Help Needed...malware Wont Go Away...

What comes back? There are no problems showing in the logs; however your log from MGtools is very incomplete. It looks like you did not wait for it to finish running before you attached the log. You must wait for it to tell you it is finished. Please try again, but I'm not expecting that much will be found since the other logs are all clean.

What real problems are you currently having?

 

Okay let's did a little deeper.

I thought the DhcpNameServer lines could be related to some software that you may use. Perhaps something related to Apple products?

Please download the latest version of FRST the below link.

Farbar Recovery Scan Tool and save it to your Desktop.

Note: Make sure you download the proper version ( 32 bit or 64 bit ) for your PC. Only one will run, the correct one. So it you make a mistake and download the wrong one, go back and get the other.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your next reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Well based on these logs it looks to me like the ADS and other settings mark in the FRST logs with <====== ATTENTION

Are due to your use of BitDefender's AntiCryptoWall and CryptoPrevent from Foolish IT LLC

I cannot say for sure but perhaps these are contributing to your problems. I'm not really seeing any obvious signs of malware. I think the Win32App_1 ADS could be from having used BitDefender. They have been known to mark files and folders with ADS in the past. But the Win32App_1 ADS info did not even show in your FRST log file.

Let's run a couple of junk cleanup programs to see if it helps with your slowness.

Please download AdwCleaner by Xplode and save to your Desktop.

• Right click onAdwCleaner.exe and select Run As Administrator unless running Windows XP where you should just double click to run the tool.
  Vista/Windows 7/8/10 users right-click and select Run As Administrator
• Accept any prompts for permission to run and then click the I agree button to accept the Terms of Use
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, you may just see a popup stating that no malicious programs were found. Just click OK to continue.
• Now click the LogFile button and the report will open in Notepad.
  (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
• The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
• Attach the logfile to your next next reply.
• A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Now please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, Win7, 8 or 10, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Attach JRT.txt to your next message.

Make sure that your antivirus is disabled. See the below link for help on disabling it.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

• Please download ZOEK and save it to your desktop (preferred version is the *.exe one - upper left corner).

http://hijackthis.nl/smeenk/

• Attached to the bottom of this message you will find a file called zoekscript.txt
• Download it too and save to your desktop - _it needs to be in the same location as the ZOEK tool
• Drag zoekscript file and drop it onto ZOEK icon - this should launch the program:
• The scan may take a while and may need a reboot.
• Upon completion a file zoek-results should appear.
• Attach it to your next reply.

 

Those searchscopes are not major issues. It's just basic junk. You can clean them up with AdwCleaner. You forgot the log from ZOEK.

Also is there any change to your issues?

 

I assume that you mean the web data items. These are not really major issues but if you really want to clean them up you may have to reset Chrome to default settings of possibly even uninstall Chrome and then manually delete the related files/folders. They are embedded in files for Chrome. AdwCleaner may not be able to remove them for any number of reasons. For example:

• You still had Chrome open and running
• Your antivirus program is running and blocking the changes
• You forgot to run AdwCleaner as Adminstrator

You could try repeating with AdwCleaner in safe boot mode but still use Run As Administrator.

To try a Chrome reset, see the below:

Reset Chrome to Defaults

 

Oh those! Those are part of Norton Safe Search.

It cleaned up a few more misc junk items but no real major issues.

What exact slowness are you referring too? Is it only when browsing? If yes then perhaps you should not be opening so many tabs in Chrome. It looks like you always have around 25 tabs open.