Trojan, Trojan.Generic?

A nice clean installation....

Vikdal said:

Yes, I have 3 computers to do so.

Okay good. And all your important data is backed up, right?

dencal said:

A nice clean installation....

If we can't clean it, or if the FRST logs show it's not worth cleaning, that's the next step.

I will be back in a while; please be patient with me.

Please "show hidden files, folders and drives" in Control Panel>File Explorer Options, "View" tab.
-----
Please uninstall the following applications:

Chrome

Export your bookmarks in Chrome to an HTML file (you can import them later).
Uninstall Chrome using the instructions here:
Uninstall Google Chrome - Computer - Google Chrome Help
Be sure to delete all profile information and clear browsing history - we want nothing left on the system (except your bookmarks).
If you sync your Chrome Browser data, delete it (use Edge or IE to do this):
Quick Tip: How To Delete Your Google Chrome Browser Sync Data

Java 8 Update 121
LogMeIn
McAfee Security Scan Plus
Yahoo Search Set
-----
Whatever is on the system by IObit company, please remove it. (SmartDefrag?)
-----
Please change the DNS settings on your NIC
From: 130.67.15.198 & 193.213.112.4
To: 208.67.222.222 & 208.67.220.220
-----
Open an admin command prompt or admin powershell and enter:
ipconfig /flushdns
-----

Please copy the following exactly and paste it into Notepad. Save the file as fixlist.txt in the same folder where the Farbar (FRST) tool is running from (C:\Users\Janisin\Downloads). Run FRST and click FIX only once and wait. When it's finished it will create a log (Fixlog.txt). Please post that log.

Code:

Start

CreateRestorePoint
EmptyTemp:
CloseProcesses:

Task: {33C02C52-CCB7-4FB7-9F2B-3E13439D75AC} - \SystemHealer Monitor -> No File <==== ATTENTION
Task: {42AB3ED1-EDCA-4781-B9D9-994414E8141D} - System32\Tasks\SMW_UpdateTask_Time_333536383237363034362d50372d5a456c37325a347841 => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {5715A91F-9CEF-4E3B-A2E7-A4A86D8CFFC6} - \{78080447-0A0E-087F-0A11-7F7A7F0D110F} -> No File <==== ATTENTION
Task: {908AE32D-C2C7-4FC6-8F3C-6056146FB457} - System32\Tasks\System Healer Task => C:\PROGRA~2\SYSTEM~1\RESCUE~1.EXE  <==== ATTENTION
Task: {A9094CB4-F599-4768-A5C0-93356813225B} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe [2017-05-04] () <==== ATTENTION
Task: {CC5EE9C6-9C52-4411-87EC-7E310E536686} - \SystemHealer Run Delay -> No File <==== ATTENTION
Task: {D2527136-A109-402E-AC24-ADD29340F413} - System32\Tasks\IBUpd2 => C:\Users\Janisin\AppData\Local\BrowserAir\48.0.0.0\updater.exe  <==== ATTENTION
Task: {E03EDFBB-11A3-41F1-B67D-AFE5EA703A33} - System32\Tasks\IBUpd => C:\Users\Janisin\AppData\Local\BrowserAir\48.0.0.0\updater.exe  <==== ATTENTION
Task: {F311310D-62D2-4E86-8C31-44E8AA2AAF89} - \oqnrzQS454 -> No File <==== ATTENTION
Task: {F51D35EB-97ED-4E1C-9033-29B40EFE0129} - System32\Tasks\SMW_P => C:\ProgramData\smp2.exe  <==== ATTENTION
HKU\S-1-5-21-1197232350-3408337513-1167496310-1001\Software\Classes\regfile: regedit.exe "%1" <===== ATTENTION
GroupPolicy: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR Profile: C:\Users\Janisin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-04-30] <==== ATTENTION
CHR Extension: (AntiCaptcha automatic captcha solver) - C:\Users\Janisin\AppData\Local\Google\Chrome\User Data\DEFAULT\Extensions\neodgnejhhhlcdoglifbmioajmagpeci [2017-04-28] [UpdateUrl: hxxps://antcpt.com/downloads/firefox/update_manifest.json] <==== ATTENTION
R3 cpuz138; C:\Users\Janisin\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [27320 2017-05-02] (CPUID) <==== ATTENTION
R1 ESEADriver2; C:\Users\Janisin\AppData\Local\Temp\ESEADriver2.sys [316552 2016-12-08] () <==== ATTENTION
Amazon 1Button App (x32 Version: 2.3.4 - Amazon) Hidden <==== ATTENTION

