLOADS\EASY_EARNV1.02.5.ZIP, No Action By User, 917, 930555, 1.0.43528, , ame, , FB3A1F9992D23CA48ECC02B07E8AFBDA, 8D0B4509C0725AF299174F2D0E3E116F5F9665C1CB2CE865A97DDAD85A6519FF
Trojan.BitCoinMiner, C:\USERS\GRV33\DOWNLOADS\AUTOLIKER_V25.05.38.ZIP, No Action By User, 595, 921022, 1.0.43528, 61EB78C470A7D515EE3E0AA2, dds, 01348821, 3207FC2752AFA9833B6E3656F4126D7B, 11321D33A994DF4B70FE202F8A753659ECDB59F84A509FF1EA5D555F5819E31C
Trojan.Dropper.NSIS, C:\USERS\GRV33\DOWNLOADS\{DOWNLOAD+THE+FILE+-+FILEGO}-AIGVSWBPYWQAVHWCAELOFWASAPEUZM8A.ZIP, No Action By User, 7464, 942647, 1.0.43528, , ame, , 5B28428DD7175317564D425673618027, C685395EF82BBC8934F7B2EB381C935422328FF840C8679DE6BE3B95F3941275
PUP.Optional.NewTabClub, C:\Users\grv33\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000595.ldb, No Action By User, 384, 455264, , , , , 871DBB3073BFC277C3D110CB58A6E9CD, EE19265A6355555B47AADB11990ED2EA82433B80E8C9A60D72A044D9121DE31F
PUP.Optional.NewTabClub, C:\Users\grv33\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000597.log, No Action By User, 384, 455264, , , , , DED5E81E1B91500EADB16BE05131E8BA, BA13DB0B14628357D3DDBE9D64111125DF755B9EEF7A02FC642AB1EA3BE61B80
PUP.Optional.NewTabClub, C:\Users\grv33\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000598.ldb, No Action By User, 384, 455264, , , , , CB30B310EE6971E6A2753CA3B1242A86, 235F3BA88EEDAD0016EC0A9FE72F598568084E174D666BB6DEF8C3AA4F13B001
PUP.Optional.NewTabClub, C:\Users\grv33\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, No Action By User, 384, 455264, , , , , 9F36605EFBA98DAB15728FE8B5538AA0, 9C283F6E81028B9EB0760D918EE4BC0AA256ED3B926393C1734C760C4BD724FD
PUP.Optional.NewTabClub, C:\Users\grv33\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, No Action By User, 384, 455264, , , , , ,
PUP.Optional.NewTabClub, C:\Users\grv33\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, No Action By User, 384, 455264, , , , , 8EC406A02DDF3199854923695C8361C7, C59F801047FDF150C0D2BEF3C6E15C0858EC963C9AC70194EAA61AC89F041E2E
PUP.Optional.NewTabClub, C:\Users\grv33\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, No Action By User, 384, 455264, , , , , 828CCED66536232E93390993EA4894BE, 9D8FEF4446C8E9B0511040D83484BFBAD7A62D3F53FE072C1FC99A7EF4655BE2
PUP.Optional.NewTabClub, C:\Users\grv33\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000005, No Action By User, 384, 455264, , , , , 83E9B106B0948CBF850C3E4C731B42C9, 57A71778B147CB84764E09B6EDD41050254C84B1B4703467DBCE1688A7A5BFD8
PUP.Optional.NewTabClub, C:\USERS\GRV33\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, 384, 455264, 1.0.43528, , ame, , 576471F53C938C9788C7CAF7FC143DEB, F7A0CDC5ED9A7334F6EB24C10AFE829DBD139F1E74AF9FA5190BE8D8D15ABEF0

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 

Attachments

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,203
Hi, Gaurav.

Excellent job! (y)(y)(y)

Let's clean now, the items detected by Malwarebytes and AdwCleaner.

