Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

locked files folders malware [Closed]

farbar frst hidden locked

  • This topic is locked This topic is locked

#1
elzin

elzin

    New Member

  • Member
  • Pip
  • 2 posts

At the FLock there are a few folders that are totally locked. I cannot access, elevate privileges or delete at all. I downloaded something that was diguised as something else and it put files and documents on the computer under different names, different processes etc. And it was replicating itself. Running Malware bytes, Super antimalware, spybot, adware cleaner I think I got most of it gone. But there is still folders under C:\ProgramData listed as AMDTools, TeamViewerStorage and WindowsTools. Everything that was caught was in those folders and there was another AMDControlPanelTools which I was able to end the tasks for that folder and thus have access and delete the folder. The malware/virus made it seem like they were legit processes but most of the files came up as being used on ASUS which I do not have, or Intel processes which nothing on my computer is intel and thus they came up as bad and quarantined/deleted. Anyways among some of the other errors listed on these documents, Is there a fixlist to use? And Anyways to force delete those folders?

 

Please advise.

Attached Files


Edited by elzin, 20 June 2019 - 05:22 PM.

  • 0

Advertisements


#2
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 500 posts
Hi elzin, welcome to the Geeks to Go malware removal forum.

I am iMacg3 and will be helping you with your computer problems.

