Jump to content

MattyBlay

Members
  • Posts

    8
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Here ya go Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018 Ran by Matty (12-04-2018 20:29:16) Run:1 Running from C:\Users\Matty\Documents Loaded Profiles: Matty (Available Profiles: defaultuser0 & Matty & Administrator) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: Folder: C:\USERS\MATTY\APPDATA\LOCAL\ADOBE Folder: C:\Users\Matty\AppData\Local\uTorrent HKU\S-1-5-21-2766406951-2358876014-240483687-1001\...\RunOnce: [Application Restart #1] => C:\Users\Matty\AppData\Local\Vivaldi\Application\vivaldi.exe [921720 2017-06-21] (Vivaldi Technologies AS) HKU\S-1-5-21-2766406951-2358876014-240483687-1001\...\RunOnce: [Application Restart #0] => C:\Users\Matty\AppData\Local\Vivaldi\Application\vivaldi.exe [921720 2017-06-21] (Vivaldi Technologies AS) S2 a43f7eceaf48762e8e45f8af30279334; "C:\Program Files\a43f7eceaf48762e8e45f8af30279334\37f7a949f4a43f143323d36da1b3fcad.exe" [X] Task: {2A924FD6-3FC0-48E7-9D8D-6B09F0E7E7F7} - System32\Tasks\{3110C9B6-D729-9846-56BA-53939BF12A8A} => C:\Users\Matty\AppData\Roaming\Euso.exe [1624-02-24] (Microsoft Corporation) <==== ATTENTION Task: {9D1359C6-70F3-4158-955E-E5A24E084CAA} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {FB310302-8E79-4BF5-92E7-2FC358A006A2} - System32\Tasks\{1F414DB7-00AD-41DF-3E37-440215E6BE88} => C:\Users\Matty\AppData\Roaming\HdudhIlJBAu.exe [1624-02-24] (Microsoft Corporation) <==== ATTENTION AlternateDataStreams: C:\Users\Public\AppData:CSM [478] FirewallRules: [{B90D7E91-2C38-492F-A3BB-F0A4599BD7DB}] => (Allow) C:\WINDOWS\SysWOW64\msiexec.exe FirewallRules: [{33799184-8655-40F5-821B-0B62ABB24115}] => (Allow) C:\Users\Matty\AppData\Roaming\HdudhIlJBAu.exe FirewallRules: [{43CBDC0E-0EB9-405A-B801-A686EFA20997}] => (Allow) C:\Users\Matty\AppData\Roaming\Euso.exe C:\82ace7d6-0197-474d-bf4b-a2043e72329b C:\Program Files (x86)\letyshops Company C:\Program Files\a43f7eceaf48762e8e45f8af30279334 C:\Users\Matty\AppData\Local\updater.log C:\Users\Matty\AppData\Local\UserProducts.xml C:\Users\Matty\AppData\Local\wbem.ini C:\Users\Matty\AppData\Roaming\Euso.exe C:\Users\Matty\AppData\Roaming\HdudhIlJBAu.exe C:\Users\Matty\AppData\Roaming\IVIxIII.exe C:\WINDOWS\SysWOW64\conhost64.exe EmptyTemp: ***************** Processes closed successfully. Error: (0) Failed to create a restore point. ========================= Folder: C:\USERS\MATTY\APPDATA\LOCAL\ADOBE ======================== ====== End of Folder: ====== ========================= Folder: C:\Users\Matty\AppData\Local\uTorrent ======================== ====== End of Folder: ====== "HKU\S-1-5-21-2766406951-2358876014-240483687-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #1" => not found "HKU\S-1-5-21-2766406951-2358876014-240483687-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #0" => not found "HKLM\System\CurrentControlSet\Services\a43f7eceaf48762e8e45f8af30279334" => removed successfully a43f7eceaf48762e8e45f8af30279334 => service removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2A924FD6-3FC0-48E7-9D8D-6B09F0E7E7F7}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A924FD6-3FC0-48E7-9D8D-6B09F0E7E7F7}" => removed successfully C:\WINDOWS\System32\Tasks\{3110C9B6-D729-9846-56BA-53939BF12A8A} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3110C9B6-D729-9846-56BA-53939BF12A8A}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9D1359C6-70F3-4158-955E-E5A24E084CAA}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D1359C6-70F3-4158-955E-E5A24E084CAA}" => removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB310302-8E79-4BF5-92E7-2FC358A006A2}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB310302-8E79-4BF5-92E7-2FC358A006A2}" => removed successfully C:\WINDOWS\System32\Tasks\{1F414DB7-00AD-41DF-3E37-440215E6BE88} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1F414DB7-00AD-41DF-3E37-440215E6BE88}" => removed successfully C:\Users\Public\AppData => ":CSM" ADS removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B90D7E91-2C38-492F-A3BB-F0A4599BD7DB}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{33799184-8655-40F5-821B-0B62ABB24115}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{43CBDC0E-0EB9-405A-B801-A686EFA20997}" => removed successfully C:\82ace7d6-0197-474d-bf4b-a2043e72329b => moved successfully C:\Program Files (x86)\letyshops Company => moved successfully "C:\Program Files\a43f7eceaf48762e8e45f8af30279334" => not found C:\Users\Matty\AppData\Local\updater.log => moved successfully C:\Users\Matty\AppData\Local\UserProducts.xml => moved successfully C:\Users\Matty\AppData\Local\wbem.ini => moved successfully C:\Users\Matty\AppData\Roaming\Euso.exe => moved successfully C:\Users\Matty\AppData\Roaming\HdudhIlJBAu.exe => moved successfully C:\Users\Matty\AppData\Roaming\IVIxIII.exe => moved successfully C:\WINDOWS\SysWOW64\conhost64.exe => moved successfully =========== EmptyTemp: ========== BITS transfer queue => 9723904 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 196891462 B Java, Flash, Steam htmlcache => 63133693 B Windows/system/drivers => 6079521 B Edge => 4209142 B Chrome => 191810794 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 15693 B LocalService => 69632 B NetworkService => 678956 B defaultuser0 => 0 B Matty => 1475297357 B Administrator => 9342 B RecycleBin => 95409708 B EmptyTemp: => 1.9 GB temporary data Removed. ================================ Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 12-04-2018 20:30:41) Result of scheduled keys to remove after reboot: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied. ==== End of Fixlog 20:30:41 ====
  2. I actually can't open the link, anything with FRST in the URL or webpage and the virus shuts my browser down. Edit: Restarted my PC and downloaded it, will post again with results
  3. Here you are, thank you for the reply oh boy.txt
  4. Hi, I managed to download a bitcoin miner while downloading mods for GTAV, and no matter how many times I scan using malwarebytes it won't go. After the system restart it persists and slows my PC down so much that it struggles with even CS:GO. I can't download FRST or RogueKiller because as soon as I type it in any browser, the browser closes as if the malware is closing it before I can use either tool to kill it. Please end my suffering lol
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.