Jump to content

KKCD_

Members
  • Posts

    13
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thanks # DelFix v1.013 - Logfile created 04/07/2017 at 13:49:52 # Updated 17/04/2016 by Xplode # Username : Kushagr M - RIDLEY # Operating System : Windows 10 Home (64 bits) ~ Activating UAC ... OK ~ Removing disinfection tools ... Deleted : C:\FRST Deleted : C:\AdwCleaner Deleted : C:\Users\Kushagr\Desktop\Addition.txt Deleted : C:\Users\Kushagr\Desktop\AdwCleaner.exe Deleted : C:\Users\Kushagr\Desktop\FRST.txt Deleted : C:\Users\Kushagr\Desktop\FRST64.exe Deleted : C:\Users\Kushagr\Desktop\JRT.exe ~ Creating registry backup ... OK ~ Cleaning system restore ... Deleted : RP #73 [Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 | 06/23/2017 12:40:32] Deleted : RP #74 [JRT Pre-Junkware Removal | 06/24/2017 03:28:30] Deleted : RP #75 [JRT Pre-Junkware Removal | 06/27/2017 08:39:12] New restore point created ! ~ Resetting system settings ... OK ########## - EOF - ##########
  2. I'm running another scan, just to be safe. Hopefully it finishes soon. In the meantime, what about the other entries?
  3. Hi Aura. I ran another malware scan, and it's still there. I attached Malwarebytes scan logs. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/4/17 Scan Time: 12:36 AM Log File: Administrator: Yes -Software Information- Version: 3.1.2.1733 Components Version: 1.0.122 Update Package Version: 1.0.2284 License: Free -System Information- OS: Windows 10 CPU: x64 File System: NTFS User: RIDLEY\Kushagr M -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 488557 Threats Detected: 9 Threats Quarantined: 0 (No malicious items detected) Time Elapsed: 10 min, 42 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 2 Adware.Tuto4PC, HKU\S-1-5-21-770609061-3424292720-1127121963-1001\SOFTWARE\MICROSOFT\EWMON, No Action By User, [934], [412878],1.0.2284 Adware.Tuto4PC, HKU\S-1-5-21-770609061-3424292720-1127121963-1001\SOFTWARE\MICROSOFT\BIGTIME, No Action By User, [934], [412877],1.0.2284 Registry Value: 6 PUP.Optional.PCCleanPlus, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\COMPATIBILITYADAPTER\SIGNATURES|PC CLEAN PLUS_UPDATES.JOB, No Action By User, [44], [411378],1.0.2284 PUP.Optional.PCCleanPlus, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\COMPATIBILITYADAPTER\SIGNATURES|PC CLEAN PLUS_UPDATES.JOB.FP, No Action By User, [44], [411378],1.0.2284 PUP.Optional.PCCleanPlus, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\COMPATIBILITYADAPTER\SIGNATURES|PC CLEAN PLUS_DEFAULT.JOB, No Action By User, [44], [411378],1.0.2284 PUP.Optional.PCCleanPlus, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\COMPATIBILITYADAPTER\SIGNATURES|PC CLEAN PLUS_DEFAULT.JOB.FP, No Action By User, [44], [411378],1.0.2284 Adware.Tuto4PC, HKU\S-1-5-21-770609061-3424292720-1127121963-1001\SOFTWARE\MICROSOFT\EWMON|PARTNER, No Action By User, [934], [412878],1.0.2284 Adware.Tuto4PC, HKU\S-1-5-21-770609061-3424292720-1127121963-1001\SOFTWARE\MICROSOFT\BIGTIME|PARTNER, No Action By User, [934], [412877],1.0.2284 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Trojan.Agent.E.Generic, C:\WINDOWS\HOSTS, No Action By User, [1103], [353524],1.0.2284 Physical Sector: 0 (No malicious items detected) (end)
  4. Sorry for the late reply, Aura - I was away from home for the weekend and so unable to get back to you. Here are the FRST logs. Addition.txt FRST.txt
  5. Thanks for taking a look at the issue, thisisu. The file you mentioned does indeed exist, and it is 17.0KB in size. The MD5 of find.exe is 1E16116CCE7317C0E87559DA23A4EAD3. Maybe an older version of the software could work? I noticed it's using backticks (`) rather than apostrophes (') in the find command which could be causing issues. The version in Aura's screenshot was also v4.1.4 rather than the one that I was using which was v8.1.3.