Please keep the following information in mind before we begin:
  • Back up any important data before we continue.
    • Back up any important data on your computer to external media. I will not knowingly suggest any steps that will damage your computer; however, malware infections are often unpredictable and it may be necessary to reformat and reinstall your operating system depending on the infection.
  • Do not run any fixes or tools on your system unless I request that you do so.
    • Running additional tools on your system can interfere with the clean-up process, or cause issues such as false positives.
  • Please read all instructions carefully, and complete them in the order listed.
    • Items that are especially important will be highlighted in bold or red.
  • If your computer seems to start working normally, please don't abandon the topic.
    • Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
  • If you have pirated or illegal software on your computer, uninstall it now before proceeding.
    • Using pirated/cracked software is an easy way to infect your computer - almost as easy as intentionally downloading malware. Therefore, please remove any, if present, before we begin the clean-up.
  • If you don't respond to your topic in 4 days, it will be closed.
    • If your topic is closed and you still need assistance, send me or any Moderator a Private Message with a link to your topic.
  • If you have questions at any time during the cleanup, feel free to ask.
---------------------------------------------------
Farbar Recovery Scan Tool - Fix
  • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
    Start::
    CreateRestorePoint:
    EmptyTemp:
    CloseProcesses:
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    GroupPolicy: Restriction ? <==== ATTENTION
    Task: {68AAC1DC-3915-4988-AC7E-C5A93F9AEE96} - System32\Tasks\deinstitutionalization => C:\Program Files (x86)\Sec\aboveboard.exe
    Task: {8A81805B-2886-48D1-A9F3-41B175E31F35} - System32\Tasks\deinstitutionalizationdeinstitutionalization => C:\Program Files (x86)\Sec\aboveboard.exe
    Task: {F318966A-D0D2-49C9-BAC7-3F3599673753} - System32\Tasks\{2A37FE43-6043-496F-9B18-743A2950AB5C} => C:\ProgramData\{2A3806D4-A9D4-4B93-9C2C-74C3B150ABA0}\{AA3806D4-A9D4-4B93-9C2D-74C3B550ABA0}\lbwwwjnpd.exe <==== ATTENTION
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-3181282482-3321046939-1998509028-1001 -> DefaultScope {092E70FB-7DD7-45C0-8FD2-2F09C220DDEE} URL = 
    SearchScopes: HKU\S-1-5-21-3181282482-3321046939-1998509028-1001 -> {092E70FB-7DD7-45C0-8FD2-2F09C220DDEE} URL = 
    FF user.js: detected! => C:\Users\MD\AppData\Roaming\Mozilla\Firefox\Profiles\ahur6mrs.default\user.js [2019-06-20]
    FF SearchPlugin: C:\Users\MD\AppData\Roaming\Mozilla\Firefox\Profiles\dupc4xje.default-release\searchplugins\bing-lavasoft-ff59.xml [2019-06-15]
    S4 atgsuw; System32\drivers\nvoxetus.sys [X]
    2019-06-16 14:39 - 2019-06-16 14:49 - 000000000 ____D C:\Users\MD\AppData\Roaming\MajorAV
    2019-06-15 19:51 - 2019-06-15 20:03 - 000000000 ____D C:\Users\MD\AppData\Roaming\netcache
    2019-06-15 19:51 - 2019-06-15 19:51 - 000000000 ____D C:\WINDOWS\system32\appmgmt
    2019-06-15 19:46 - 2019-06-18 16:11 - 000000000 ____D C:\WINDOWS\system32\iaivnek
    2019-06-15 19:46 - 2019-06-15 19:46 - 000000000 ____D C:\WINDOWS\SysWOW64\iaivnek
    2019-06-15 19:45 - 2019-06-18 19:06 - 000000000 _RSHD C:\ProgramData\AMDTools
    2019-06-15 19:45 - 2019-06-16 14:32 - 000000000 _RSHD C:\ProgramData\TeamViewerStorage