1. AdwCleaner (Clean mode)

Let me explain to you the log created by AdwCleaner:

To proceed, please do the following:
  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

2. Run Malwarebytes (Clean mode)
  • Double click the program's icon on your Desktop, as you did before.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Code:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) the option is NOT checked.
    Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.
  • If threats are not found, click View Report and proceed to the two last steps below.
  • If threats are found, make sure that all threats are selected, and click on Quarantine/Remove selected.
  • You may need to restart the computer.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

3. Fresh FRST logs
  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.


In your next reply, please post:
  1. The AdwCleaner[C0*].txt
  2. The Malwarebytes report
  3. The fresh logs, Addition and FRST
 

geearevee33431

Thread Starter
Joined
Jul 25, 2021
Messages
21
I hope this will be last time with the logs. My 8 hours shift is easier than these last 2 hours haha. Posting them asap.
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,203
I can’t promise such a thing. Cleaning process is an intensive and computer’s specific process and takes time. So… have patience! :)
 

geearevee33431

Thread Starter
Joined
Jul 25, 2021
Messages
21
I think I uploaded the correct files please check and let me know if you need to recheck anything. Laptop looks faster. Also should I keep these softwares which you help me download or I have to remove them later?

Also if tixati is removed should I download other software for torrent? Also torrent safe to download or should I avoid it completely?


Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/25/21
Scan Time: 11:41 PM
Log File: cc4dc1d0-ed73-11eb-bb30-d45d646850f0.json

-Software Information-
Version: 4.4.3.125
Components Version: 1.0.1387
Update Package Version: 1.0.43530
License: Trial

-System Information-
OS: Windows 10 (Build 19043.1110)
CPU: x64
File System: NTFS
User: LAPTOP-VK87MA2Q\grv33

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 309145
Threats Detected: 17
Threats Quarantined: 17
Time Elapsed: 4 min, 1 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 2
PUP.Optional.OnlineIO.E, HKLM\SOFTWARE\WOW6432NODE\AdvancedWindowsManager, Quarantined, 5186, 787645, 1.0.43530, , ame, , ,
PUP.Optional.NeoBar, HKU\S-1-5-21-1325159558-4166210389-1291552661-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2C6A44CB-AD42-4731-A544-3FBD3D83AB5B}, Quarantined, 538, 411842, 1.0.43530, , ame, , ,

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 1
PUP.Optional.NewTabClub, C:\USERS\GRV33\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 384, 455264, , , , , ,

