Jump to content

OhNooo

Members
  • Content Count

    17
  • Joined

  • Last visited

About OhNooo

  • Rank
    New Member
  1. Sorry... Been away. Regarding the Google app, sometimes, it will only open for a split second - then I'd have to open in administrator mode. With Adobe and MS apps, they'd open but will immediately shut down - then I'd have to run in administrator mode.
  2. No unexpected pop-ups... Thank you! Any recommendations on why I must sometimes start certain MS and Adobe apps as well as Google Chrome in Run As Administrator mode? When acting up, they will otherwise not startup.
  3. Here's the fresh set of FRST logs. Also, I am attaching another Malwarebytes scan log which ran automatically early this morning, showing one threat. MalwarebytesScanLog 3.txt Addition.txt FRST.txt
  4. RogueKiller V12.12.16.0 (x64) [May 4 2018] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 10 (10.0.16299) 64 bits version Started in : Normal mode User : GM [Administrator] Started from : C:\Users\GM\Desktop\RogueKiller_portable64.exe Mode : Delete -- Date : 05/10/2018 13:49:13 (Duration : 00:59:30) ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 5 ¤¤¤ [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C3E29C60-C490-457D-AA86-730F1A67F674} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\GM\AppData\Local\Temp\7zSFA7F.tmp\SymNRT.exe|Name=Norton Removal Tool| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0A842306-3267-4DDD-AC30-5DEAD4A1E768} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\GM\AppData\Local\Temp\7zSFA7F.tmp\SymNRT.exe|Name=Norton Removal Tool| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5A0AD2E7-EAE7-42AC-8F9D-92888325A90B} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\GM\AppData\Local\Temp\7zS93C3.tmp\SymNRT.exe|Name=Norton Removal Tool| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1846F2A6-69FB-4603-8868-616247C982EB} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\GM\AppData\Local\Temp\7zS93C3.tmp\SymNRT.exe|Name=Norton Removal Tool| [x] -> Deleted [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {539A238B-A10F-45E5-AFC1-EAB409FCB497} : v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\GM\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe|Name=Microsoft SkyDrive| [x] -> Deleted ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 1 ¤¤¤ [PUM.SearchEngine][Firefox:Config] q0cxlv5j.default : user_pref("browser.search.selectedEngine", "Astromenda"); -> Deleted ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: HGST HTS541010A9E680 +++++ --- User --- [MBR] 8ee89295cde04a5eca1a27ec3405c3f5 [BSP] b3ec733883559d47c8fed21a44b1ebdb : Empty|VT.Unknown MBR Code Partition table: 0 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 2048 | Size: 1000 MB 1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2050048 | Size: 260 MB 2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 2582528 | Size: 128 MB 3 - Basic data partition | Offset (sectors): 2844672 | Size: 938632 MB 4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1925165056 | Size: 852 MB 5 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1926909952 | Size: 12995 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: SanDisk SSD U100 16GB +++++ --- User --- [MBR] 936d31612a6d15e4fd3773d84e59a92b [BSP] 1ac7034743c4421c0ecac01933c2812a : Empty|VT.Unknown MBR Code Partition table: 0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 15271 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive2: Ricoh SD Disk Device +++++ --- User --- [MBR] 2dd27a2bd9b0b305e974b4defc45b985 [BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code Partition table: 0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 8192 | Size: 15189 MB Error reading LL1 MBR! ([32] The request is not supported. ) Error reading LL2 MBR! ([32] The request is not supported. )
  5. Here are the AdwCleaner Log files. Now doing the RogueKiller. AdwCleaner[C00].txt AdwCleaner[S00].txt
  6. I ran the Malwarebytes scan and quarantined 40 threats just a day ago (see previous thread entry. Another scan ran last night and 9 more threats were found. I am attaching the log. Also, before contacting you, I uninstalled Astromenda which is still being mentioned in the log. What to do? MalwarebytesScanLog 2.txt