  6. Thanks, Aura. Fix result of Farbar Recovery Scan Tool (x64) Version: 25-06-2017 01 Ran by Kushagr M (26-06-2017 19:52:03) Run:3 Running from C:\Users\Kushagr\Desktop Loaded Profiles: Kushagr M (Available Profiles: Kushagr M) Boot Mode: Normal ============================================== fixlist content: ***************** Zip: C:\Users\Kushagr\AppData\Local\Temp\JRT ***************** ================== Zip: =================== C:\Users\Kushagr\AppData\Local\Temp\JRT -> copied successfully to C:\Users\Kushagr\Desktop\26.06.2017_19.52.03.zip =========== Zip: End =========== ==== End of Fixlog 19:52:05 ==== 26.06.2017_19.52.03.zip
  7. Thanks, Aura. Unfortunately JRT is throwing some errors - I have added a screenshot. # AdwCleaner v6.047 - Logfile created 24/06/2017 at 13:25:53 # Updated on 19/05/2017 by Malwarebytes # Database : 2017-06-23.1 [Server] # Operating System : Windows 10 Home (X64) # Username : Kushagr M - RIDLEY # Running from : C:\Users\Kushagr\Desktop\AdwCleaner.exe # Mode: Clean # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** ***** [ Folders ] ***** ***** [ Files ] ***** ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Registry ] ***** [-] Key deleted: HKU\S-1-5-21-770609061-3424292720-1127121963-1001\Software\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb} [#] Key deleted on reboot: HKCU\Software\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb} [-] Key deleted: HKLM\SOFTWARE\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb} [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb} [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb} ***** [ Web browsers ] ***** ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [6258 Bytes] - [18/06/2017 10:53:24] C:\AdwCleaner\AdwCleaner[C2].txt - [1295 Bytes] - [24/06/2017 13:25:53] C:\AdwCleaner\AdwCleaner[S0].txt - [5841 Bytes] - [18/06/2017 10:52:45] C:\AdwCleaner\AdwCleaner[S1].txt - [1685 Bytes] - [24/06/2017 13:25:20] ########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1514 Bytes] ##########
  8. Sorry for the late reply, Aura - I haven't had a chance to be at my computer for a bit. Anyway, here's the contents of the file. Cheers. Fix result of Farbar Recovery Scan Tool (x64) Version: 21-06-2017 01 Ran by Kushagr M (23-06-2017 17:47:51) Run:2 Running from C:\Users\Kushagr\Desktop Loaded Profiles: Kushagr M (Available Profiles: Kushagr M) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: HKLM-x32\...\Run: [AppTrailers] => C:\Users\Kushagr\AppData\Roaming\AppTrailers\AppTrailers.exe su <===== ATTENTION HKU\S-1-5-21-770609061-3424292720-1127121963-1001\...\Run: [4VBQ993NVW4GFIF] => "C:\Program Files (x86)\3b02skouof5\P3L4G.exe" GroupPolicy: Restriction <======= ATTENTION HKU\S-1-5-21-770609061-3424292720-1127121963-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://pesonal-spage.com/sall2/ CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found> CustomCLSID: HKU\S-1-5-21-770609061-3424292720-1127121963-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-EBD3A0197CD1}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File CustomCLSID: HKU\S-1-5-21-770609061-3424292720-1127121963-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Kushagr\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-770609061-3424292720-1127121963-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Kushagr\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-770609061-3424292720-1127121963-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Kushagr\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File Task: {2076E324-77FE-43F6-A857-F0E56FAD9EB0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {3F10E9B1-DB7E-4DE1-BB38-99CC0A8403B3} - System32\Tasks\{3C898DD3-CADE-4E14-95A3-6E5BA1B86A41} => pcalua.exe -a "C:\Program Files (x86)\iOSinstaller\iOSinstaller.exe" -d "C:\Program Files (x86)\iOSinstaller" Task: {493C75BD-67AF-4648-997E-17A979E36EAA} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {4F916DAE-A879-4DF7-95BB-D58A1150DFAA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {663652AB-51F6-4C52-82FD-5158A5FB62A7} - \{0F0A0C47-0A09-790E-7911-0B0E7E0F110D} -> No File <==== ATTENTION Task: {BED5C67B-9999-419A-9260-A9146D6191E7} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {C7760498-1E77-4266-AF72-A91FC7A71573} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {CC0F61BD-FBDD-4813-8048-6CEA77E3CA26} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\VideErroroReporting => C:\\ProgramData\\WindowsVideoErrorReporting\\wvermgr.exe <==== ATTENTION HKLM\...