File: 14
Trojan.Dropper.Generic, C:\USERS\GRV33\DOWNLOADS\ZFNV0QD_BANDICAM-5101822-CRACK-FULL-TORRENT-LATEST-VERSION-2021.ZIP, Quarantined, 11018, 947409, 1.0.43530, D70D39732794DAE77AF2A1AD, dds, 01348881, C8AE00234A12697B0946936F8FE3DD3E, 8FA346B6C34719718561823C7B1CB09E67B9B4C98A153E94164742149762E705
Trojan.Dropper.NSIS, C:\USERS\GRV33\DOWNLOADS\{DOWNLOAD+THE+FILE+-+FILEGO}-AIGVSWBPYWQAVHWCAELOFWASAPEUZM8A (1).ZIP, Quarantined, 7464, 942647, 1.0.43530, , ame, , 435ABA5890E06AA2901C04F07552D9AE, D16A3E3920143BB2A2FC46A90B7C26D769E546F5BC0F3C989BE605F2BFF0E8D8
Trojan.BitCoinMiner, C:\USERS\GRV33\DOWNLOADS\AUTOLIKER_V25.05.38.ZIP, Quarantined, 595, 921022, 1.0.43530, 61EB78C470A7D515EE3E0AA2, dds, 01348881, 3207FC2752AFA9833B6E3656F4126D7B, 11321D33A994DF4B70FE202F8A753659ECDB59F84A509FF1EA5D555F5819E31C
Trojan.Dropper.NSIS, C:\USERS\GRV33\DOWNLOADS\{DOWNLOAD+THE+FILE+-+FILEGO}-AIGVSWBPYWQAVHWCAELOFWASAPEUZM8A.ZIP, Quarantined, 7464, 942647, 1.0.43530, , ame, , 5B28428DD7175317564D425673618027, C685395EF82BBC8934F7B2EB381C935422328FF840C8679DE6BE3B95F3941275
RiskWare.BitCoinMiner, C:\USERS\GRV33\DOWNLOADS\EASY_EARNV1.02.5.ZIP, Quarantined, 917, 930555, 1.0.43530, , ame, , FB3A1F9992D23CA48ECC02B07E8AFBDA, 8D0B4509C0725AF299174F2D0E3E116F5F9665C1CB2CE865A97DDAD85A6519FF
PUP.Optional.NewTabClub, C:\Users\grv33\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000595.ldb, Quarantined, 384, 455264, , , , , 871DBB3073BFC277C3D110CB58A6E9CD, EE19265A6355555B47AADB11990ED2EA82433B80E8C9A60D72A044D9121DE31F
PUP.Optional.NewTabClub, C:\Users\grv33\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000597.log, Quarantined, 384, 455264, , , , , 0D5D85BAB868FA376FB4CCEEE899B31D, 7485C676C3BAFF6E59BBD61744D57192D9D9B2C7EF18E8ACF7B205D5F2E20536
PUP.Optional.NewTabClub, C:\Users\grv33\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000598.ldb, Quarantined, 384, 455264, , , , , CB30B310EE6971E6A2753CA3B1242A86, 235F3BA88EEDAD0016EC0A9FE72F598568084E174D666BB6DEF8C3AA4F13B001
PUP.Optional.NewTabClub, C:\Users\grv33\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, Quarantined, 384, 455264, , , , , 9F36605EFBA98DAB15728FE8B5538AA0, 9C283F6E81028B9EB0760D918EE4BC0AA256ED3B926393C1734C760C4BD724FD
PUP.Optional.NewTabClub, C:\Users\grv33\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, Quarantined, 384, 455264, , , , , ,
PUP.Optional.NewTabClub, C:\Users\grv33\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, Quarantined, 384, 455264, , , , , 0E89EEA7776AD6878816077D04E33DC6, 59124ED14BE35E3CA44EE754997C12BDA035DF52A9E1A078A2173636113AA713
PUP.Optional.NewTabClub, C:\Users\grv33\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, Quarantined, 384, 455264, , , , , A6746C5DC04E811E2A54D33E7509465B, 72D9F78F15E91B6F83AB506B4A80CDFEF050C70FB86F4BF394AF1533E6D98E1E
PUP.Optional.NewTabClub, C:\Users\grv33\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000005, Quarantined, 384, 455264, , , , , 83E9B106B0948CBF850C3E4C731B42C9, 57A71778B147CB84764E09B6EDD41050254C84B1B4703467DBCE1688A7A5BFD8
PUP.Optional.NewTabClub, C:\USERS\GRV33\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 384, 455264, 1.0.43530, , ame, , 576471F53C938C9788C7CAF7FC143DEB, F7A0CDC5ED9A7334F6EB24C10AFE829DBD139F1E74AF9FA5190BE8D8D15ABEF0

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 

Attachments

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,203
Yes, these are the correct files. See? You are a perfect partner. :)(y)

About Tixati and any P2P program (e.g. torrent downloader):

P2P programs form a direct conduit on to a computer. They have always been a target of malware writers and are increasingly so of late. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program. If you don't uninstall it, your computer will probably get infected again, as soon as you use it again.
I don't have anything to add to the above. It's your computer, so your decision. Just do not download anything while we are cleaning the computer here.

As for the tools we used, please do not remove anything yet. One thing at a time.

Give me an hour to review your logs, and I will be back to you.
 

geearevee33431

Thread Starter
Joined
Jul 25, 2021
Messages
21
Sure thing boss. You look like a expert. I thought formatting is the only solution. I will wait for your reply.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top