  7. Fix result of Farbar Recovery Scan Tool (x64) Version: 06.05.2018 01 Ran by GM (08-05-2018 16:10:22) Run:1 Running from C:\Users\GM\Downloads Loaded Profiles: GM (Available Profiles: GM & Administrator) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-4209092654-2951526481-3874925531-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com HKU\S-1-5-21-4209092654-2951526481-3874925531-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com SearchScopes: HKLM -> DefaultScope {0919F86A-816A-416D-98C0-606CEC51976F} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_frg01_14_49_ch&cd=2XzuyEtN2Y1L1Qzu0FzztB0F0Azz0Ezyzz0D0F0BzytC0FyDtN0D0Tzu0SzyyEzytN1L2XzutBtFtBtCtFtCzztFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0FyDyCyD0EzytDtGyCtA0FyEtGzz0A0D0DtGyBzzyByEtGtBzytAtC0D0CyE0E0B0CtCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtBtCtAtDtAtCyEtGyBtCtA0BtG0DyByEyCtGzy0BtB0EtGtAzy0E0E0CtBzytB0DyDtB0A2Q&cr=1889516719&ir= SearchScopes: HKLM -> {0919F86A-816A-416D-98C0-606CEC51976F} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_frg01_14_49_ch&cd=2XzuyEtN2Y1L1Qzu0FzztB0F0Azz0Ezyzz0D0F0BzytC0FyDtN0D0Tzu0SzyyEzytN1L2XzutBtFtBtCtFtCzztFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0FyDyCyD0EzytDtGyCtA0FyEtGzz0A0D0DtGyBzzyByEtGtBzytAtC0D0CyE0E0B0CtCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtBtCtAtDtAtCyEtGyBtCtA0BtG0DyByEyCtGzy0BtB0EtGtAzy0E0E0CtBzytB0DyDtB0A2Q&cr=1889516719&ir= SearchScopes: HKU\S-1-5-21-4209092654-2951526481-3874925531-1002 -> {0919F86A-816A-416D-98C0-606CEC51976F} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_frg01_14_49_ch&cd=2XzuyEtN2Y1L1Qzu0FzztB0F0Azz0Ezyzz0D0F0BzytC0FyDtN0D0Tzu0SzyyEzytN1L2XzutBtFtBtCtFtCzztFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0FyDyCyD0EzytDtGyCtA0FyEtGzz0A0D0DtGyBzzyByEtGtBzytAtC0D0CyE0E0B0CtCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtBtCtAtDtAtCyEtGyBtCtA0BtG0DyByEyCtGzy0BtB0EtGtAzy0E0E0CtBzytB0DyDtB0A2Q&cr=1889516719&ir= SearchScopes: HKU\S-1-5-21-4209092654-2951526481-3874925531-1002 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = SearchScopes: HKU\S-1-5-21-4209092654-2951526481-3874925531-1002 -> {A716FBAE-9FF1-487E-A222-BBEF2542B873} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default SearchScopes: HKU\S-1-5-21-4209092654-2951526481-3874925531-1002 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869 Toolbar: HKU\S-1-5-21-4209092654-2951526481-3874925531-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File CHR HKLM-x32\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx Task: {02F26B8A-E8A8-47B3-8D51-822D882824B8} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {0C136947-35A6-49C0-8011-79CAD87B34B3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {10A1CD08-AFDA-4CE7-8622-8FD6EE8906A1} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {1C285902-9B31-42D4-A66E-8F2B9613D84C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {2D9D166C-602B-4DA0-BE0D-D423DEB03B98} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {3DE2D54A-1012-4DEC-8221-3DE4046C6C1B} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {568C1970-6F7E-435F-AC41-6FF2E6D3928D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {6E9C85FE-4724-4BA7-9BD3-B26BFF1BA8FD} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {77B34C0B-73FD-4CE7-9120-7CF050BC2426} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {8D436769-20A7-4EDF-98F5-F4CAEC2599EF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {9DC0953A-A880-4E19-BE07-C1EC4CBD53E6} - System32\Tasks\WSE_Astromenda => C:\Users\GM\AppData\Roaming\WSE_Astromenda\UpdateProc\UpdateTask.exe [2014-08-06] () <==== ATTENTION Task: {B074025B-89E2-4F8F-BBE1-4BD55D177ED1} - System32\Tasks\{D35B519F-96B8-4F40-8BCF-E0C48FB3979C} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.7.0.102&LastError=404 Task: {E12CD71C-7704-4FEE-A6DE-7ACCACFA7E1F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {EE5D6167-4588-4EB3-BC15-A2F20DC7C94B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: C:\WINDOWS\Tasks\WSE_Astromenda.job => C:\Users\GM\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION AlternateDataStreams: C:\Windows:nlsPreferences [386] AlternateDataStreams: C:\Users\GM\My Images.lnk:com.dropbox.attributes [168] C:\Users\GM\AppData\Local\{6FFD59A1-4B55-3519-26CD-10F102A5EC69} C:\Users\GM\AppData\Local\dsisetup3627065312.exe C:\Users\GM\AppData\Local\dsisetup8526907652.exe C:\Users\GM\AppData\Local\t5eq2bnzbn C:\Users\GM\AppData\Roaming\WSE_Astromenda EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully HKU\S-1-5-21-4209092654-2951526481-3874925531-1002\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully "HKU\S-1-5-21-4209092654-2951526481-3874925531-1002\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages" => removed successfully HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0919F86A-816A-416D-98C0-606CEC51976F}" => removed successfully HKLM\Software\Classes\CLSID\{0919F86A-816A-416D-98C0-606CEC51976F} => not found "HKU\S-1-5-21-4209092654-2951526481-3874925531-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0919F86A-816A-416D-98C0-606CEC51976F}" => removed successfully HKLM\Software\Classes\CLSID\{0919F86A-816A-416D-98C0-606CEC51976F} => not found "HKU\S-1-5-21-4209092654-2951526481-3874925531-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => removed successfully HKLM\Software\Classes\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} => not found "HKU\S-1-5-21-4209092654-2951526481-3874925531-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A716FBAE-9FF1-487E-A222-BBEF2542B873}" => removed