\StartupApproved\Run32: => "ProductUpdater" HKLM\...\StartupApproved\Run32: => "OMEWPRODUCT_4DRES" HKLM\...\StartupApproved\Run32: => "Lahin_Raw_barra_al3eb_b3id_49II13" HKLM\...\StartupApproved\Run32: => "gplyra" HKLM\...\StartupApproved\Run32: => "AVBoost" HKLM\...\StartupApproved\Run32: => "AppTrailers" HKU\S-1-5-21-770609061-3424292720-1127121963-1001\...\StartupApproved\Run: => "NetLimiter" HKU\S-1-5-21-770609061-3424292720-1127121963-1001\...\StartupApproved\Run: => "x1EDgnKV9CMCtw.exe" HKU\S-1-5-21-770609061-3424292720-1127121963-1001\...\StartupApproved\Run: => "Dj1gg'PZCA.exe" HKU\S-1-5-21-770609061-3424292720-1127121963-1001\...\StartupApproved\Run: => "yydakidxyrr" HKU\S-1-5-21-770609061-3424292720-1127121963-1001\...\StartupApproved\Run: => "msiql" HKU\S-1-5-21-770609061-3424292720-1127121963-1001\...\StartupApproved\Run: => "irdXknashh7v.exe" HKU\S-1-5-21-770609061-3424292720-1127121963-1001\...\StartupApproved\Run: => "ICWEK88TAB7IQ2O" HKU\S-1-5-21-770609061-3424292720-1127121963-1001\...\StartupApproved\Run: => "EI5SHO7N5OWE3CX" HKU\S-1-5-21-770609061-3424292720-1127121963-1001\...\StartupApproved\Run: => "de3iri04fiq" HKU\S-1-5-21-770609061-3424292720-1127121963-1001\...\StartupApproved\Run: => "7mazsBQx-e.exe" HKU\S-1-5-21-770609061-3424292720-1127121963-1001\...\StartupApproved\Run: => "4VBQ993NVW4GFIF" FirewallRules: [TCP Query User{6652D187-742A-437A-8EAD-9654F88819B9}C:\users\kushagr\appdata\local\temp\ntrviewer.exe] => (Allow) C:\users\kushagr\appdata\local\temp\ntrviewer.exe FirewallRules: [UDP Query User{389B37A3-491E-4890-B1F3-2BF7E9A942FA}C:\users\kushagr\appdata\local\temp\ntrviewer.exe] => (Allow) C:\users\kushagr\appdata\local\temp\ntrviewer.exe FirewallRules: [TCP Query User{403ECA3D-0A24-483C-A3A8-4B1DC7DF816A}C:\users\kushagr\appdata\local\temp\ntrviewer.exe] => (Allow) C:\users\kushagr\appdata\local\temp\ntrviewer.exe FirewallRules: [UDP Query User{C7FA4696-F608-454C-AFBD-0F0DDA13B6F2}C:\users\kushagr\appdata\local\temp\ntrviewer.exe] => (Allow) C:\users\kushagr\appdata\local\temp\ntrviewer.exe FirewallRules: [{19810B40-1348-4C53-A3FF-3BF72E5753C4}] => (Allow) %systemroot%\system32\alg.exe FirewallRules: [{7376C34E-F37D-47D4-A969-2E8B94DBCAA0}] => (Allow) %systemroot%\system32\alg.exe FirewallRules: [{E71FAEC0-4510-42F7-92BB-F0E5ECCFB494}] => (Allow) %systemroot%\system32\alg.exe FirewallRules: [{82CAE524-44B4-4129-A902-9A442B3A4B7D}] => (Allow) %systemroot%\system32\alg.exe FirewallRules: [{ACCE0FB9-9075-4253-B38D-CCD03F8A5329}] => (Allow) %systemroot%\system32\alg.exe FirewallRules: [{A10513AA-12D7-4883-AD81-642A469702AD}] => (Allow) %systemroot%\system32\alg.exe C:\Program Files (x86)\3b02skouof5 C:\Program Files (x86)\Internet Download Manager C:\Program Files (x86)\OneSystemCare C:\ProgramData\WindowsVideoErrorReporting C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооgle Сhromе.lnk C:\Users\Kushagr\AppData\Local\AdvinstAnalytics C:\Users\Kushagr\AppData\Local\lxss C:\Users\Kushagr\AppData\Local\Tempzxpsignd38f690ae80cd9fe C:\Users\Kushagr\AppData\Local\Tempzxpsign506d2e216ed45573 C:\Users\Kushagr\AppData\Local\Tempzxpsign32634400efd0b276 C:\Users\Kushagr\AppData\Local\Tempzxpsign0fe9b70cf0ae17f0 C:\Users\Kushagr\AppData\Local\Tempzxpsign82cefa1bd54636e9 C:\Users\Kushagr\AppData\Local\Tempzxpsign609999ea8f0ca335 C:\Users\Kushagr\AppData\Local\Tempzxpsign428e8397bb9c2b51 C:\Users\Kushagr\AppData\Local\Tempzxpsign40034a7318c8c8d7 C:\Users\Kushagr\AppData\Local\Tempzxpsignc5de51c68f98fb68 