Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
appwiz.cpl
CreateRestorePoint: ShellExecuteHooks-x32: No Name - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - -> No File ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File HKU\S-1-5-21-105068452-229409033-3044687292-1001\...\StartupApproved\Run: => "uTorrent" HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION Task: {08801D14-44C9-4BAE-A0D1-088E1EA02685} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {08AC1526-6DED-4AC3-B2C3-D5332C849A63} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {0E251505-18CD-4456-9DD4-72DB941D5874} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {19C2E701-DB47-4538-8728-2735C705C7E5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {439170D2-AFB1-42A7-A0BA-EC241C1BCC2A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {5D1FF1DB-A8F0-4C35-9D0A-98AAEE95EA0E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {95225BA2-2EF3-4768-8C2D-65D98759234D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {9F6D5133-BB4E-4D88-A335-DE673E64F69F} - \WPD\SqmUpload_S-1-5-21-105068452-229409033-3044687292-1001 -> No File <==== ATTENTION Task: {AA728C6C-BFD7-4F4A-8FA4-7E751807F7A2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {C4799595-8849-428D-8C2C-61EDEAD6E968} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {C939347D-9246-4738-A89D-71399646DF35} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {D18DE444-5CB0-4AF7-8052-DFE160F17DAC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {F1D397B8-06B0-4298-B55F-22904C5AAFBC} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION EmptyTemp:
Fix result of Farbar Recovery Scan Tool (x64) Version: 26-06-2019 Ran by Ken (28-06-2019 12:30:18) Run:1 Running from C:\Users\Ken\Desktop Loaded Profiles: Ken (Available Profiles: Ken) Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: ShellExecuteHooks-x32: No Name - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - -> No File ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File HKU\S-1-5-21-105068452-229409033-3044687292-1001\...\StartupApproved\Run: => "uTorrent" HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION Task: {08801D14-44C9-4BAE-A0D1-088E1EA02685} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {08AC1526-6DED-4AC3-B2C3-D5332C849A63} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {0E251505-18CD-4456-9DD4-72DB941D5874} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {19C2E701-DB47-4538-8728-2735C705C7E5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {439170D2-AFB1-42A7-A0BA-EC241C1BCC2A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {5D1FF1DB-A8F0-4C35-9D0A-98AAEE95EA0E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {95225BA2-2EF3-4768-8C2D-65D98759234D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {9F6D5133-BB4E-4D88-A335-DE673E64F69F} - \WPD\SqmUpload_S-1-5-21-105068452-229409033-3044687292-1001 -> No File <==== ATTENTION Task: {AA728C6C-BFD7-4F4A-8FA4-7E751807F7A2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {C4799595-8849-428D-8C2C-61EDEAD6E968} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {C939347D-9246-4738-A89D-71399646DF35} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {D18DE444-5CB0-4AF7-8052-DFE160F17DAC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {F1D397B8-06B0-4298-B55F-22904C5AAFBC} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION EmptyTemp: ***************** Restore point was successfully created. "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" => removed successfully HKLM\SOFTWARE\WOW6432Node\Classes\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} => not found HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found "HKU\S-1-5-21-105068452-229409033-3044687292-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\uTorrent" => removed successfully "HKU\S-1-5-21-105068452-229409033-3044687292-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\uTorrent" => not found HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08801D14-44C9-4BAE-A0D1-088E1EA02685}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08801D14-44C9-4BAE-A0D1-088E1EA02685}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08AC1526-6DED-4AC3-B2C3-D5332C849A63}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08AC1526-6DED-4AC3-B2C3-D5332C849A63}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0E251505-18CD-4456-9DD4-72DB941D5874}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E251505-18CD-4456-9DD4-72DB941D5874}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{19C2E701-DB47-4538-8728-2735C705C7E5}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19C2E701-DB47-4538-8728-2735C705C7E5}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{439170D2-AFB1-42A7-A0BA-EC241C1BCC2A}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{439170D2-AFB1-42A7-A0BA-EC241C1BCC2A}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5D1FF1DB-A8F0-4C35-9D0A-98AAEE95EA0E}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D1FF1DB-A8F0-4C35-9D0A-98AAEE95EA0E}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{95225BA2-2EF3-4768-8C2D-65D98759234D}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95225BA2-2EF3-4768-8C2D-65D98759234D}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9F6D5133-BB4E-4D88-A335-DE673E64F69F}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F6D5133-BB4E-4D88-A335-DE673E64F69F}