Jump to content

Recommended Posts

Hi there, I'm  new here but this virus has been irritating me for the last few days. I've downloaded HitmanPro, Emsisoft, and MalwareBytes and none have managed to remove this damn thing. It adds Windows Resource Manager and is taking up way too many resources. I also get redirected to bing despite my default search engine being google with some times clicking pages im already on leads me to something called Reimage. There's 2 process that are random letters that I've seen before when I've gotten viruses before. The iaetcvlsvc.exe is an interesting one as I can't seem to find any record of it online but igfxmtc.exe seems to be a common one. Can someone please help me? I've also included all the logs I've gotten so far on mbar.

Random Lettered stuff.png

Windows Process Manager.png

mbar-log-2017-12-22 (00-31-02).txt

mbar-log-2017-12-22 (11-42-54).txt

mbar-log-2017-12-22 (12-56-42).txt

mbar-log-2017-12-22 (13-00-48).txt

Link to post
Share on other sites

Just now, kevinf80 said:

Hello CrimsonNyte and welcome to Malwarebytes,

From your information you have smartservice infection, do you have a USB flash drive size  4GB or above, also access to another PC.... if so what version of windows is on spare PC.

Thanks,

Kevin....

 

Hi Kevin,

Thank you for responding. I do have an external harddrive that' well over 4gb and my spare pc runs windows 7 but the infected pc runs on Windows 10

Link to post
Share on other sites

Yes USB stick is what we need.....

 

Boot up your spare PC plug in the flash drive and carry out quick format option...

Next,

On that same PC downoad and save FRST to same Flash drive, make sure to get the correct version, if you are unsure d/l and save both, only the correct one will run. Do not plug Flash Drive into sick PC until booted to Recovery Environment.

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

Next,

Boot sick PC to Recovery Environment, if you are unsure of that action have a read at the following link, maybe bookmark for future reference...

https://www.tenforums.com/tutorials/2294-boot-advanced-startup-options-windows-10-a.html

Next,

From the Windows 10 Tutorial you should get access to the Advanced Startup Options at boot for Windows 10

user posted image


From that window select "Troubleshoot"


user posted image


From the next window select "Advance Options"


user posted image


From that Window select "Command Prompt"

Ensure to plug the flash drive into a USB port... You should now be in Recovery Environment with the Command Prompt Window open......

Continue with the following:
 
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" or "My PC" and find your flash drive letter and close the notepad.
  • In the command window type E:\frst64 or E:\frst depending on your version. Press Enter Note: Replace letter E with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


Next,

Boot the sick PC back to normal mode and run the following:

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.



Let me see those logs in your reply...

Thanks,

Kevin

 

Link to post
Share on other sites

The version of FRST64.exe that you used in the Recovery Environment is outdated, that version does not deal with smartservice infection.... You will need to format that flash drive again on a spare PC, load FRST64.exe, make sure it is new version...

Boot the sick PC to recovery environment and run the scans again...

Link to post
Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Open Malwarebytes Anti-Malware.
 
  • On the Settings tab > Protection Scroll to and make sure the following are selected:
    Scan for Rootkits
    Scan within Archives
     
  • Scroll further to Potential Threat Protection make sure the following are set as follows:
    Potentially Unwanted Programs (PUP`s) set as :- Always detect PUP`s (recommended)
    Potentially Unwanted Modifications (PUM`s) set as :- Alwaysdetect PUM`s (recommended)
     
  • Click on the Scan make sure Threat Scan is selected,
  • A Threat Scan will begin.
  • When the scan is complete if anything is found make sure that the first checkbox at the top is checked (that will automatically check all detected items), then click on the Quarantine Selected Tab
  • If asked to restart your computer to complete the removal, please do so
  • When complete click on Export Summary after deletion (bottom-left corner) and select Copy to Clipboard.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more to retrieve the log.


To get the log from Malwarebytes do the following:
 
  • Click on the Reports tab > from main interface.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select user posted imageRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Next,

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

https://www.microsoft.com/en-gb/download/malicious-software-removal-tool-details.aspx


Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.


Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.



Let me see those logs, also let me know if there are any remaining issues or concerns...

Thank you,

Kevin...