C:\Users\Kushagr\AppData\Roaming\AppTrailers C:\Users\Kushagr\AppData\Roaming\Browsers C:\Users\Kushagr\AppData\Roaming\ypgityspaef C:\Users\Kushagr\AppData\Roaming\us2zc00fk2h C:\Users\Kushagr\AppData\Roaming\0df996fe75434ba5a899e9f9ec090f50 C:\Users\Kushagr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Аuthy.lnk C:\Users\Kushagr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Рlаy Мusiс Launcher.lnk C:\Users\Kushagr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnet Еxplоrеr.lnk C:\Users\Kushagr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооgle Рlаy Music.lnk C:\Users\Kushagr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Gоoglе Play Music.lnk C:\Users\Kushagr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Gооglе Сhrome.lnk C:\Users\Kushagr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Аuthy.lnk C:\WINDOWS\system32\sstmp Hosts: EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AppTrailers => value not found. HKU\S-1-5-21-770609061-3424292720-1127121963-1001\Software\Microsoft\Windows\CurrentVersion\Run\\4VBQ993NVW4GFIF => value removed successfully C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully HKU\S-1-5-21-770609061-3424292720-1127121963-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKLM\SOFTWARE\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek => key removed successfully HKU\S-1-5-21-770609061-3424292720-1127121963-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-EBD3A0197CD1} => key removed successfully HKU\S-1-5-21-770609061-3424292720-1127121963-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4} => key removed successfully HKU\S-1-5-21-770609061-3424292720-1127121963-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04} => key removed successfully HKU\S-1-5-21-770609061-3424292720-1127121963-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2076E324-77FE-43F6-A857-F0E56FAD9EB0} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2076E324-77FE-43F6-A857-F0E56FAD9EB0} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3F10E9B1-DB7E-4DE1-BB38-99CC0A8403B3} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F10E9B1-DB7E-4DE1-BB38-99CC0A8403B3} => key removed successfully C:\WINDOWS\System32\Tasks\{3C898DD3-CADE-4E14-95A3-6E5BA1B86A41} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3C898DD3-CADE-4E14-95A3-6E5BA1B86A41} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{493C75BD-67AF-4648-997E-17A979E36EAA} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{493C75BD-67AF-4648-997E-17A979E36EAA} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4F916DAE-A879-4DF7-95BB-D58A1150DFAA} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F916DAE-A879-4DF7-95BB-D58A1150DFAA} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{663652AB-51F6-4C52-82FD-5158A5FB62A7} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{663652AB-51F6-4C52-82FD-5158A5FB62A7} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0F0A0C47-0A09-790E-7911-0B0E7E0F110D} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BED5C67B-9999-419A-9260-A9146D6191E7} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BED5C67B-9999-419A-9260-A9146D6191E7} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C7760498-1E77-4266-AF72-A91FC7A71573} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7760498-1E77-4266-AF72-A91FC7A71573} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC0F61BD-FBDD-4813-8048-6CEA77E3CA26} => key not found. C:\WINDOWS\System32\Tasks\Microsoft\Windows\Windows Error Reporting\VideErroroReporting => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Error Reporting\VideErroroReporting => key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\ProductUpdater => value removed successfully HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ProductUpdater => value not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\OMEWPRODUCT_4DRES => value removed successfully HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\OMEWPRODUCT_4DRES => value not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\Lahin_Raw_barra_al3eb_b3id_49II13 => value removed successfully HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Lahin_Raw_barra_al3eb_b3id_49II13 => value not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\gplyra => value not found. HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gplyra => value not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\AVBoost => value not found. HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AVBoost => value not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\AppTrailers => value not found. HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AppTrailers => value not found. HKU\S-1-5-21-770609061-3424292720-1127121963-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\NetLimiter => value removed successfully HKU\S-1-5-21-770609061-3424292720-1127121963-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NetLimiter => value not found. HKU\S-1-5-21-770609061-3424292720-1127121963-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\x1EDgnKV9CMCtw.exe => value removed successfully HKU\S-1-5-21-770609061-3424292720-1127121963-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\x1EDgnKV9CMCtw.exe => value not found. HKU\S-1-5-21-770609061-3424292720-1127121963-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Dj1gg'PZCA.exe => value removed successfully HKU\S-1-5-21-770609061-3424292720-1127121963-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Dj1gg'PZCA.exe => value not found. HKU\S-1-5-21-770609061-3424292720-1127121963-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\yydakidxyrr => value removed successfully HKU\S-1-5-21-770609061-3424292720-1127121963-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yydakidxyrr => value not found. HKU\S-1-5-21-770609061-3424292720-1127121963-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\msiql => value not found. HKU\S-1-5-21-770609061-3424292720-1127121963-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\msiql => value not found. HKU\S-1-5-21-770609061-3424292720-1127121963-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\irdXknashh7v.exe => value removed successfully HKU\S-1-5-21-770609061-3424292720-1127121963-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\irdXknashh7v.exe => value not found. HKU\S-1-5-21-770609061-3424292720-1127121963-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\ICWEK88TAB7IQ2O => value removed successfully HKU\S-1-5-21-770609061-3424292720-1127121963-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ICWEK88TAB7IQ2O => value not found. HKU\S-1-5-21-770609061-3424292720-1127121963-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\EI5SHO7N5OWE3CX => value removed successfully HKU\S-1-5-21-770609061-3424292720-1127121963-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\EI5SHO7N5OWE3CX => value not found. HKU\S-1-5-21-770609061-3424292720-1127121963-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\de3iri04fiq => value removed successfully HKU\S-1-5-21-770609061-3424292720-1127121963-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\de3iri04fiq => value not found. HKU\S-1-5-21-770609061-3424292720-1127121963-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\7mazsBQx-e.exe => value removed successfully HKU\S-1-5-21-770609061-3424292720-1127121963-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\7mazsBQx-e.exe => value not found. HKU\S-1-5-21-770609061-3424292720-1127121963-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\4VBQ993NVW4GFIF => value removed successfully HKU\S-1-5-21-770609061-3424292720-1127121963-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\4VBQ993NVW4GFIF => value not found. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6652D187-742A-437A-8EAD-9654F88819B9}C:\users\kushagr\appdata\local\temp\ntrviewer.exe => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{389B37A3-491E-4890-B1F3-2BF7E9A942FA}C:\users\kushagr\appdata\local\temp\ntrviewer.exe => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{403ECA3D-0A24-483C-A3A8-4B1DC7DF816A}C:\users\kushagr\appdata\local\temp\ntrviewer.exe => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C7FA4696-F608-454C-AFBD-0F0DDA13B6F2}C:\users\kushagr\appdata\local\temp\ntrviewer.exe => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{19810B40-1348-4C53-A3FF-3BF72E5753C4} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7376C34E-F37D-47D4-A969-2E8B94DBCAA0} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E71FAEC0-4510-42F7-92BB-F0E5ECCFB494} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{82CAE524-44B4-4129-A902-9A442B3A4B7D} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ACCE0FB9-9075-4253-B38D-CCD03F8A5329} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A10513AA-12D7-4883-AD81-642A469702AD} => value removed successfully "C:\Program Files (x86)\3b02skouof5" => not found. "C:\Program Files (x86)\Internet Download Manager" => not found. "C:\Program Files (x86)\OneSystemCare" => not found. "C:\ProgramData\WindowsVideoErrorReporting" => not found. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооgle Сhromе.lnk => moved successfully C:\Users\Kushagr\AppData\Local\AdvinstAnalytics => moved successfully C:\Users\Kushagr\AppData\Local\lxss => moved successfully C:\Users\Kushagr\AppData\Local\Tempzxpsignd38f690ae80cd9fe => moved successfully C:\Users\Kushagr\AppData\Local\Tempzxpsign506d2e216ed45573 => moved successfully C:\Users\Kushagr\AppData\Local\Tempzxpsign32634400efd0b276 => moved successfully C:\Users\Kushagr\AppData\Local\Tempzxpsign0fe9b70cf0ae17f0 => moved successfully C:\Users\Kushagr\AppData\Local\Tempzxpsign82cefa1bd54636e9 => moved successfully C:\Users\Kushagr\AppData\Local\Tempzxpsign609999ea8f0ca335 => moved successfully C:\Users\Kushagr\AppData\Local\Tempzxpsign428e8397bb9c2b51 => moved successfully C:\Users\Kushagr\AppData\Local\Tempzxpsign40034a7318c8c8d7 => moved successfully C:\Users\Kushagr\AppData\Local\Tempzxpsignc5de51c68f98fb68 => moved successfully "C:\Users\Kushagr\AppData\Roaming\AppTrailers" => not found. "C:\Users\Kushagr\AppData\Roaming\Browsers" => not found. C:\Users\Kushagr\AppData\Roaming\ypgityspaef => moved successfully C:\Users\Kushagr\AppData\Roaming\us2zc00fk2h => moved successfully C:\Users\Kushagr\AppData\Roaming\0df996fe75434ba5a899e9f9ec090f50 => moved successfully C:\Users\Kushagr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Аuthy.lnk => moved successfully C:\Users\Kushagr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Рlаy Мusiс Launcher.lnk => moved successfully C:\Users\Kushagr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnet Еxplоrеr.lnk => moved successfully C:\Users\Kushagr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооgle Рlаy Music.lnk => moved successfully C:\Users\Kushagr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Gоoglе Play Music.lnk => moved successfully C:\Users\Kushagr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Gооglе Сhrome.lnk => moved successfully C:\Users\Kushagr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Аuthy.lnk => moved successfully C:\WINDOWS\system32\sstmp => moved successfully Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 851572 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 33723480 B Java, Flash, Steam htmlcache => 390216023 B Windows/system/drivers => 18108571 B Edge => 32964022 B Chrome => 499485751 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 128 B systemprofile32 => 128 B LocalService => 20480 B NetworkService => 1117768 B Kushagr => 706859992 B RecycleBin => 11403161680 B EmptyTemp: => 12.2 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 17:48:51 ====
