Jump to content

skitterant

Members
  • Posts

    9
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Nope, I have no more questions. Thanks for the tips to avoid infections and helping me through this process. You are great and I sincerely thank you! # DelFix v1.013 - Logfile created 28/01/2018 at 13:27:33 # Updated 17/04/2016 by Xplode # Username : Anthony - DESKTOP-3CG8ISG # Operating System : Windows 10 Home (64 bits) ~ Activating UAC ... OK ~ Removing disinfection tools ... Deleted : C:\FRST Deleted : C:\AdwCleaner Deleted : C:\Users\Anthony\Downloads\FRST-OlderVersion Deleted : C:\Users\Anthony\Desktop\mbar Deleted : C:\Users\Anthony\Desktop\RogueKiller64.exe Deleted : C:\Users\Public\Desktop\RogueKiller.lnk Deleted : C:\Users\Anthony\Downloads\Addition.txt Deleted : C:\Users\Anthony\Downloads\AdwCleaner.exe Deleted : C:\Users\Anthony\Downloads\Fixlog.txt Deleted : C:\Users\Anthony\Downloads\FRST.txt Deleted : C:\Users\Anthony\Downloads\FRST64.exe ~ Creating registry backup ... OK ~ Cleaning system restore ... New restore point created ! ~ Resetting system settings ... OK ########## - EOF - ##########
  2. My computer seems to be back to normal. All of the programs that I have tested have ran perfectly. Thanks for the help and the ongoing support! Fix result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018 Ran by Anthony (28-01-2018 13:11:24) Run:2 Running from C:\Users\Anthony\Downloads Loaded Profiles: Anthony (Available Profiles: Anthony & Administrator) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: DeleteKey: HKLM\SOFTWARE\Google\Chrome\Extensions\${CHROME_EXTID} DeleteKey: HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\${CHROME_EXTID} HKLM-x32\...\Run: [cystitis] => "C:\Program Files (x86)\Bochco\parslow.exe" HKLM-x32\...\Run: [cystitissawtooth] => "C:\Program Files (x86)\distant\blocs.exe" HKLM-x32\...\Run: [cystitiscystitis] => "C:\Program Files (x86)\Derivations\parslow.exe" HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\...\Run: [acknowledged] => "C:\Program Files (x86)\rosslyn\acknowledged.exe" Startup: C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\woodruff.lnk [2018-01-27] ShortcutTarget: woodruff.lnk -> C:\Program Files (x86)\Bochco\parslow.exe (No File) Startup: C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\woodruffwoodruff.lnk [2018-01-27] ShortcutTarget: woodruffwoodruff.lnk -> C:\Program Files (x86)\distant\blocs.exe (No File) GroupPolicy: Restriction - Chrome <==== ATTENTION GroupPolicy\User: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION S1 pivdczqn; \??\C:\WINDOWS\system32\drivers\pivdczqn.sys [X] Task: {2D4E280D-3BA7-4214-B53B-C4EAAA9FD064} - \IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 -> No File <==== ATTENTION Task: {3873703D-294D-4F97-A682-A123F6655787} - \WRUStartup -> No File <==== ATTENTION Task: {4B6FBCE3-44D8-4E6C-B64A-2384EBD8F16E} - \IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon -> No File <==== ATTENTION Task: {83198BE3-FC6F-4D43-A3C9-8D1D23B86102} - System32\Tasks\Stay Maker => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Stay Maker\Stay Maker.dll",pBQuxtLzNV <==== ATTENTION Task: {8674327F-A547-42F1-B8F2-14629610967D} - System32\Tasks\{025F28A7-C30C-4767-8B35-12FDADE89DA1} => C:\WINDOWS\system32\pcalua.exe -a C:\WINDOWS\e1971624436783322dbca5a789a6abbf.exe Task: {8EDEE692-8FCE-4B22-8561-2565F85DC849} - System32\Tasks\eZsmkMC0oQIj => ezsmkmc0oqij.exe Task: {C2C89928-976B-4FFD-9E57-F0A42CA7710A} - \WRU -> No File <==== ATTENTION Task: {CAC2EEF4-CC72-4E2C-B2A4-AA163C92A0D8} - \IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec -> No File <==== ATTENTION Task: {D3AA28B4-8C0E-436E-8FE8-B3467F06EC15} - \PCDEventLauncherTask -> No File <==== ATTENTION Task: {D698B1B0-4C92-4588-B0C6-633668B351B7} - System32\Tasks\IconBoxReporter => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\IconBoxReporter\IconBoxReporter.dll",DMerRCqfkUy <==== ATTENTION Task: {D7F75DFF-BD02-4CA0-9D86-C245A28620A2} - System32\Tasks\bak4431109k4431109 => C:\Program Files (x86)\altamont\altamont.exe Task: {EAE2901B-B483-48FA-92B5-BEE7091FE5E2} - \SystemToolsDailyTest -> No File <==== ATTENTION Task: {F5E65624-154A-435A-B63E-497F65B41F1E} - \PCDDataUploadTask -> No File <==== ATTENTION HKLM\...\StartupApproved\Run: => "cutoauto" HKLM\...\StartupApproved\Run: => "toys" HKLM\...\StartupApproved\Run: => "lavishing.exemedian.exe" HKLM\...\StartupApproved\Run: => "autoauto" HKLM\...\StartupApproved\Run: => "noncitizennoncitizen" HKLM\...\StartupApproved\Run: => "noncitizen" HKLM\...\StartupApproved\Run: => "rattedtreeless" HKLM\...\StartupApproved\Run: => "rattedratted" HKLM\...\StartupApproved\Run: => "ratted" HKLM\...\StartupApproved\Run32: => "cutoauto" HKLM\...\StartupApproved\Run32: => "toys" HKLM\...\StartupApproved\Run32: => "autoauto" HKLM\...\StartupApproved\Run32: => "cystitissawtooth" HKLM\...\StartupApproved\Run32: => "cystitiscystitis" HKLM\...\StartupApproved\Run32: => "cystitis" HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\...\StartupApproved\StartupFolder: => "ok17272482derivative.lnk" HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\...\StartupApproved\StartupFolder: => "ok17272482.lnk" HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\...\StartupApproved\StartupFolder: => "derivative.lnk" HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\...\StartupApproved\StartupFolder: => "allude.lnk" HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\...\StartupApproved\Run: => "dutoauto" HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\...\StartupApproved\Run: => "convertor" HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\...\StartupApproved\Run: => "lawless" HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\...\StartupApproved\Run: => "astoundingly" HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\...\StartupApproved\Run: => "facade" HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\...\StartupApproved\Run: => "toys" HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\...\StartupApproved\Run: => "rutoauto" HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\...