successfully HKLM\Software\Classes\CLSID\{A716FBAE-9FF1-487E-A222-BBEF2542B873} => not found "HKU\S-1-5-21-4209092654-2951526481-3874925531-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => removed successfully HKLM\Software\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => not found "HKU\S-1-5-21-4209092654-2951526481-3874925531-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => removed successfully "HKLM\Software\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => removed successfully "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nogdfjjfhknacchjpiccacoimeelkajb" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{02F26B8A-E8A8-47B3-8D51-822D882824B8}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02F26B8A-E8A8-47B3-8D51-822D882824B8}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C136947-35A6-49C0-8011-79CAD87B34B3}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C136947-35A6-49C0-8011-79CAD87B34B3}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{10A1CD08-AFDA-4CE7-8622-8FD6EE8906A1}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10A1CD08-AFDA-4CE7-8622-8FD6EE8906A1}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1C285902-9B31-42D4-A66E-8F2B9613D84C}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C285902-9B31-42D4-A66E-8F2B9613D84C}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2D9D166C-602B-4DA0-BE0D-D423DEB03B98}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D9D166C-602B-4DA0-BE0D-D423DEB03B98}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3DE2D54A-1012-4DEC-8221-3DE4046C6C1B}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3DE2D54A-1012-4DEC-8221-3DE4046C6C1B}" => removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{568C1970-6F7E-435F-AC41-6FF2E6D3928D}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{568C1970-6F7E-435F-AC41-6FF2E6D3928D}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6E9C85FE-4724-4BA7-9BD3-B26BFF1BA8FD}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E9C85FE-4724-4BA7-9BD3-B26BFF1BA8FD}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{77B34C0B-73FD-4CE7-9120-7CF050BC2426}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77B34C0B-73FD-4CE7-9120-7CF050BC2426}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D436769-20A7-4EDF-98F5-F4CAEC2599EF}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D436769-20A7-4EDF-98F5-F4CAEC2599EF}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9DC0953A-A880-4E19-BE07-C1EC4CBD53E6}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9DC0953A-A880-4E19-BE07-C1EC4CBD53E6}" => removed successfully C:\WINDOWS\System32\Tasks\WSE_Astromenda => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WSE_Astromenda" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B074025B-89E2-4F8F-BBE1-4BD55D177ED1}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B074025B-89E2-4F8F-BBE1-4BD55D177ED1}" => removed successfully C:\WINDOWS\System32\Tasks\{D35B519F-96B8-4F40-8BCF-E0C48FB3979C} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D35B519F-96B8-4F40-8BCF-E0C48FB3979C}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E12CD71C-7704-4FEE-A6DE-7ACCACFA7E1F}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E12CD71C-7704-4FEE-A6DE-7ACCACFA7E1F}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EE5D6167-4588-4EB3-BC15-A2F20DC7C94B}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE5D6167-4588-4EB3-BC15-A2F20DC7C94B}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully C:\WINDOWS\Tasks\WSE_Astromenda.job => moved successfully C:\Windows => ":nlsPreferences" ADS removed successfully C:\Users\GM\My Images.lnk => ":com.dropbox.attributes" ADS removed successfully C:\Users\GM\AppData\Local\{6FFD59A1-4B55-3519-26CD-10F102A5EC69} => moved successfully C:\Users\GM\AppData\Local\dsisetup3627065312.exe => moved successfully C:\Users\GM\AppData\Local\dsisetup8526907652.exe => moved successfully C:\Users\GM\AppData\Local\t5eq2bnzbn => moved successfully C:\Users\GM\AppData\Roaming\WSE_Astromenda => moved successfully =========== EmptyTemp: ========== BITS transfer queue => 8675328 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14630547 B Java, Flash, Steam htmlcache => 4483 B Windows/system/drivers => 9171295 B Edge => 6640607 B Chrome => 477405241 B Firefox => 358801239 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 10491373 B LocalService => 0 B NetworkService => 634190 B GM => 56506241 B Administrator => 12198 B RecycleBin => 4183802314 B EmptyTemp: => 4.8 GB temporary data Removed. ================================ Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 08-05-2018 16:16:18) Result of scheduled keys to remove after reboot: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied. ==== End of Fixlog 16:16:19 ====
  8. I hope this is what you are requesting, see attached. MalwarebytesScanLog.txt
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.