    2019-06-15 19:45 - 2019-06-15 20:03 - 000000000 _RSHD C:\ProgramData\WindowsTools
    2019-06-15 19:45 - 2019-06-15 19:45 - 000003390 _____ C:\WINDOWS\System32\Tasks\{2A37FE43-6043-496F-9B18-743A2950AB5C}
    2019-06-15 19:45 - 2019-06-15 19:45 - 000000000 ____D C:\Users\MD\AppData\Roaming\et
    2019-06-15 19:45 - 2019-06-15 19:45 - 000000000 ____D C:\ProgramData\{2A3806D4-A9D4-4B93-9C2C-74C3B150ABA0}
    2019-06-15 19:44 - 2019-06-18 16:40 - 000000000 ____D C:\Program Files (x86)\Sec
    2019-06-15 19:44 - 2019-06-15 20:03 - 000000000 ___HD C:\Program Files (x86)\weekdays
    2019-06-15 19:44 - 2019-06-15 20:03 - 000000000 ___HD C:\Program Files (x86)\Spineless
    2019-06-15 19:44 - 2019-06-15 20:03 - 000000000 ____D C:\Program Files (x86)\Innovates
    2019-06-15 19:44 - 2019-06-15 19:44 - 000126464 _____ C:\Users\MD\AppData\Local\lobby.dat
    2019-06-15 19:44 - 2019-06-15 19:44 - 000054272 _____ C:\Users\MD\AppData\Local\ApplicationHosting.dat
    2019-06-15 19:44 - 2019-06-15 19:44 - 000004106 _____ C:\WINDOWS\System32\Tasks\deinstitutionalization
    2019-06-15 19:44 - 2019-06-15 19:44 - 000003994 _____ C:\WINDOWS\System32\Tasks\deinstitutionalizationdeinstitutionalization
    2019-06-15 19:44 - 2019-06-15 19:44 - 000000012 _____ C:\WINDOWS\b42233278
    2019-06-15 19:44 - 2019-06-15 19:44 - 000000000 ____D C:\Users\MD\AppData\Local\PeerDistRepub
    2019-06-15 19:44 - 2019-06-15 19:44 - 000000000 ____D C:\ProgramData\8BP05XKK8CZ1X29C6IZDPZLC2
    2019-06-15 19:43 - 2019-06-15 19:53 - 000722944 _____ C:\Users\MD\AppData\Local\sha.db
    2019-06-15 19:43 - 2019-06-15 19:44 - 000000000 ____D C:\ProgramData\Optimizer
    2019-06-15 19:43 - 2019-06-15 19:43 - 000140800 _____ C:\Users\MD\AppData\Local\installer.dat
    2019-06-15 19:43 - 2019-06-15 19:43 - 000000000 ____D C:\Users\MD\AppData\Local\DBG
    2019-06-15 19:43 - 2019-06-15 19:43 - 000000000 ____D C:\ProgramData\Pader
    2018-09-15 03:28 - 2018-09-15 03:28 - 000314058 ___SH () C:\Users\MD\AppData\Roaming\hbswfra
    2018-09-15 03:28 - 2018-09-15 03:28 - 000000267 ___SH () C:\Users\MD\AppData\Roaming\wgwcehr
    FirewallRules: [{B214CD8E-90F1-44B7-8980-C27988E20A7D}] => (Allow) C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungFlux_3.5.14.0_x64__wyx1vj98g3asy\DesktopApp\SamsungFlowDesktop.exe No File
    FirewallRules: [{46B96569-9626-4B5F-B378-AD2407E1E61E}] => (Allow) C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungFlux_3.5.14.0_x64__wyx1vj98g3asy\DesktopApp\SamsungFlowDesktop.exe No File
    FirewallRules: [{5B0C698A-0719-4BFC-8F7C-CC4F5125E9A4}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe No File
    FirewallRules: [{07914E43-E64B-47D0-848C-2478857D52CE}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe No File
    FirewallRules: [{B2FDF454-26F7-490B-8483-0D211BB4956D}] => (Allow) C:\Program Files (x86)\Innovates\Pitchers.exe No File
    FirewallRules: [{757BE30B-E6E5-41C6-B3EC-6875F5E7AC8F}] => (Allow) C:\Program Files (x86)\Spineless\Pitchers.exe No File
    FirewallRules: [{F32D02B1-DCCC-4C61-AA89-59DDA144397A}] => (Allow) C:\Program Files (x86)\deliciousness\Instructs.exe No File
    FirewallRules: [{3152C03F-798F-41BD-92AE-468AD3FB859C}] => (Allow) C:\Program Files (x86)\Spineless\Instructs.exe No File
    Folder: C:\fvbbk
    Folder: C:\ProgramData\bomgar-scc-0x5d0a6c6b
    Virustotal: C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
    CMD: Bitsadmin /Reset /Allusers
    End::
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.
---------------------------------------------------
AdwCleaner