End

Note: this is a unique fixlist - do not use this on another computer.
-----
Permanently remove the following manually (if they exist):

C:\END
C:\Users\Janisin\AppData\Roaming\.pgbiasfx

-----
Open Device Manager
View>Show Hidden Devices
Expand "Non-Plug and Play Drivers"
Look for ESEADriver2
If found, right click "ESEADriver2" and select Uninstall
(we need to get rid of this, as they apparently were using user's systems for bitcoin mining, and have full admin rights in this driver.)
-----
Download the following to a flash drive (or CD) on a clean system:
RKILL
RKill Download
Download the iExplore.exe version
JRT
Junkware Removal Tool Download
RogueKiller
RogueKiller Download
ADWCleaner
Downloads - AdwCleaner - ToolsLib

Copy all the tools over to the "desktop" of the infected system.
Run the tools in this order on the infected system (note: all tools are free/have free versions):

1. RKILL

2. ADWCleaner (it will reboot)

3. RKILL (again)

4. RogueKiller (select all boxes including "PUP and PUM is malware") Delete everything in RED.

5. JRT

6. Malwarebytes Antimalware (already on system, go online, update virus definitions, run a full scan of system drive, and be sure to check the box to scan for rootkits) You may have to re-download and re-install to get it working now(?)

The system can stay online at this point.

Please post all logs from these tools for evaluation.
-----
Completely reset all browsers left on the system.
How to Reset Your Web Browser To Its Default Settings

Reset Microsoft Edge to Default in Windows 10 - Windows 10 Browsers Email Tutorials
-----
Will watch for your logs. Please remember you are 6 hours ahead of me.

Hi and thanks for the guide.

However, there are two problems with this thought. First of all AdwCleaner has been blocked by a administrator (i am the only one). The other problem is that roguekiller does not aloud to change these settings in their free version. Malwarebytes can neither run.

Vikdal said:

Hi and thanks for the guide.

However, there are two problems with this thought. First of all AdwCleaner has been blocked by a administrator (i am the only one). The other problem is that roguekiller does not aloud to change these settings in their free version. Malwarebytes can neither run.

Have you tried renaming AdwCleaner & Malwarebytes to something different, such as iexplore.exe (or another random name) . Sometimes renaming scanning tools is sufficient action to allow the cleaners to run when they are blocked by malware.

If malwarebytes has installed on your system but can not run, it has a program called Chameleon that attempts to override the malware block. Instructions are here:

https://support.malwarebytes.com/cus...tem-?b_id=6447

Also there is a stand alone version that can help get it installed:

Malwarebytes | Chameleon - Free Malware Removal Tool

Malwarebytes Chameleon technologies get Malwarebytes 3 installed and running when blocked by malicious programs.

Vikdal said:

Hi!, yes I have tried renaming both applications. Also here is the logs from the programs I was able to run.Fixlog.txt LOG ROGUEKILLER.tmp.txt Rkill2.txt

EDIT: And to run Chameleon I would need a internet connection, and as far as I have seen this would let the trojan download more viruses/adwares.

And if Chameleon does not help, I would then have all the adwares that the trojan downloaded still on the PC :/

Did you follow the guide simrick has posted? Follow it exactly. After you uninstall listed apps and run FRST with fixit.txt other programs should be able to run.

Thanks. Looking at the logs now.