Scrooge

Thanks a lot Kevin, I thought if these were russian or chinese IPs, I would start worrying and rush right off the bat like crazy to block port 445 and 139 and maybe 137, 138 as well :)) but these our our guys form NSA and other three-letter "companies" so they probably 'forgot' that it says there in my file " PKIA somwhere in the Pasific":) Thanks again Kevin, and God bless America just in case..:)) p.s. So Microsoft has been using their servers for quite some time I see. It's like dedicated web hosting or something, right outsourcing and whatnot. who knows.

I'm on Windows 10 64-bit, version 1809 (OS Build 17763.292) the latest update January 22, 2019 I've had Emsisoft installed for some time and I haven't had any issues so far with infection. CPU usage is normal, when I do do anyting it's 1 to 4 %, when I start up a browser it goes to 8-11 %. Nothing out of the ordinary. I've started monitoring my network traffic recently and I noticed that Windows Host processes represented by svchost and their assocciated Windows processes conneting to these IP addresses. I didn't monitor my network before. Maybe these connections always were there. I don'

Thank you very much for your time. I really appreciate it. The topic can be closed now.

Dear Experts, I was wondering if my computer might be infected or maybe I'm just paranoid. Although nothing seems to be out of the ordinary, please tell me I'm just paranoid here on this. I've heard about dll injection when malware authors have been exploiting Windows dynamic library where executables access the library and share the memory space, with a malicious dll beieng injected into a legitimate process. Then we won't then see a malicious process runing in memory there because it's a legitimate executable that could very well be an essential Windows operating sys

Thank you. Maybe this reparse something was caused by the fact that I wanted to install Keeper password manager from Windows store until I didn't because I changed my mind and then I messed it even more in Windows 'head' by trying to install its desktop version until again I didn't because I changed my mind the second time.

Hi, it's me again. Today I scanned my laptop with this Rkill, I don't know why, maybe I souldn''t have but earlier it never showed this: Performing miscellaneous checks: * Reparse Point/Junctions Found (Most likely legitimate)! * C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 => C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\INetCache\IE [Dir] I attach the Rkil log. Should I be concerned about i? I immediately scan the whole computer with EEK but nothing was found, the sam

Thank you. btw, just deleted FRST I'm planning to buy Emsisoft 3-year license. Is there such a thing like Emsisoft life time license? Anyway, I'd like to thank you for fixing my gal friday laptop. I trully appreciate it. The topic can be closed.

Thank you Kevin. If I can ask you one more thing. I was wondering would you adise to turn on this relatively recent feature "memory integrity" in Windows Defender Seurity Center with Emsisoft being installed? I've heard that some Windows users reported significant slowdowns and a decrease in system performance after they turned it on, even without any antivirus program being installed? p.s. I just tried to delete it but it doesn't want to be deleted somehow. It says the file or folder is open in another program but I don't know where it can be opened.

Fixlog here. Fixlog.txt I also have a question. What should I do with the folder FRST on my C?. Can I delete it? Because now everytime I start the Device Performace & health section it says 1 recommendation and when I run the troubleshooting it says that SASKUTL and SASDIFSV don't have drivers, which is quite understandble. I can always dismiss it but I'd like to get rid off it. They belong to SUPERAntiSpyware software and they are not essential for Windows. I don't have it any more and I don't want it. Can I just delete FRST? p.s. I'm sorry. It doesn't show any m

Things are running smoothly thanks to you. I really appreciate it. Thank you very much Kevin. I really don't want to put you out, you helped me a lot already, but if you just could take a look at this farbar scans of another laptop for any possible signs of malware. FRST.txt Addition.txt

Done. The fixlog is attached. Fixlog.txt

I did like you said. And I changed the EEK user interface language to English before doing that. Just in case I also generated the forensics log of that entry. Here are the files. full path to installer.dat.txt Forensics_180710-082411.txt

Here they are. I ran the fresh EEK scan first and FRST second. Forensics_180709-091807.txt FRST.txt Addition.txt

Sure, I'll do it on Monday thirst thing in the morning. Thanks a lot for your patience with me.

Yes, I think I have AdwCleaner delete this TweakBit. Sorry, I must've attached the wrong file. I just ran AdwCleaner again but there is only the scan log. AdwCleaner[S00].txt