\StartupApproved\Run: => "poley" HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\...\StartupApproved\Run: => "treelessratted" HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\...\StartupApproved\Run: => "adoptions" HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\...\StartupApproved\Run: => "treelesstreeless" HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\...\StartupApproved\Run: => "treeless" HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\...\StartupApproved\Run: => "TTsfduo6Wlva1s.exe" FirewallRules: [{8A5621A3-72D6-4738-B824-EF28D4C3ED9A}] => (Allow) C:\Program Files (x86)\temptingly\stayer.exe FirewallRules: [{034D730E-FCA7-4AC1-AAC9-A5DC6FA31531}] => (Allow) C:\Program Files (x86)\temptingly\goosey.exe FirewallRules: [{D18FD221-082D-4231-A799-E3E7C08FD832}] => (Allow) C:\Program Files (x86)\wring\lavishing.exe FirewallRules: [{79467925-8981-4ED6-A2CC-E7EB4BBC223A}] => (Allow) C:\Program Files (x86)\Wadhams\median.exe FirewallRules: [{35209D60-E8EE-4BC8-9FEF-E1F3069A1AD6}] => (Allow) C:\Program Files (x86)\Holds\spelled.exe FirewallRules: [{6AD36724-9F2C-4FD5-9FD0-31BD2651FCF0}] => (Allow) C:\Program Files (x86)\Og\spelled.exe FirewallRules: [TCP Query User{13D1BADE-0088-44D6-AD95-FBEC5B08A1E6}C:\program files (x86)\google\chrome\application\chrome334.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome334.exe FirewallRules: [UDP Query User{439FBC82-96FA-432F-BE2C-E725F5FBBB3D}C:\program files (x86)\google\chrome\application\chrome334.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome334.exe FirewallRules: [{BEE34487-8CFB-4FA8-8E9E-9E1440411604}] => (Allow) C:\Program Files (x86)\Bochco\parslow.exe FirewallRules: [{1EB14FF1-D5D1-4A60-A5A5-2153F58C48F8}] => (Allow) C:\Program Files (x86)\Derivations\parslow.exe FirewallRules: [{04276356-07BB-4A75-AD80-983015CCB77A}] => (Allow) C:\Program Files (x86)\distant\blocs.exe FirewallRules: [{D521D93F-F3F4-4413-93C0-64CE5A8931CA}] => (Allow) C:\Program Files (x86)\Derivations\blocs.exe C:\Program Files\Stay Maker C:\Program Files\IconBoxReporter C:\Program Files (x86)\altamont C:\Program Files (x86)\Bochco C:\Program Files (x86)\distant C:\Program Files (x86)\Derivations C:\Program Files (x86)\Holds C:\Program Files (x86)\Og C:\Program Files (x86)\rosslyn C:\Program Files (x86)\temptingly C:\Program Files (x86)\wring C:\Program Files (x86)\Wadhams C:\program files (x86)\google\chrome\application\chrome334.exe C:\ProgramData\ntuser.pol C:\Users\Anthony\ntuser.pol C:\Users\Anthony\AppData\Local\rtrdswg C:\Users\Anthony\AppData\Local\igfxmtc C:\Users\Anthony\AppData\Local\lmmgvrz C:\WINDOWS\e1971624436783322dbca5a789a6abbf.exe C:\WINDOWS\uninstaller.dat C:\WINDOWS\system32\scoxnutsvc.exe C:\WINDOWS\system32\Drivers\2525A2F2.sys EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. "HKLM\SOFTWARE\Google\Chrome\Extensions\${CHROME_EXTID}" => removed successfully "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\${CHROME_EXTID}" => removed successfully "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\cystitis" => removed successfully "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\cystitissawtooth" => removed successfully "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\cystitiscystitis" => removed successfully "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully "HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\Software\Microsoft\Windows\CurrentVersion\Run\\acknowledged" => removed successfully C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\woodruff.lnk => moved successfully C:\Program Files => FRST is scripted not to move this directory. C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\woodruffwoodruff.lnk => moved successfully C:\Program Files => FRST is scripted not to move this directory. C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully C:\WINDOWS\system32\GroupPolicy\User => moved successfully "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully "HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully "HKLM\System\CurrentControlSet\Services\pivdczqn" => removed successfully pivdczqn => service removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2D4E280D-3BA7-4214-B53B-C4EAAA9FD064} => could not remove key. ErrorCode1: 0x00000002 "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D4E280D-3BA7-4214-B53B-C4EAAA9FD064}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3873703D-294D-4F97-A682-A123F6655787}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3873703D-294D-4F97-A682-A123F6655787}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WRUStartup" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4B6FBCE3-44D8-4E6C-B64A-2384EBD8F16E}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B6FBCE3-44D8-4E6C-B64A-2384EBD8F16E}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{83198BE3-FC6F-4D43-A3C9-8D1D23B86102}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83198BE3-FC6F-4D43-A3C9-8D1D23B86102}" => removed successfully C:\WINDOWS\System32\Tasks\Stay Maker => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Stay Maker" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8674327F-A547-42F1-B8F2-14629610967D}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8674327F-A547-42F1-B8F2-14629610967D}" => removed successfully C:\WINDOWS\System32\Tasks\{025F28A7-C30C-4767-8B35-12FDADE89DA1} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{025F28A7-C30C-4767-8B35-12FDADE89DA1}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8EDEE692-8FCE-4B22-8561-2565F85DC849}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8EDEE692-8FCE-4B22-8561-2565F85DC849}" => removed successfully C:\WINDOWS\System32\Tasks\eZsmkMC0oQIj => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\eZsmkMC0oQIj" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C2C89928-976B-4FFD-9E57-F0A42CA7710A}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2C89928-976B-4FFD-9E57-F0A42CA7710A}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WRU" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CAC2EEF4-CC72-4E2C-B2A4-AA163C92A0D8}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CAC2EEF4-CC72-4E2C-B2A4-AA163C92A0D8}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D3AA28B4-8C0E-436E-8FE8-B3467F06EC15}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3AA28B4-8C0E-436E-8FE8-B3467F06EC15}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDEventLauncherTask" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{D698B1B0-4C92-4588-B0C6-633668B351B7}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D698B1B0-4C92-4588-B0C6-633668B351B7}" => removed successfully C:\WINDOWS\System32\Tasks\IconBoxReporter => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IconBoxReporter" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D7F75DFF-BD02-4CA0-9D86-C245A28620A2}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7F75DFF-BD02-4CA0-9D86-C245A28620A2}" => removed successfully C:\WINDOWS\System32\Tasks\bak4431109k4431109 => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bak4431109k4431109" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EAE2901B-B483-48FA-92B5-BEE7091FE5E2}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EAE2901B-B483-48FA-92B5-BEE7091FE5E2}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemToolsDailyTest" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5E65624-154A-435A-B63E-497F65B41F1E}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5E65624-154A-435A-B63E-497F65B41F1E}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDDataUploadTask" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\cutoauto" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\cutoauto" => not found "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\toys" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\toys" => not found "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\lavishing.exemedian.exe" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\lavishing.exemedian.exe" => not found "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\autoauto" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\autoauto" => not found "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\noncitizennoncitizen" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\noncitizennoncitizen" => not found "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\noncitizen" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\noncitizen" => not found "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\rattedtreeless" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\rattedtreeless" => not found "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\rattedratted" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\rattedratted" => not found "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\ratted" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ratted" => not found "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\cutoauto" => removed successfully "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\cutoauto" => not found "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\toys" => removed successfully "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\toys" => not found "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\autoauto" => removed successfully "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\autoauto" => not found "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\cystitissawtooth" => removed successfully "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\cystitissawtooth" => not found "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\cystitiscystitis" => removed successfully "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\cystitiscystitis" => not found "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\cystitis" => removed successfully "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\cystitis" => not found "C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ok17272482derivative.lnk" => not found "HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\ok17272482derivative.lnk" => removed successfully "C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ok17272482.lnk" => not found "HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\ok17272482.lnk" => removed successfully "C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\derivative.lnk" => not found "HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\derivative.lnk" => removed successfully "C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\allude.lnk" => not found "HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\allude.lnk" => removed successfully "HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\dutoauto" => removed successfully "HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\dutoauto" => not found "HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\convertor" => removed successfully "HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\convertor" => not found "HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\lawless" => removed successfully "HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\lawless" => not found "HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\astoundingly" => removed successfully "HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\astoundingly" => not found "HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\facade" => removed successfully "HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\facade" => not found "HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\toys" => removed successfully "HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\toys" => not found "HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\rutoauto" => removed successfully "HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\rutoauto" => not found "HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\poley" => removed successfully "HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\poley" => not found "HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\treelessratted" => removed successfully "HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\treelessratted" => not found "HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\adoptions" => removed successfully "HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\adoptions" => not found "HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\treelesstreeless" => removed successfully "HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\treelesstreeless" => not found "HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\treeless" => removed successfully "HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\treeless" => not found "HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\TTsfduo6Wlva1s.exe" => removed successfully "HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\TTsfduo6Wlva1s.exe" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8A5621A3-72D6-4738-B824-EF28D4C3ED9A}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{034D730E-FCA7-4AC1-AAC9-A5DC6FA31531}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D18FD221-082D-4231-A799-E3E7C08FD832}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{79467925-8981-4ED6-A2CC-E7EB4BBC223A}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{35209D60-E8EE-4BC8-9FEF-E1F3069A1AD6}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6AD36724-9F2C-4FD5-9FD0-31BD2651FCF0}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{13D1BADE-0088-44D6-AD95-FBEC5B08A1E6}C:\program files (x86)\google\chrome\application\chrome334.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{439FBC82-96FA-432F-BE2C-E725F5FBBB3D}C:\program files (x86)\google\chrome\application\chrome334.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BEE34487-8CFB-4FA8-8E9E-9E1440411604}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1EB14FF1-D5D1-4A60-A5A5-2153F58C48F8}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{04276356-07BB-4A75-AD80-983015CCB77A}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D521D93F-F3F4-4413-93C0-64CE5A8931CA}" => removed successfully "C:\Program Files\Stay Maker" => not found "C:\Program Files\IconBoxReporter" => not found "C:\Program Files (x86)\altamont" => not found "C:\Program Files (x86)\Bochco" => not found "C:\Program Files (x86)\distant" => not found "C:\Program Files (x86)\Derivations" => not found "C:\Program Files (x86)\Holds" => not found "C:\Program Files (x86)\Og" => not found "C:\Program Files (x86)\rosslyn" => not found "C:\Program Files (x86)\temptingly" => not found "C:\Program Files (x86)\wring" => not found "C:\Program Files (x86)\Wadhams" => not found "C:\program files (x86)\google\chrome\application\chrome334.exe" => not found C:\ProgramData\ntuser.pol => moved successfully C:\Users\Anthony\ntuser.pol => moved successfully C:\Users\Anthony\AppData\Local\rtrdswg => moved successfully C:\Users\Anthony\AppData\Local\igfxmtc => moved successfully C:\Users\Anthony\AppData\Local\lmmgvrz => moved successfully "C:\WINDOWS\e1971624436783322dbca5a789a6abbf.exe" => not found C:\WINDOWS\uninstaller.dat => moved successfully C:\WINDOWS\system32\scoxnutsvc.exe => moved successfully C:\WINDOWS\system32\Drivers\2525A2F2.sys => moved successfully =========== EmptyTemp: ========== BITS transfer queue => 32768 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 71836760 B Java, Flash, Steam htmlcache => 7461 B Windows/system/drivers => 680496 B Edge => 80501420 B Chrome => 31145974 B Firefox => 386291791 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 6656 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 25091 B systemprofile32 => 0 B LocalService => 83222 B NetworkService => 1351630 B Anthony => 1984757 B Administrator => 0 B RecycleBin => 0 B EmptyTemp: => 547.4 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 13:11:58 ====
  3. # AdwCleaner 7.0.7.0 - Logfile created on Sat Jan 27 20:04:50 2018 # Updated on 2018/18/01 by Malwarebytes # Running on Windows 10 Home (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** Deleted: scan Deleted: 27d2e11e4f96f0fe9d807a046f465fa4 Deleted: 7cb89f5d0f5e1db20b46770c597f965a ***** [ Folders ] ***** Deleted: C:\Windows\System32\\sstmp Deleted: C:\Windows\SysWOW64\\sstmp Deleted: C:\Users\All Users\Documents\Guid Deleted: C:\Users\Public\Documents\Guid Deleted: C:\Users\Anthony\AppData\Local\AdvinstAnalytics Deleted: C:\Users\Default\AppData\Local\AdvinstAnalytics Deleted: C:\Users\Default User\AppData\Local\AdvinstAnalytics Deleted: C:\Users\Anthony\AppData\Roaming\PARETOLOGIC Deleted: C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PARETOLOGIC Deleted: C:\Users\Anthony\AppData\Local\SrvInetInfo ***** [ Files ] ***** Deleted: C:\Users\Anthony\AppData\Roaming\\Installer.dat Deleted: C:\Users\Anthony\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\RegCure Pro.lnk Deleted: C:\Users\Anthony\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\REGCURE PRO.LNK ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** Deleted: Advance-PC-Care_Logon Deleted: 7cb89f5d0f5e1db20b46770c597f965a ***** [ Registry ] ***** Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\adnetworkperformance.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\chatango.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\cmptch.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\coupontime.co Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d19tqk5t6qcjac.cloudfront.net Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d22j4fzzszoii2.cloudfront.net Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\reimageplus.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\reimageplus.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\st.chatango.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\st.chatango.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.cmptch.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.coupontime00.coupontime.co Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\utop.it Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www-searching.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www-searching.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www-searching.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.adnetworkperformance.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.reimageplus.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.reimageplus.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\adnetworkperformance.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\chatango.