  9. Thanks Aura, sorry for the late reply. Here's the contents of the TXT. Fix result of Farbar Recovery Scan Tool (x64) Version: 18-06-2017 01 Ran by Kushagr M (21-06-2017 21:19:23) Run:1 Running from C:\Users\Kushagr\Downloads Loaded Profiles: Kushagr M (Available Profiles: Kushagr M) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: Zip: C:\Users\Kushagr\AppData\Roaming\AppTrailers;C:\Program Files (x86)\3b02skouof5;C:\Program Files (x86)\OneSystemCare;C:\WINDOWS\system32\sstmp;C:\Users\Kushagr\AppData\Roaming\ypgityspaef;C:\Users\Kushagr\AppData\Roaming\us2zc00fk2h;C:\Users\Kushagr\AppData\Roaming\0df996fe75434ba5a899e9f9ec090f50;C:\Users\Kushagr\AppData\Local\Temp\7JHU7Q3.exe;C:\Users\Kushagr\AppData\Local\Temp\inter_silent_uni.exe;C:\Users\Kushagr\AppData\Local\Temp\ms.exe;C:\Users\Kushagr\AppData\Local\Temp\nop.exe;C:\Users\Kushagr\AppData\Local\Temp\nRLdhTjI-prog.exe;C:\Users\Kushagr\AppData\Local\Temp\OneSystemCare.exe;C:\Users\Kushagr\AppData\Local\Temp\Setup.exe;C:\Users\Kushagr\AppData\Local\Temp\unins000.exe;C:\\ProgramData\\WindowsVideoErrorReporting;C:\Users\Kushagr\AppData\Roaming\Browsers HKLM-x32\...\Run: [AppTrailers] => C:\Users\Kushagr\AppData\Roaming\AppTrailers\AppTrailers.exe su <===== ATTENTION HKU\S-1-5-21-770609061-3424292720-1127121963-1001\...\Run: [4VBQ993NVW4GFIF] => "C:\Program Files (x86)\3b02skouof5\P3L4G.exe" GroupPolicy: Restriction <======= ATTENTION HKU\S-1-5-21-770609061-3424292720-1127121963-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://pesonal-spage.com/sall2/ CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found> CustomCLSID: HKU\S-1-5-21-770609061-3424292720-1127121963-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-EBD3A0197CD1}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File CustomCLSID: HKU\S-1-5-21-770609061-3424292720-1127121963-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Kushagr\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-770609061-3424292720-1127121963-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Kushagr\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-770609061-3424292720-1127121963-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Kushagr\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File Task: {2076E324-77FE-43F6-A857-F0E56FAD9EB0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {3F10E9B1-DB7E-4DE1-BB38-99CC0A8403B3} - System32\Tasks\{3C898DD3-CADE-4E14-95A3-6E5BA1B86A41} => pcalua.exe -a "C:\Program Files (x86)\iOSinstaller\iOSinstaller.exe" -d "C:\Program Files (x86)\iOSinstaller" Task: {493C75BD-67AF-4648-997E-17A979E36EAA} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {4F916DAE-A879-4DF7-95BB-D58A1150DFAA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {663652AB-51F6-4C52-82FD-5158A5FB62A7} - \{0F0A0C47-0A09-790E-7911-0B0E7E0F110D} -> No File <==== ATTENTION Task: {BED5C67B-9999-419A-9260-A9146D6191E7} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {C7760498-1E77-4266-AF72-A91FC7A71573} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {CC0F61BD-FBDD-4813-8048-6CEA77E3CA26} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\VideErroroReporting => C:\\ProgramData\\WindowsVideoErrorReporting\\wvermgr.exe <==== ATTENTION HKLM\...\StartupApproved\Run32: => "ProductUpdater" HKLM\...\StartupApproved\Run32: => "OMEWPRODUCT_4DRES" HKLM\...\StartupApproved\Run32: => "Lahin_Raw_barra_al3eb_b3id_49II13" HKLM\...\StartupApproved\Run32: => "gplyra" HKLM\...\StartupApproved\Run32: => "AVBoost" HKLM\...\StartupApproved\Run32: => "AppTrailers" HKU\S-1-5-21-770609061-3424292720-1127121963-1001\...\StartupApproved\Run: => "NetLimiter" HKU\S-1-5-21-770609061-3424292720-1127121963-1001\...\StartupApproved\Run: => "x1EDgnKV9CMCtw.exe" HKU\S-1-5-21-770609061-3424292720-1127121963-1001\...\StartupApproved\Run: => "Dj1gg'PZCA.exe" HKU\S-1-5-21-770609061-3424292720-1127121963-1001\...\StartupApproved\Run: => "yydakidxyrr" HKU\S-1-5-21-770609061-3424292720-1127121963-1001\...\StartupApproved\Run: => "msiql" HKU\S-1-5-21-770609061-3424292720-1127121963-1001\...\StartupApproved\Run: => "irdXknashh7v.exe" HKU\S-1-5-21-770609061-3424292720-1127121963-1001\...\StartupApproved\Run: => "ICWEK88TAB7IQ2O" HKU\S-1-5-21-770609061-3424292720-1127121963-1001\...\StartupApproved\Run: => "EI5SHO7N5OWE3CX" HKU\S-1-5-21-770609061-3424292720-1127121963-1001\...