Download AdwCleaner and save it to your desktop.
  • Right-click on AdwCleaner.exe and select Run as Administrator
  • Accept the EULA (I accept), then click on Scan.
  • Let the scan complete. If no objects are detected, close the AdwCleaner window.
  • If any objects are detected, uncheck any items you want to keep.
  • Click on the Clean and Repair button.
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer. Allow it to do so.
  • After the restart, an AdwCleaner window will open. Click on View Log File, and the log will open in notepad. Copy and paste the contents of the log into your next reply.
  • Note: the AdwCleaner log is also saved to C:\AdwCleaner\Logs\AdwCleaner[CXX].txt (where XX is two numbers).

  • 0

#3
elzin

elzin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts

Upon each restart, right before loading it would say scanning and repairing volume very briefly and continue. It did it on each of the restarts. I turned it off and back on after doing all this to see if it did it again and it continued. Very minor and only a quick second but I wanted to let you know that as well.

 

Thank you for the help it does appear the problems are no more but let me know what you think.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 19-06-2019
Ran by MD (21-06-2019 13:41:11) Run:1
Running from C:\Users\MD\Downloads
Loaded Profiles: MD (Available Profiles: MD)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
Task: {68AAC1DC-3915-4988-AC7E-C5A93F9AEE96} - System32\Tasks\deinstitutionalization => C:\Program Files (x86)\Sec\aboveboard.exe
Task: {8A81805B-2886-48D1-A9F3-41B175E31F35} - System32\Tasks\deinstitutionalizationdeinstitutionalization => C:\Program Files (x86)\Sec\aboveboard.exe
Task: {F318966A-D0D2-49C9-BAC7-3F3599673753} - System32\Tasks\{2A37FE43-6043-496F-9B18-743A2950AB5C} => C:\ProgramData\{2A3806D4-A9D4-4B93-9C2C-74C3B150ABA0}\{AA3806D4-A9D4-4B93-9C2D-74C3B550ABA0}\lbwwwjnpd.exe <==== ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3181282482-3321046939-1998509028-1001 -> DefaultScope {092E70FB-7DD7-45C0-8FD2-2F09C220DDEE} URL =
SearchScopes: HKU\S-1-5-21-3181282482-3321046939-1998509028-1001 -> {092E70FB-7DD7-45C0-8FD2-2F09C220DDEE} URL =
FF user.js: detected! => C:\Users\MD\AppData\Roaming\Mozilla\Firefox\Profiles\ahur6mrs.default\user.js [2019-06-20]
FF SearchPlugin: C:\Users\MD\AppData\Roaming\Mozilla\Firefox\Profiles\dupc4xje.default-release\searchplugins\bing-lavasoft-ff59.xml [2019-06-15]
S4 atgsuw; System32\drivers\nvoxetus.sys [X]
2019-06-16 14:39 - 2019-06-16 14:49 - 000000000 ____D C:\Users\MD\AppData\Roaming\MajorAV
2019-06-15 19:51 - 2019-06-15 20:03 - 000000000 ____D C:\Users\MD\AppData\Roaming\netcache
2019-06-15 19:51 - 2019-06-15 19:51 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2019-06-15 19:46 - 2019-06-18 16:11 - 000000000 ____D C:\WINDOWS\system32\iaivnek
2019-06-15 19:46 - 2019-06-15 19:46 - 000000000 ____D C:\WINDOWS\SysWOW64\iaivnek
2019-06-15 19:45 - 2019-06-18 19:06 - 000000000 _RSHD C:\ProgramData\AMDTools
2019-06-15 19:45 - 2019-06-16 14:32 - 000000000 _RSHD C:\ProgramData\TeamViewerStorage
2019-06-15 19:45 - 2019-06-15 20:03 - 000000000 _RSHD C:\ProgramData\WindowsTools
2019-06-15 19:45 - 2019-06-15 19:45 - 000003390 _____ C:\WINDOWS\System32\Tasks\{2A37FE43-6043-496F-9B18-743A2950AB5C}
2019-06-15 19:45 - 2019-06-15 19:45 - 000000000 ____D C:\Users\MD\AppData\Roaming\et
2019-06-15 19:45 - 2019-06-15 19:45 - 000000000 ____D C:\ProgramData\{2A3806D4-A9D4-4B93-9C2C-74C3B150ABA0}
2019-06-15 19:44 - 2019-06-18 16:40 - 000000000 ____D C:\Program Files (x86)\Sec
2019-06-15 19:44 - 2019-06-15 20:03 - 000000000 ___HD C:\Program Files (x86)\weekdays
2019-06-15 19:44 - 2019-06-15 20:03 - 000000000 ___HD C:\Program Files (x86)\Spineless
2019-06-15 19:44 - 2019-06-15 20:03 - 000000000 ____D C:\Program Files (x86)\Innovates
2019-06-15 19:44 - 2019-06-15 19:44 - 000126464 _____ C:\Users\MD\AppData\Local\lobby.dat
2019-06-15 19:44 - 2019-06-15 19:44 - 000054272 _____ C:\Users\MD\AppData\Local\ApplicationHosting.dat
2019-06-15 19:44 - 2019-06-15 19:44 - 000004106 _____ C:\WINDOWS\System32\Tasks\deinstitutionalization
2019-06-15 19:44 - 2019-06-15 19:44 - 000003994 _____ C:\WINDOWS\System32\Tasks\deinstitutionalizationdeinstitutionalization
2019-06-15 19:44 - 2019-06-15 19:44 - 000000012 _____ C:\WINDOWS\b42233278
2019-06-15 19:44 - 2019-06-15 19:44 - 000000000 ____D C:\Users\MD\AppData\Local\PeerDistRepub
2019-06-15 19:44 - 2019-06-15 19:44 - 000000000 ____D C:\ProgramData\8BP05XKK8CZ1X29C6IZDPZLC2
2019-06-15 19:43 - 2019-06-15 19:53 - 000722944 _____ C:\Users\MD\AppData\Local\sha.db
2019-06-15 19:43 - 2019-06-15 19:44 - 000000000 ____D C:\ProgramData\Optimizer
2019-06-15 19:43 - 2019-06-15 19:43 - 000140800 _____ C:\Users\MD\AppData\Local\installer.dat
2019-06-15 19:43 - 2019-06-15 19:43 - 000000000 ____D C:\Users\MD\AppData\Local\DBG
2019-06-15 19:43 - 2019-06-15 19:43 - 000000000 ____D C:\ProgramData\Pader
2018-09-15 03:28 - 2018-09-15 03:28 - 000314058 ___SH () C:\Users\MD\AppData\Roaming\hbswfra
2018-09-15 03:28 - 2018-09-15 03:28 - 000000267 ___SH () C:\Users\MD\AppData\Roaming\wgwcehr
FirewallRules: [{B214CD8E-90F1-44B7-8980-C27988E20A7D}] => (Allow) C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungFlux_3.5.14.0_x64__wyx1vj98g3asy\DesktopApp\SamsungFlowDesktop.exe No File
FirewallRules: [{46B96569-9626-4B5F-B378-AD2407E1E61E}] => (Allow) C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungFlux_3.5.14.0_x64__wyx1vj98g3asy\DesktopApp\SamsungFlowDesktop.exe No File
FirewallRules: [{5B0C698A-0719-4BFC-8F7C-CC4F5125E9A4}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{07914E43-E64B-47D0-848C-2478857D52CE}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{B2FDF454-26F7-490B-8483-0D211BB4956D}] => (Allow) C:\Program Files (x86)\Innovates\Pitchers.exe No File
FirewallRules: [{757BE30B-E6E5-41C6-B3EC-6875F5E7AC8F}] => (Allow) C:\Program Files (x86)\Spineless\Pitchers.exe No File
FirewallRules: [{F32D02B1-DCCC-4C61-AA89-59DDA144397A}] => (Allow) C:\Program Files (x86)\deliciousness\Instructs.exe No File
FirewallRules: [{3152C03F-798F-41BD-92AE-468AD3FB859C}] => (Allow) C:\Program Files (x86)\Spineless\Instructs.exe No File
Folder: C:\fvbbk
Folder: C:\ProgramData\bomgar-scc-0x5d0a6c6b
Virustotal: C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
CMD: Bitsadmin /Reset /Allusers