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\cmptch.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\coupontime.co Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d19tqk5t6qcjac.cloudfront.net Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d22j4fzzszoii2.cloudfront.net Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\reimageplus.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\reimageplus.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\st.chatango.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\st.chatango.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.cmptch.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.coupontime00.coupontime.co Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\utop.it Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www-searching.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www-searching.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www-searching.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.adnetworkperformance.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.reimageplus.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.reimageplus.com Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{67527284-DF2C-4033-BED1-049308CFE335} Deleted: [Key] - HKLM\SOFTWARE\ParetoLogic Deleted: [Key] - HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\Software\ParetoLogic Deleted: [Key] - HKU\S-1-5-21-2947238692-4134140855-3129986921-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01272018135839204\Software\ParetoLogic Deleted: [Key] - HKCU\Software\ParetoLogic Deleted: [Key] - HKLM\SOFTWARE\xs Deleted: [Key] - HKLM\SOFTWARE\Microsoft\DMunversion Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{65416821-217D-44BD-9C61-F53398FB1B46} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{65416821-217D-44BD-9C61-F53398FB1B46} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{6DFC0DC7-FDC5-44C2-8B80-5977BA8F8ACC} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{E5AFF088-92F8-41a9-8CAB-E9CDCCE967AC} Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{34F4FEAF-4921-4B5D-8BE5-CA384BFFC2CE} Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{39A37965-0A96-43A3-870E-821FE5C84B0B} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{4ABDD67C-44E3-42E0-816D-D7F0E54761DF} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{4ABDD67C-44E3-42E0-816D-D7F0E54761DF} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{94915A56-4D71-4F85-B59C-CC040F5AC6F0} Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|interpee Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|interpee Deleted: [Value] - HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|interpee Deleted: [Value] - HKU\S-1-5-21-2947238692-4134140855-3129986921-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01272018135839204\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|interpee Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application Deleted: [Value] - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel|Homepage Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext|DisableAddonLoadTimePerformanceNotifications Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Hotfresh.exe Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VoyasollamU Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\en.softonic.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\unlocker.en.softonic.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\en.softonic.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\unlocker.en.softonic.com Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{A04F7052-351C-49F5-9DC6-F30EEC33E6D3} Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{07209614-92A0-43F5-BCD7-3AAAD7F2090F} Deleted: [Key] - HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\Software\FastDataX Deleted: [Key] - HKU\S-1-5-21-2947238692-4134140855-3129986921-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01272018135839204\Software\FastDataX Deleted: [Key] - HKCU\Software\FastDataX Deleted: [Key] - HKLM\SOFTWARE\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb} Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{A04F7052-351C-49F5-9DC6-F30EEC33E6D3} Deleted: [Key] - HKLM\SOFTWARE\efixmypc.com Deleted: [Key] - HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\Software\efixmypc.com Deleted: [Key] - HKU\S-1-5-21-2947238692-4134140855-3129986921-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01272018135839204\Software\efixmypc.com Deleted: [Key] - HKCU\Software\efixmypc.com Deleted: [Key] - HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d} Deleted: [Key] - HKU\S-1-5-21-2947238692-4134140855-3129986921-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01272018135839204\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d} Deleted: [Key] - HKCU\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d} Deleted: [Key] - HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\Software\SetupCompany Deleted: [Key] - HKU\S-1-5-21-2947238692-4134140855-3129986921-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01272018135839204\Software\SetupCompany Deleted: [Key] - HKCU\Software\SetupCompany Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Program Files (x86)\Microleaves\ ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries deleted. ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [17415 B] - [2018/1/27 20:4:10] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ########## RogueKiller V12.12.1.0 (x64) [Jan 22 2018] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 10 (10.0.14393) 64 bits version Started in : Normal mode User : Anthony [Administrator] Started from : C:\Users\Anthony\Desktop\RogueKiller64.exe Mode : Delete -- Date : 01/27/2018 14:09:50 (Duration : 00:27:28) ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 9 ¤¤¤ [PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost | bdx : [x] -> Deleted [Root.Wajam] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\7cb89f5d0f5e1db20b46770c597f965a -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\accelerators (C:\WINDOWS\familiarize.exe) -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xiaoping (C:\WINDOWS\dubliners.exe) -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {75DBF7CE-A1E9-4BCA-8E49-D1C72CBAF839} : v2.26|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Anthony\AppData\Local\Temp\198R6EFIF\Bundle_FasterInternet.exe|Name=C57849902|Desc=Allow|EmbedCtxt=@C:\Users\Anthony\AppData\Local\Temp\198R6EFIF\Bundle_FasterInternet.exe,-10000| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1460A0EE-6F13-4BEB-BD7E-8B86257D700A} : v2.26|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Anthony\AppData\Local\57849902.exe|Name=A57849902|Desc=Allow|EmbedCtxt=@C:\Users\Anthony\AppData\Local\57849902.exe,-10000| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2D428EFC-519B-4B99-9033-1C1215277BAC} : v2.26|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Anthony\AppData\Local\sc37627074.exe|Name=DW57849902|Desc=Allow|EmbedCtxt=@C:\Users\Anthony\AppData\Local\sc37627074.exe,-10000| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F194EC70-F1EC-4283-AB3B-5C166DB9AB31} : v2.26|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Anthony\AppData\Local\ddnow.exe|Name=now45|Desc=Allow internet|EmbedCtxt=@C:\Users\Anthony\AppData\Local\ddnow.exe,-10000| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D4670FAE-9E5A-47FE-8FF2-A0643E1EFA86} : v2.26|Action=Allow|Active=TRUE|Dir=Out|App=C:\WINDOWS\dubliners.exe|Name=xiaoping|Desc=Allow|EmbedCtxt=@C:\WINDOWS\dubliners.exe,-10000| [x] -> Deleted ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 10 ¤¤¤ [PUP.Gen0][File] C:\Users\Anthony\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G?ogl? Chrome.lnk [LNK@] C:\Users\Anthony\AppData\Roaming\Browsers\exe.emorhc.bat -> Deleted [PUP.Gen0][File] C:\Users\Anthony\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\G?ogl? ?hr?m?.lnk [LNK@] C:\Users\Anthony\AppData\Roaming\Browsers\exe.emorhc.bat -> Deleted [PUP.Gen0][File] C:\Users\Anthony\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\G??gle ?hrom?.lnk [LNK@] C:\Users\Anthony\AppData\Roaming\Browsers\exe.emorhc.bat -> Deleted [PUP.Gen0][File] C:\Users\Anthony\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\G??gl? ?hrom?.lnk [LNK@] C:\Users\Anthony\AppData\Roaming\Browsers\exe.emorhc.bat -> Deleted [Root.Wajam][File] C:\Windows\System32\drivers\50356d9baf2786242a5fe0774c5c9e4b.sys -> Deleted [Root.Wajam][File] C:\Windows\System32\drivers\81183e121caa8122d7b19964fc3bfb53.sys -> Deleted [PUP.uTorrentAds][File] C:\Users\Anthony\AppData\Roaming\uTorrent\updates\3.4.8_42576\utorrentie.exe -> Deleted [PUP.uTorrentAds][File] C:\Users\Anthony\AppData\Roaming\uTorrent\updates\3.5.1_44332\utorrentie.exe -> Deleted [PUP.Gen0][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G?ogl? ?hr?m?.lnk [LNK@] C:\Users\Anthony\AppData\Roaming\Browsers\exe.emorhc.bat -> Deleted [PUP.Gen0][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Parkitect [GOG.com]\?arkit?ct.lnk [LNK@] C:\Users\Anthony\AppData\Roaming\Browsers\exe.rehcnual.bat -> Deleted ¤¤¤ WMI : 0 ¤¤¤
  4. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 1/27/18 Scan Time: 1:55 PM Log File: 09f11a70-039c-11e8-b4a5-ac2b6ea1d6c2.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.262 Update Package Version: 1.0.3803 License: Trial -System Information- OS: Windows 10 (Build 14393.576) CPU: x64 File System: NTFS User: DESKTOP-3CG8ISG\Anthony -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 304054 Threats Detected: 102 Threats Quarantined: 102 Time Elapsed: 1 min, 50 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 54 PUP.Optional.VCore, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft\Windows\Media Center\VCore, Quarantined, [6916], [381907],1.0.3803 PUP.Optional.VCore, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{109DF73F-CBC8-408D-A98B-75CF27E0EAA9}, Quarantined, [6916], [381907],1.0.3803 PUP.Optional.VCore, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{109DF73F-CBC8-408D-A98B-75CF27E0EAA9}, Quarantined, [6916], [381907],1.0.3803 PUP.Optional.PSScriptLoad.ACMB3, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{05ED81BF-B246-3614-E719-5BFCF1E55BAA}, Quarantined, [5026], [-1],0.0.0 PUP.Optional.PSScriptLoad.ACMB3, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA4FF323-3CDA-4C74-A95D-7DE28A659975}, Quarantined, [5026], [-1],0.0.0 PUP.Optional.PSScriptLoad.ACMB3, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA4FF323-3CDA-4C74-A95D-7DE28A659975}, Quarantined, [5026], [-1],0.0.0 PUP.Optional.PSScriptLoad.ACMB3, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0EBCEC91-B917-5B3A-A979-70179E07EC83}, Quarantined, [5026], [-1],0.0.0 PUP.Optional.PSScriptLoad.ACMB3, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9AD2B577-F452-46F3-8B3D-CEFD402B6FA3}, Quarantined, [5026], [-1],0.0.0 PUP.Optional.PSScriptLoad.ACMB3, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9AD2B577-F452-46F3-8B3D-CEFD402B6FA3}, Quarantined, [5026], [-1],0.0.0 PUP.Optional.PSScriptLoad.ACMB3, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{64086729-D3A3-D082-EF43-38F9F5611350}, Quarantined, [5026], [-1],0.0.0 PUP.Optional.PSScriptLoad.ACMB3, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2CBD2297-A91C-48B4-B17D-6D3A1F8AF37D}, Quarantined, [5026], [-1],0.0.0 PUP.Optional.PSScriptLoad.ACMB3, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2CBD2297-A91C-48B4-B17D-6D3A1F8AF37D}, Quarantined, [5026], [-1],0.0.0 PUP.Optional.PSScriptLoad.ACMB3, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6C66642F-DBCD-D384-B277-2FCA5B634F80}, Quarantined, [5026], [-1],0.0.0 PUP.Optional.PSScriptLoad.ACMB3, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{047C343A-5543-47F5-9E05-9F270F979727}, Quarantined, [5026], [-1],0.0.0 PUP.Optional.PSScriptLoad.ACMB3, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{047C343A-5543-47F5-9E05-9F270F979727}, Quarantined, [5026], [-1],0.0.0 PUP.Optional.PSScriptLoad.ACMB3, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{88CDB025-3F66-078E-0120-381E16963C55}, Quarantined, [5026], [-1],0.0.0 PUP.Optional.PSScriptLoad.ACMB3, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17C579F7-7AD8-45E1-BC84-08893D0247FF}, Quarantined, [5026], [-1],0.0.0 