 

 

fixlist.txt

Link to post
Share on other sites

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/26/17
Scan Time: 12:59 AM
Log File: edeb449e-ea01-11e7-9b77-d8cb8a506eab.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3562
License: Trial

-System Information-
OS: Windows 10 (Build 16299.125)
CPU: x64
File System: NTFS
User: GODMACHINE1\Ant

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 334523
Threats Detected: 33
Threats Quarantined: 33
Time Elapsed: 16 min, 2 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 15
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-1722359170-470532309-3725313330-1000\CONSOLE\%SYSTEMROOT%_SYSTEM32_SVCHOST.EXE, Quarantined, [5111], [425124],1.0.3562
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-1722359170-470532309-3725313330-1000\CONSOLE\TASKENG.EXE, Quarantined, [5111], [425125],1.0.3562
PUP.Optional.NeoBar.ChrPRST, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\E3605470-291B-44EB-8648-745EE356599A, Quarantined, [1294], [396225],1.0.3562
PUP.Optional.AdLoad, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{1CB6613E-B1FA-4C76-AFCD-03E611DEBB02}, Quarantined, [568], [313434],1.0.3562
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B3A2F4F3-76BC-44F9-AE58-FE658023109C}, Quarantined, [931], [459339],1.0.3562
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, Quarantined, [21], [260247],1.0.3562
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, Quarantined, [21], [260247],1.0.3562
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{B3A2F4F3-76BC-44F9-AE58-FE658023109C}, Quarantined, [931], [459338],1.0.3562
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\space(title, t_monitor), Quarantined, [931], [459338],1.0.3562
PUP.Optional.AdLoad, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{1CB6613E-B1FA-4C76-AFCD-03E611DEBB02}, Quarantined, [568], [313436],1.0.3562
PUP.Optional.AdLoad, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WindowsUpdater, Quarantined, [568], [313436],1.0.3562
PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Quarantined, [75], [170024],1.0.3562
PUP.Optional.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarantined, [75], [-1],0.0.0
PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Quarantined, [75], [170024],1.0.3562
PUP.Optional.Wajam, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Quarantined, [75], [170024],1.0.3562

Registry Value: 9
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-1722359170-470532309-3725313330-1000\CONSOLE\%SYSTEMROOT%_SYSTEM32_SVCHOST.EXE|WINDOWPOSITION, Quarantined, [5111], [425124],1.0.3562
PUP.Optional.PQwick, HKU\S-1-5-21-1722359170-470532309-3725313330-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|PQWICK, Quarantined, [7323], [451754],1.0.3562
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-1722359170-470532309-3725313330-1000\CONSOLE\%SYSTEMROOT%_SYSTEM32_WINDOWSPOWERSHELL_V1.0_POWERSHELL.EXE|WINDOWPOSITION, Quarantined, [5111], [425126],1.0.3562
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-1722359170-470532309-3725313330-1000\CONSOLE\TASKENG.EXE|WINDOWPOSITION, Quarantined, [5111], [425125],1.0.3562
PUP.Optional.AdLoad, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{1CB6613E-B1FA-4C76-AFCD-03E611DEBB02}|PATH, Quarantined, [568], [313434],1.0.3562
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B3A2F4F3-76BC-44F9-AE58-FE658023109C}|PATH, Quarantined, [931], [459339],1.0.3562
PUP.Optional.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [75], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-21-1722359170-470532309-3725313330-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [75], [-1],0.0.0
PUP.Optional.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [75], [-1],0.0.0

Registry Data: 5
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, Replaced, [21], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|DhcpNameServer, Replaced, [21], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{4081e67c-5b99-4d92-923a-d17e3ca37d82}|NameServer, Replaced, [21], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{6115c17c-e88d-419f-aeb6-897f2bd99ff3}|DhcpNameServer, Replaced, [21], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{900d202d-9f31-4a7c-a023-7cecd4bd9112}|NameServer, Replaced, [21], [-1],0.0.0

Data Stream: 0
(No malicious items detected)

Folder: 1
PUP.Optional.MirageISO, C:\USERS\PUBLIC\DOCUMENTS\XMUPDATE, Quarantined, [8489], [443706],1.0.3562

File: 3
PUP.Optional.MirageISO, C:\USERS\PUBLIC\DOCUMENTS\XMUPDATE\CONF.DB, Quarantined, [8489], [443706],1.0.3562
Adware.Elex.ShrtCln, C:\USERS\ANT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [2154], [454731],1.0.3562
Adware.Elex.ShrtCln, C:\USERS\ANT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [2154], [454731],1.0.3562

Physical Sector: 0
(No malicious items detected)


(end)

 

Adwcleaner:

# AdwCleaner 7.0.6.0 - Logfile created on Tue Dec 26 06:26:43 2017
# Updated on 2017/21/12 by Malwarebytes
# Running on Windows 10 Pro (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Program Files (x86)\DriverToolkit
Deleted: C:\Users\Ant\AppData\Local\DriverToolkit


***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted: Driver Booster Scheduler
Deleted: DQXMIZcMVgHaIkOHb
Deleted: AMpcLJhOMOGkdg
Deleted: DQXMIZcMVgHaIkOHb2
Deleted: lJBQppWImNhefKN2


***** [ Registry ] *****

Deleted: [Key] - HKU\S-1-5-21-1722359170-470532309-3725313330-1000\Software\DriverToolkit
Deleted: [Key] - HKCU\Software\DriverToolkit


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

SearchProvider deleted: AIM Search - slirsredirect.search.aol.com
SearchProvider deleted: Ask.com - supertoolbar.ask.com
SearchProvider deleted: Ask Search - tbsearch.ask.com
SearchProvider deleted: Search the Web - search.freecause.com


*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

 

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [1743 B] - [2017/12/26 6:24:58]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

 

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.55, December 2017 (build 5.55.14421.1)
Started On Tue Dec 26 01:02:58 2017

Engine: 1.1.14405.2
Signatures: 1.257.1160.0
Run Mode: Interactive Graphical Mode
Microsoft Windows Malicious Software Removal Tool Finished On Tue Dec 26 01:03:32 2017


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.55, December 2017 (build 5.55.14421.1)
Started On Tue Dec 26 01:33:49 2017

Engine: 1.1.14405.2
Signatures: 1.257.1160.0
Run Mode: Interactive Graphical Mode

 

Fixlog.txt

Addition.txt

FRST.txt

Link to post
Share on other sites

Hello CrimsonNyte,

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Let me see that log, also tell me if there are any remaining issues or concerns....

Thanks,

Kevin...

fixlist.txt

Link to post
Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Open Malwarebytes Anti-Malware.
 
  • On the Settings tab > Protection Scroll to and make sure the following are selected:
    Scan for Rootkits
    Scan within Archives
     
  • Scroll further to Potential Threat Protection make sure the following are set as follows:
    Potentially Unwanted Programs (PUP`s) set as :- Always detect PUP`s (recommended)
    Potentially Unwanted Modifications (PUM`s) set as :- Alwaysdetect PUM`s (recommended)
     
  • Click on the Scan make sure Threat Scan is selected,
  • A Threat Scan will begin.
  • When the scan is complete if anything is found make sure that the first checkbox at the top is checked (that will automatically check all detected items), then click on the Quarantine Selected Tab
  • If asked to restart your computer to complete the removal, please do so
  • When complete click on Export Summary after deletion (bottom-left corner) and select Copy to Clipboard.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more to retrieve the log.


To get the log from Malwarebytes do the following:
 
  • Click on the Reports tab > from main interface.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select user posted imageRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Next,

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

https://www.microsoft.com/en-gb/download/malicious-software-removal-tool-details.aspx


Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.


Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....

Let me see those logs, also tll me if there are any remaining issues or concerns...

Thank you,

Kevin...

 

fixlist.txt

Link to post
Share on other sites

Sorry for the late reply. Here ya go:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/5/18
Scan Time: 12:35 PM
Log File: cfbfd7b0-f23e-11e7-9649-d8cb8a506eab.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3631
License: Trial

-System Information-
OS: Windows 10 (Build 16299.192)
CPU: x64
File System: NTFS
User: GODMACHINE1\Ant

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 335505
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 21 min, 11 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

 

# AdwCleaner 7.0.6.0 - Logfile created on Fri Jan 05 18:01:05 2018
# Updated on 2017/21/12 by Malwarebytes
# Database: 01-03-2018.1
# Running on Windows 10 Pro (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

PUP.Optional.Legacy, SearchProvider found: AIM Search - slirsredirect.search.aol.com
PUP.Optional.Legacy, SearchProvider found: Ask.com - supertoolbar.ask.com
PUP.Optional.Legacy, SearchProvider found: Ask Search - tbsearch.ask.com
PUP.Optional.Legacy, SearchProvider found: Search the Web - search.freecause.com

/!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271


*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [1619 B] - [2017/12/26 6:26:43]
C:/AdwCleaner/AdwCleaner[S0].txt - [1743 B] - [2017/12/26 6:24:58]
C:/AdwCleaner/AdwCleaner[S1].txt - [1504 B] - [2018/1/5 17:5:26]


########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt ##########

Microsoft Windows Malicious Software Removal Tool v5.55, December 2017 (build 5.55.14421.1)
Started On Fri Jan 05 13:02:05 2018

Engine: 1.1.14405.2
Signatures: 1.257.1160.0
Run Mode: Interactive Graphical Mode

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Fri Jan 05 13:29:20 2018


Return code: 0 (0x0)

 

Fixlog.txt

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.