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-105068452-229409033-3044687292-1001" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AA728C6C-BFD7-4F4A-8FA4-7E751807F7A2}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA728C6C-BFD7-4F4A-8FA4-7E751807F7A2}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C4799595-8849-428D-8C2C-61EDEAD6E968}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4799595-8849-428D-8C2C-61EDEAD6E968}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C939347D-9246-4738-A89D-71399646DF35}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C939347D-9246-4738-A89D-71399646DF35}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D18DE444-5CB0-4AF7-8052-DFE160F17DAC}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D18DE444-5CB0-4AF7-8052-DFE160F17DAC}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F1D397B8-06B0-4298-B55F-22904C5AAFBC}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1D397B8-06B0-4298-B55F-22904C5AAFBC}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully =========== EmptyTemp: ========== BITS transfer queue => 10510336 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 298780713 B Java, Flash, Steam htmlcache => 291 B Windows/system/drivers => 1366766 B Edge => 610444 B Chrome => 312384344 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 0 B LocalService => 0 B NetworkService => 7300 B NetworkService => 0 B Ken => 76587303 B RecycleBin => 213433835 B EmptyTemp: => 871.4 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 12:33:18 ====
# ------------------------------- # Malwarebytes AdwCleaner 7.3.0.0 # ------------------------------- # Build: 04-04-2019 # Database: 2019-06-28.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 06-28-2019 # Duration: 00:01:07 # OS: Windows 10 Home # Scanned: 27557 # Detected: 6 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** PUP.Optional.PCProtect C:\ProgramData\SecuritySuite ***** [ Files ] ***** PUP.Optional.TotalAV C:\Users\Ken\Downloads\TOTALAV_SETUP.EXE ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com PUP.Optional.PCProtect HKCU\Software\SSProtect ***** [ Chromium (and derivatives) ] ***** PUP.Optional.Legacy MSN Homepage & Bing Search Engine ***** [ Chromium URLs ] ***** No malicious Chromium URLs found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. AdwCleaner[S00].txt - [2756 octets] - [22/02/2019 15:17:37] AdwCleaner[C00].txt - [2628 octets] - [22/02/2019 15:18:16] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
It is OK.... and he forgot to save both .txt log files. The results were cleaned and I couldn't find any record what they were. He did say no malicious files were found, just 3-4 PUP's and maybe one malware.
# ------------------------------- # Malwarebytes AdwCleaner 7.2.7.0 # ------------------------------- # Build: 01-30-2019 # Database: 2019-02-21.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 02-22-2019 # Duration: 00:00:13 # OS: Windows 10 Home # Cleaned: 17 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** Deleted C:\Program Files\Enigma Software Group ***** [ Files ] ***** Deleted C:\Users\Ken\Downloads\DRIVERUPDATE-SETUP.EXE Deleted C:\Users\Ken\Downloads\SpyHunter-Installer.exe ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKCU\Software\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp Deleted HKLM\Software\Wow6432Node\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|Amazon1ButtonTaskbarApp.exe Deleted HKLM\Software\Wow6432Node\Classes\AppID\AmazonAppIE.dll Deleted HKLM\SOFTWARE\Classes\AppID\AmazonAppIE.dll Deleted HKLM\Software\Wow6432Node\Classes\Interface\{571139B2-8D93-4B29-9AA9-496EF27D6AF8} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{3268A00F-D329-42E1-ABF0-E78D5656BA2A} Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769} Deleted HKLM\Software\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE} Deleted HKLM\Software\Wow6432Node\EnigmaSoftwareGroup Deleted HKLM\Software\EnigmaSoftwareGroup ***** [ Chromium (and derivatives) ] ***** Deleted MSN Homepage & Bing Search Engine ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [2756 octets] - [22/02/2019 15:17:37] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
# ------------------------------- # Malwarebytes AdwCleaner 7.3.0.0 # ------------------------------- # Build: 04-04-2019 # Database: 2019-06-28.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 06-28-2019 # Duration: 00:01:07 # OS: Windows 10 Home # Scanned: 27557 # Detected: 6 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** PUP.Optional.PCProtect C:\ProgramData\SecuritySuite ***** [ Files ] ***** PUP.Optional.TotalAV C:\Users\Ken\Downloads\TOTALAV_SETUP.EXE ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com PUP.Optional.PCProtect HKCU\Software\SSProtect ***** [ Chromium (and derivatives) ] ***** PUP.Optional.Legacy MSN Homepage & Bing Search Engine ***** [ Chromium URLs ] ***** No malicious Chromium URLs found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. AdwCleaner[S00].txt - [2756 octets] - [22/02/2019 15:17:37] AdwCleaner[C00].txt - [2628 octets] - [22/02/2019 15:18:16] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
Return to Infected? Virus, malware, adware, ransomware, oh my!
Users browsing this forum: No registered users and 145 guests
Contact us:
Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.
Member site: UNITE Against Malware