PUP.Optional.PSScriptLoad.ACMB3, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{17C579F7-7AD8-45E1-BC84-08893D0247FF}, Quarantined, [5026], [-1],0.0.0 PUP.Optional.PSScriptLoad.ACMB3, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AE48C553-19E3-72F8-AB26-62FE4C779FC7}, Quarantined, [5026], [-1],0.0.0 PUP.Optional.PSScriptLoad.ACMB3, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39F17520-B41B-4E6C-92E0-C0CEA6ECF70C}, Quarantined, [5026], [-1],0.0.0 PUP.Optional.PSScriptLoad.ACMB3, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{39F17520-B41B-4E6C-92E0-C0CEA6ECF70C}, Quarantined, [5026], [-1],0.0.0 PUP.Optional.PSScriptLoad.ACMB3, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B13A36AC-0691-8107-7335-5C54D0710748}, Quarantined, [5026], [-1],0.0.0 PUP.Optional.PSScriptLoad.ACMB3, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F84BA5F3-5183-471B-8A73-FDCDFCEC9069}, Quarantined, [5026], [-1],0.0.0 PUP.Optional.PSScriptLoad.ACMB3, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F84BA5F3-5183-471B-8A73-FDCDFCEC9069}, Quarantined, [5026], [-1],0.0.0 PUP.Optional.PSScriptLoad.ACMB3, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\27d2e11e4f96f0fe9d807a046f465fa4, Quarantined, [5026], [-1],0.0.0 PUP.Optional.PSScriptLoad.ACMB3, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{613E3DC4-97A5-4B61-9721-2E14B5E7C8A5}, Quarantined, [5026], [-1],0.0.0 PUP.Optional.PSScriptLoad.ACMB3, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{613E3DC4-97A5-4B61-9721-2E14B5E7C8A5}, Quarantined, [5026], [-1],0.0.0 PUP.Optional.PSScriptLoad.ACMB3, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\f4b67b5fa46ac782358ef87af8cb109f, Quarantined, [5026], [-1],0.0.0 PUP.Optional.PSScriptLoad.ACMB3, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B5FDCB6-455A-4F56-AFE8-E4344F869F75}, Quarantined, [5026], [-1],0.0.0 PUP.Optional.PSScriptLoad.ACMB3, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{5B5FDCB6-455A-4F56-AFE8-E4344F869F75}, Quarantined, [5026], [-1],0.0.0 PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_SVCHOST.EXE, Quarantined, [5026], [425124],1.0.3803 PUP.Optional.AdvancePCCare, HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\SOFTWARE\EFIXMYPC.COM\Advance-PC-Care, Quarantined, [4798], [478153],1.0.3803 PUP.Optional.FixIt, HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\SOFTWARE\FIX IT, Quarantined, [582], [339695],1.0.3803 PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\CONSOLE\TASKENG.EXE, Quarantined, [5026], [425125],1.0.3803 PUP.Optional.Wajam, HKU\S-1-5-18\SOFTWARE\WajIEnhance, Quarantined, [71], [244670],1.0.3803 PUP.Optional.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarantined, [71], [-1],0.0.0 PUP.Optional.CloudScout, HKLM\SOFTWARE\WOW6432NODE\5da059a482fd494db3f252126fbc3d5b, Quarantined, [9315], [246387],1.0.3803 PUP.Optional.TweakBit, HKLM\SOFTWARE\WOW6432NODE\TweakBit, Quarantined, [1096], [349178],1.0.3803 PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\PCSUSpeedTest_RASAPI32, Quarantined, [5727], [246229],1.0.3803 PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\PCSUSpeedTest_RASMANCS, Quarantined, [5727], [246229],1.0.3803 PUP.Optional.WindowService, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\realtek_amd64_RASAPI32, Quarantined, [594], [388264],1.0.3803 PUP.Optional.CloudScout, HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b, Quarantined, [9315], [246387],1.0.3803 PUP.Optional.WindowService, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\realtek_amd64_RASMANCS, Quarantined, [594], [388264],1.0.3803 PUP.Optional.HDWallPaper, HKLM\SOFTWARE\HDWallpaper, Quarantined, [97], [404734],1.0.3803 PUP.Optional.TweakBit, HKLM\SOFTWARE\WOW6432NODE\TWEAKBIT\ATUpdaters, Quarantined, [1096], [244298],1.0.3803 PUP.Optional.TweakBit, HKLM\SOFTWARE\WOW6432NODE\TWEAKBIT\Driver Updater, Quarantined, [1096], [335588],1.0.3803 PUP.Optional.AdvancePCCare, HKLM\SOFTWARE\PCV-VAR, Quarantined, [4798], [478156],1.0.3803 PUP.Optional.AdvancePCCare, HKLM\SOFTWARE\EFIXMYPC.COM\Advance-PC-Care, Quarantined, [4798], [478154],1.0.3803 PUP.Optional.TweakBit, HKLM\SOFTWARE\WOW6432NODE\TWEAKBIT\DRIVER UPDATER\1.x, Quarantined, [1096], [330452],1.0.3803 PUP.Optional.PCSpeedUp, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PCSUUCDRV, Quarantined, [5727], [241622],1.0.3803 PUP.Optional.WindowService, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowService, Quarantined, [594], [391768],1.0.3803 PUP.Optional.Wajam, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Quarantined, [71], [170024],1.0.3803 PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Quarantined, [71], [170024],1.0.3803 PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Quarantined, [71], [170024],1.0.3803 Registry Value: 15 PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Quarantined, [207], [-1],0.0.0 PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Quarantined, [207], [-1],0.0.0 PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\ENVIRONMENT|SNF, Quarantined, [207], [-1],0.0.0 PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_WINDOWSPOWERSHELL_V1.0_POWERSHELL.EXE|WINDOWPOSITION, Quarantined, [5026], [425126],1.0.3803 PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_SVCHOST.EXE|WINDOWPOSITION, Quarantined, [5026], [425124],1.0.3803 PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\ENVIRONMENT|SNF, Quarantined, [207], [259517],1.0.3803 PUP.Optional.FixIt, HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\SOFTWARE\FIX IT|PURCHASELINK, Quarantined, [582], [339695],1.0.3803 PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|DEFAULT, Quarantined, [207], [259988],1.0.3803 PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\CONSOLE\TASKENG.EXE|WINDOWPOSITION, Quarantined, [5026], [425125],1.0.3803 PUP.Optional.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [71], [-1],0.0.0 PUP.Optional.Wajam, HKU\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [71], [-1],0.0.0 PUP.Optional.Wajam, HKU\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [71], [-1],0.0.0 PUP.Optional.Wajam, HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [71], [-1],0.0.0 PUP.Optional.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [71], [-1],0.0.0 PUP.Optional.AdvancePCCare, HKLM\SOFTWARE\PCV-VAR|PHONE, Quarantined, [4798], [478156],1.0.3803 Registry Data: 2 PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-2947238692-4134140855-3129986921-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|DEFAULT_SEARCH_URL, Replaced, [207], [293486],1.0.3803 PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DEFAULTSCOPE, Replaced, [283], [293477],1.0.3803 Data Stream: 0 (No malicious items detected) Folder: 10 PUP.Optional.NoteUp, C:\USERS\ANTHONY\APPDATA\ROAMING\NOTE-UP, Quarantined, [2576], [246759],1.0.3803 PUP.Optional.TweakBit, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\TWEAKBIT\DRIVER UPDATER, Quarantined, [1096], [330445],1.0.3803 PUP.Optional.Browsers, C:\USERS\ANTHONY\APPDATA\ROAMING\SPI, Quarantined, [2627], [372176],1.0.3803 PUP.Optional.TweakBit, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\TWEAKBIT, Quarantined, [1096], [349172],1.0.3803 PUP.Optional.GeoLocator, C:\USERS\ANTHONY\APPDATA\LOCAL\GEOLOCATOR, Quarantined, [2022], [349479],1.0.3803 PUP.Optional.InterStat, C:\Users\Anthony\AppData\Local\CrashRpt\UnsentCrashReports\Interstatnogui_357\Logs, Quarantined, [1339], [373566],1.0.3803 PUP.Optional.InterStat, C:\USERS\ANTHONY\APPDATA\LOCAL\CRASHRPT\UNSENTCRASHREPORTS\Interstatnogui_357, Quarantined, [1339], [373566],1.0.3803 PUP.Optional.InterStat, C:\Users\Anthony\AppData\Local\CrashRpt\UnsentCrashReports\Interstatnogui_372\Logs, Quarantined, [1339], [373566],1.0.3803 PUP.Optional.InterStat, C:\USERS\ANTHONY\APPDATA\LOCAL\CRASHRPT\UNSENTCRASHREPORTS\Interstatnogui_372, Quarantined, [1339], [373566],1.0.3803 PUP.Optional.AdvancePCCare, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\Advance-PC-Care, Quarantined, [4798], [478150],1.0.3803 File: 21 PUP.Optional.NoteUp, C:\USERS\ANTHONY\APPDATA\ROAMING\NOTE-UP\NOTE-UP.DB, Quarantined, [2576], [246759],1.0.3803 PUP.Optional.Linkury.ACMB1, C:\WINDOWS\SYSWOW64\FINDIT.XML, Quarantined, [207], [259512],1.0.3803 PUP.Optional.TweakBit, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\TWEAKBIT\DRIVER UPDATER\TWEAKBIT DRIVER UPDATER.LNK, Quarantined, [1096], [330445],1.0.3803 PUP.Optional.TweakBit, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakBit\Driver Updater\TweakBit Driver Updater on the Web.url, Quarantined, [1096], [330445],1.0.3803 PUP.Optional.Browsers, C:\USERS\ANTHONY\APPDATA\ROAMING\SPI\FF.ICO, Quarantined, [2627], [372176],1.0.3803 PUP.Optional.Browsers, C:\Users\Anthony\AppData\Roaming\SPI\amig.ico, Quarantined, [2627], [372176],1.0.3803 PUP.Optional.Browsers, C:\Users\Anthony\AppData\Roaming\SPI\ch.ico, Quarantined, [2627], [372176],1.0.3803 PUP.Optional.Browsers, C:\Users\Anthony\AppData\Roaming\SPI\ie.ico, Quarantined, [2627], [372176],1.0.3803 PUP.Optional.Browsers, C:\Users\Anthony\AppData\Roaming\SPI\kom.ico, Quarantined, [2627], [372176],1.0.3803 PUP.Optional.Browsers, C:\Users\Anthony\AppData\Roaming\SPI\op.ico, Quarantined, [2627], [372176],1.0.3803 PUP.Optional.Browsers, C:\Users\Anthony\AppData\Roaming\SPI\op12.ico, Quarantined, [2627], [372176],1.0.3803 PUP.Optional.Browsers, C:\Users\Anthony\AppData\Roaming\SPI\ya.ico, Quarantined, [2627], [372176],1.0.3803 PUP.Optional.Booking, C:\USERS\ANTHONY\APPDATA\ROAMING\BOOKING.ICO, Quarantined, [370], [362374],1.0.3803 PUP.Optional.VCore, C:\WINDOWS\SYSTEM32\TASKS\MICROSOFT\WINDOWS\MEDIA CENTER\VCORE, Quarantined, [6916], [381907],1.0.3803 PUP.Optional.PSScriptLoad.ACMB3, C:\WINDOWS\SYSTEM32\TASKS\27d2e11e4f96f0fe9d807a046f465fa4, Quarantined, [5026], [-1],0.0.0 PUP.Optional.PSScriptLoad.ACMB3, C:\WINDOWS\SYSTEM32\TASKS\f4b67b5fa46ac782358ef87af8cb109f, Quarantined, [5026], [-1],0.0.0 PUP.Optional.GeoLocator, C:\Users\Anthony\AppData\Local\GeoLocator\unins000.dat, Quarantined, [2022], [349479],1.0.3803 PUP.Optional.InterStat, C:\Users\Anthony\AppData\Local\CrashRpt\UnsentCrashReports\Interstatnogui_357\Logs\CrashRpt-Log-20170109-123452-{a02d6d5a-08a8-453f-aaae-61ab73955467}.txt, Quarantined, [1339], [373566],1.0.3803 PUP.Optional.InterStat, C:\Users\Anthony\AppData\Local\CrashRpt\UnsentCrashReports\Interstatnogui_372\Logs\CrashRpt-Log-20170109-123524-{508b5c76-10ce-4c9b-92cb-836b81ad223c}.txt, Quarantined, [1339], [373566],1.0.3803 PUP.Optional.AdvancePCCare, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advance-PC-Care\Advance-PC-Care.lnk, Quarantined, [4798], [478150],1.0.3803 PUP.Optional.AdvancePCCare, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advance-PC-Care\Buy Advance-PC-Care.lnk, Quarantined, [4798], [478150],1.0.3803 Physical Sector: 0 (No malicious items detected) (end)
  5. Thanks for the help Aura! Here's the content of the log. Fix result of Farbar Recovery Scan Tool (x64) Version: 21.01.2018 Ran by Anthony (26-01-2018 18:14:38) Run:1 Running from C:\Users\Anthony\Downloads Loaded Profiles: Anthony (Available Profiles: Anthony & Administrator) Boot Mode: Normal ============================================== fixlist content: ***************** CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes CMD: bcdedit.exe /set {default} recoveryenabled yes ***************** ========= bcdedit.exe /set {bootmgr} displaybootmenu yes ========= The operation completed successfully. ========= End of CMD: ========= ========= bcdedit.exe /set {default} recoveryenabled yes ========= The operation completed successfully. ========= End of CMD: ========= ==== End of Fixlog 18:14:38 ====
  6. Hello, I have had a pretty nasty virus installed on my computer for a few weeks now. I've managed to sniff out and get rid of a lot of it, but this Windows Process Manager (32 bit) program keeps running in the background on my device. I have tried to find the location of the virus in my computer, but I am blocked from accessing the folders that contain the files for the virus. If anyone could give any help or tips on how to tackle this that would be greatly appreciated. Thanks P.S.: I have attached the FRST and Addition .txt files in this post if anyone finds them helpful for tackling this problem FRST.txt Addition.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.