\StartupApproved\Run: => "de3iri04fiq" HKU\S-1-5-21-770609061-3424292720-1127121963-1001\...\StartupApproved\Run: => "7mazsBQx-e.exe" HKU\S-1-5-21-770609061-3424292720-1127121963-1001\...\StartupApproved\Run: => "4VBQ993NVW4GFIF" FirewallRules: [TCP Query User{6652D187-742A-437A-8EAD-9654F88819B9}C:\users\kushagr\appdata\local\temp\ntrviewer.exe] => (Allow) C:\users\kushagr\appdata\local\temp\ntrviewer.exe FirewallRules: [UDP Query User{389B37A3-491E-4890-B1F3-2BF7E9A942FA}C:\users\kushagr\appdata\local\temp\ntrviewer.exe] => (Allow) C:\users\kushagr\appdata\local\temp\ntrviewer.exe FirewallRules: [TCP Query User{403ECA3D-0A24-483C-A3A8-4B1DC7DF816A}C:\users\kushagr\appdata\local\temp\ntrviewer.exe] => (Allow) C:\users\kushagr\appdata\local\temp\ntrviewer.exe FirewallRules: [UDP Query User{C7FA4696-F608-454C-AFBD-0F0DDA13B6F2}C:\users\kushagr\appdata\local\temp\ntrviewer.exe] => (Allow) C:\users\kushagr\appdata\local\temp\ntrviewer.exe FirewallRules: [{19810B40-1348-4C53-A3FF-3BF72E5753C4}] => (Allow) %systemroot%\system32\alg.exe FirewallRules: [{7376C34E-F37D-47D4-A969-2E8B94DBCAA0}] => (Allow) %systemroot%\system32\alg.exe FirewallRules: [{E71FAEC0-4510-42F7-92BB-F0E5ECCFB494}] => (Allow) %systemroot%\system32\alg.exe FirewallRules: [{82CAE524-44B4-4129-A902-9A442B3A4B7D}] => (Allow) %systemroot%\system32\alg.exe FirewallRules: [{ACCE0FB9-9075-4253-B38D-CCD03F8A5329}] => (Allow) %systemroot%\system32\alg.exe FirewallRules: [{A10513AA-12D7-4883-AD81-642A469702AD}] => (Allow) %systemroot%\system32\alg.exe C:\Program Files (x86)\3b02skouof5 C:\Program Files (x86)\Internet Download Manager C:\Program Files (x86)\OneSystemCare C:\ProgramData\WindowsVideoErrorReporting C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооgle Сhromе.lnk C:\Users\Kushagr\AppData\Local\AdvinstAnalytics C:\Users\Kushagr\AppData\Local\lxss C:\Users\Kushagr\AppData\Local\Tempzxpsignd38f690ae80cd9fe C:\Users\Kushagr\AppData\Local\Tempzxpsign506d2e216ed45573 C:\Users\Kushagr\AppData\Local\Tempzxpsign32634400efd0b276 C:\Users\Kushagr\AppData\Local\Tempzxpsign0fe9b70cf0ae17f0 C:\Users\Kushagr\AppData\Local\Tempzxpsign82cefa1bd54636e9 C:\Users\Kushagr\AppData\Local\Tempzxpsign609999ea8f0ca335 C:\Users\Kushagr\AppData\Local\Tempzxpsign428e8397bb9c2b51 C:\Users\Kushagr\AppData\Local\Tempzxpsign40034a7318c8c8d7 C:\Users\Kushagr\AppData\Local\Tempzxpsignc5de51c68f98fb68 C:\Users\Kushagr\AppData\Roaming\AppTrailers C:\Users\Kushagr\AppData\Roaming\Browsers C:\Users\Kushagr\AppData\Roaming\ypgityspaef C:\Users\Kushagr\AppData\Roaming\us2zc00fk2h C:\Users\Kushagr\AppData\Roaming\0df996fe75434ba5a899e9f9ec090f50 C:\Users\Kushagr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Аuthy.lnk C:\Users\Kushagr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Рlаy Мusiс Launcher.lnk C:\Users\Kushagr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnet Еxplоrеr.lnk C:\Users\Kushagr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооgle Рlаy Music.lnk C:\Users\Kushagr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Gоoglе Play Music.lnk C:\Users\Kushagr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Gооglе Сhrome.lnk C:\Users\Kushagr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Аuthy.lnk C:\WINDOWS\system32\sstmp Hosts: EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. ================== Zip: =================== "C:\Users\Kushagr\AppData\Roaming\AppTrailers" -> not found "C:\Program Files (x86)\3b02skouof5" -> not found "C:\Program Files (x86)\OneSystemCare" -> not found
  10. Hi Aura, Thanks for taking the time to help me out. I've been running the FRST fix for quite a while now (over an hour!). Is it meant to take that long? Thanks!
  11. I went through this guide: forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/ and it told me to post here, so I'm doing so. I have attached the files that Farbar gave me. Thanks Addition.txt FRST.txt Edit: I also just added the scan log from Malwarebytes. scanlog.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.