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => could not remove, key could be protected
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{68AAC1DC-3915-4988-AC7E-C5A93F9AEE96}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68AAC1DC-3915-4988-AC7E-C5A93F9AEE96}" => removed successfully
C:\WINDOWS\System32\Tasks\deinstitutionalization => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\deinstitutionalization" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8A81805B-2886-48D1-A9F3-41B175E31F35}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A81805B-2886-48D1-A9F3-41B175E31F35}" => removed successfully
C:\WINDOWS\System32\Tasks\deinstitutionalizationdeinstitutionalization => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\deinstitutionalizationdeinstitutionalization" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F318966A-D0D2-49C9-BAC7-3F3599673753}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F318966A-D0D2-49C9-BAC7-3F3599673753}" => removed successfully
C:\WINDOWS\System32\Tasks\{2A37FE43-6043-496F-9B18-743A2950AB5C} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2A37FE43-6043-496F-9B18-743A2950AB5C}" => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKU\S-1-5-21-3181282482-3321046939-1998509028-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-3181282482-3321046939-1998509028-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{092E70FB-7DD7-45C0-8FD2-2F09C220DDEE} => removed successfully
HKLM\Software\Classes\CLSID\{092E70FB-7DD7-45C0-8FD2-2F09C220DDEE} => not found
C:\Users\MD\AppData\Roaming\Mozilla\Firefox\Profiles\ahur6mrs.default\user.js => moved successfully
C:\Users\MD\AppData\Roaming\Mozilla\Firefox\Profiles\dupc4xje.default-release\searchplugins\bing-lavasoft-ff59.xml => moved successfully
HKLM\System\CurrentControlSet\Services\atgsuw => removed successfully
atgsuw => service removed successfully
C:\Users\MD\AppData\Roaming\MajorAV => moved successfully
C:\Users\MD\AppData\Roaming\netcache => moved successfully
C:\WINDOWS\system32\appmgmt => moved successfully
C:\WINDOWS\system32\iaivnek => moved successfully
C:\WINDOWS\SysWOW64\iaivnek => moved successfully
C:\ProgramData\AMDTools => moved successfully
C:\ProgramData\TeamViewerStorage => moved successfully
C:\ProgramData\WindowsTools => moved successfully
"C:\WINDOWS\System32\Tasks\{2A37FE43-6043-496F-9B18-743A2950AB5C}" => not found
C:\Users\MD\AppData\Roaming\et => moved successfully
C:\ProgramData\{2A3806D4-A9D4-4B93-9C2C-74C3B150ABA0} => moved successfully
C:\Program Files (x86)\Sec => moved successfully
C:\Program Files (x86)\weekdays => moved successfully
C:\Program Files (x86)\Spineless => moved successfully
C:\Program Files (x86)\Innovates => moved successfully
C:\Users\MD\AppData\Local\lobby.dat => moved successfully
C:\Users\MD\AppData\Local\ApplicationHosting.dat => moved successfully
"C:\WINDOWS\System32\Tasks\deinstitutionalization" => not found
"C:\WINDOWS\System32\Tasks\deinstitutionalizationdeinstitutionalization" => not found
C:\WINDOWS\b42233278 => moved successfully
C:\Users\MD\AppData\Local\PeerDistRepub => moved successfully
C:\ProgramData\8BP05XKK8CZ1X29C6IZDPZLC2 => moved successfully
C:\Users\MD\AppData\Local\sha.db => moved successfully
C:\ProgramData\Optimizer => moved successfully
C:\Users\MD\AppData\Local\installer.dat => moved successfully
C:\Users\MD\AppData\Local\DBG => moved successfully
C:\ProgramData\Pader => moved successfully
C:\Users\MD\AppData\Roaming\hbswfra => moved successfully
C:\Users\MD\AppData\Roaming\wgwcehr => moved successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B214CD8E-90F1-44B7-8980-C27988E20A7D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{46B96569-9626-4B5F-B378-AD2407E1E61E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5B0C698A-0719-4BFC-8F7C-CC4F5125E9A4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{07914E43-E64B-47D0-848C-2478857D52CE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B2FDF454-26F7-490B-8483-0D211BB4956D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{757BE30B-E6E5-41C6-B3EC-6875F5E7AC8F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F32D02B1-DCCC-4C61-AA89-59DDA144397A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3152C03F-798F-41BD-92AE-468AD3FB859C}" => removed successfully

