GRAYZONE

You can close this thread. BIG Thank You for helping me out # DelFix v1.013 - Logfile created 22/10/2018 at 17:06:09 # Updated 17/04/2016 by Xplode # Username : Pedro Sampaio - DESKTOP-0UP662D # Operating System : Windows 10 Home (64 bits) ~ Activating UAC ... OK ~ Removing disinfection tools ... Deleted : C:\FRST Deleted : C:\AdwCleaner Deleted : C:\Users\Pedro Sampaio\Desktop\Addition.txt Deleted : C:\Users\Pedro Sampaio\Desktop\Fixlog.txt Deleted : C:\Users\Pedro Sampaio\Desktop\FRST.txt Deleted : C:\Users\Pedro Sampaio\Desktop\FRST64.exe ~ Creating registry backup ... OK ~ Cleaning system restore ... Deleted : RP #37 [Ponto de Verificação Agendado | 10/21/2018 13:56:38] New restore point created ! ~ Resetting system settings ... OK ########## - EOF - ##########

Can i remove FRST? And how? Thanks

No, that was it.

Hello. Everything seems good. Thank You! What should I do now?

Hi. I uninstalled McAfee Web Advisor and the cmd.exe prompt doesn't appear anymore. Also did a clean install of Google Chrome and installed uBlock Origin. Everything seems fine i need to navigate more on the web to see if the block message for pt-gmtdmp.mookie1.com doesn't appear anymore. I will get back to you in 1 or 2 days or until the message pops again. Should I do something meanwhile? Thanks

Hi. Thank You for the help so far Sent you a private message.

Hi is this something serious? Should I be worried? I don't know is malwarebytes stil blocks pt-gmtdmp.mookie1.com and as far as i can tell Google Chrome still opens a cmd.exe is this normal? I attached and img showing Google Chrome.

Fix result of Farbar Recovery Scan Tool (x64) Version: 10.10.2018 Ran by Pedro Sampaio (17-10-2018 22:39:53) Run:1 Running from C:\Users\Pedro Sampaio\Desktop Loaded Profiles: Pedro Sampaio (Available Profiles: Pedro Sampaio) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: GroupPolicy: Restriction ? <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee_uninternational&type=D214PT885G0&p={searchTerms} CHR DefaultSearchKeyword: Default -> mcafee CustomCLSID: HKU\S-1-5-21-1151554043-3396621615-2490621339-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-ED8F39FABF1E}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File Task: {975A70DD-2058-42E0-B5A2-EEE4EC194702} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION HKU\S-1-5-21-1151554043-3396621615-2490621339-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_1EF5347771B5A514E73ECADBE82697FD" EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully HKLM\SOFTWARE\Policies\Google => removed successfully HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully "Chrome DefaultSearchURL" => removed successfully "Chrome DefaultSearchKeyword" => removed successfully HKU\S-1-5-21-1151554043-3396621615-2490621339-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-ED8F39FABF1E} => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{975A70DD-2058-42E0-B5A2-EEE4EC194702}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{975A70DD-2058-42E0-B5A2-EEE4EC194702}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found "HKU\S-1-5-21-1151554043-3396621615-2490621339-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\GoogleChromeAutoLaunch_1EF5347771B5A514E73ECADBE82697FD" => removed successfully "HKU\S-1-5-21-1151554043-3396621615-2490621339-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_1EF5347771B5A514E73ECADBE82697FD" => not found =========== EmptyTemp: ========== BITS transfer queue => 9199616 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 346392994 B Java, Flash, Steam htmlcache => 408994918 B Windows/system/drivers => 5169508 B Edge => 2517950 B Chrome => 408492671 B Firefox => 27058872 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 3626 B LocalService => 0 B NetworkService => 0 B NetworkService => 0 B Pedro Sampaio => 13196592 B RecycleBin => 391692 B EmptyTemp: => 1.1 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 22:41:31 ====

Hi here are the logs. I don't know if I am missing something if I am please tell me. Thank you Addition.txt FRST.txt Malwarebytes.txt

Also: Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 10/12/18 Protection Event Time: 7:51 PM Log File: e49432b0-ce4f-11e8-aa13-3497f67f55ba.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.463 Update Package Version: 1.0.7319 License: Trial -System Information- OS: Windows 10 (Build 17134.345) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Category: Trojan Domain: pt-gmtdmp.mookie1.com IP Address: 18.185.171.83 Port: [52008] Type: Outbound File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (end) Multiple logs happened at the same time they all look the same on both occasions. Thanks in advance

Also when I start Google Chrome a hidden window of cmd.exe opens. Need Help. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 10/15/18 Protection Event Time: 7:07 PM Log File: 294d7374-d0a5-11e8-ba05-3497f67f55ba.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.463 Update Package Version: 1.0.7365 License: Trial -System Information- OS: Windows 10 (Build 17134.345) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Category: Trojan Domain: pt-gmtdmp.mookie1.com IP Address: 18.185.171.83 Port: [54416] Type: Outbound File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (end)