========================= Folder: C:\fvbbk ========================

C:\fvbbk => File

====== End of Folder: ======


========================= Folder: C:\ProgramData\bomgar-scc-0x5d0a6c6b ========================

2019-06-19 13:10 - 2019-02-12 14:55 - 000060656 ____A [87E89FC48D5D656F9658F8C1157A0A55] (bomgar) C:\ProgramData\bomgar-scc-0x5d0a6c6b\remove.exe

====== End of Folder: ======

VirusTotal: C:\WINDOWS\system32\mcupdate_GenuineIntel.dll => https://www.virustot...sis/1560397381/

========= Bitsadmin /Reset /Allusers =========


BITSADMIN version 3.0
BITS administration utility.
© Copyright Microsoft Corp.

0 out of 0 jobs canceled.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 6053888 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7379062 B
Java, Flash, Steam htmlcache => 1124 B
Windows/system/drivers => 1090214 B
Edge => 4586 B
Chrome => 0 B
Firefox => 177409528 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
LocalService => 0 B
NetworkService => 1188 B
NetworkService => 0 B
MD => 26209370 B

RecycleBin => 100689179 B
EmptyTemp: => 304.1 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 21-06-2019 13:42:41)


Result of scheduled keys to remove after reboot:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => could not remove, key could be protected

==== End of Fixlog 13:42:41 ====

 

 

Here is from adwcleaner

 

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-06-18.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    06-21-2019
# Duration: 00:00:00
# OS:       Windows 10 Pro
# Cleaned:  2
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [4626 octets] - [18/06/2019 16:12:52]
AdwCleaner[C00].txt - [2733 octets] - [18/06/2019 16:14:38]
AdwCleaner[S01].txt - [3092 octets] - [18/06/2019 16:16:42]
AdwCleaner[S02].txt - [1432 octets] - [18/06/2019 17:38:01]
AdwCleaner[S03].txt - [1493 octets] - [18/06/2019 19:00:07]
AdwCleaner[C03].txt - [1679 octets] - [18/06/2019 19:05:08]
AdwCleaner[S04].txt - [1854 octets] - [21/06/2019 13:50:23]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C04].txt ##########


  • 0

#4
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 500 posts
Hi,

Some remnants to clean up:

---------------------------------------------------
Farbar Recovery Scan Tool - Fix
  • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
    Start::
    CreateRestorePoint:
    Closeprocesses:
    VirusTotal: C:\ProgramData\bomgar-scc-0x5d0a6c6b\remove.exe;C:\fvbbk
    Unlock: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender
    DeleteKey: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender
    Reboot:
    End::
    
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.

  • 0

#5
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 500 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP