Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

When I start up my PC it says that startupchecklibrary.dll is missing.


  • Please log in to reply

#1
PancakeOfSteel

PancakeOfSteel

    New Member

  • Member
  • Pip
  • 4 posts

I am prompted by "There was a problem starting startupchecklibrary.dll The specific module could not be found." as well as a code 0x80070424 when I try to download software from the Microsoft store or try to update my PC. When I try to open CMD, another console opens up for a split second and my command prompt is closed. Please help.

 

Attached Thumbnails

  • Startup.png

Attached Files


Edited by PancakeOfSteel, 14 July 2019 - 01:27 PM.

  • 0

Advertisements


#2
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 555 posts
Hi PancakeOfSteel, welcome to the Geeks to Go malware removal forum.

I am iMacg3 and will be helping you with your computer problems.

Please keep the following information in mind before we begin:
  • Back up any important data before we continue.
    • Back up any important data on your computer to external media. I will not knowingly suggest any steps that will damage your computer; however, malware infections are often unpredictable and it may be necessary to reformat and reinstall your operating system depending on the infection.
  • Do not run any fixes or tools on your system unless I request that you do so.
    • Running additional tools on your system can interfere with the clean-up process, or cause issues such as false positives.
  • Please read all instructions carefully, and complete them in the order listed.
    • Items that are especially important will be highlighted in bold or red.
  • If your computer seems to start working normally, please don't abandon the topic.
    • Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
  • If you have pirated or illegal software on your computer, uninstall it now before proceeding.
    • Using pirated/cracked software is an easy way to infect your computer - almost as easy as intentionally downloading malware. Therefore, please remove any, if present, before we begin the clean-up.
  • If you don't respond to your topic in 4 days, it will be closed.
    • If your topic is closed and you still need assistance, send me or any Moderator a Private Message with a link to your topic.
  • If you have questions at any time during the cleanup, feel free to ask.
--------------------

Please give me some time to go over your logs and I will get back to you as soon as possible.
  • 0

#3
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 555 posts
Hi PancakeOfSteel,

Going over your logs I noticed that you have uTorrent Web installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent Web, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Settings icon > Apps.
If you wish to keep it, please do not use it until your computer is cleaned.

---------------------------------------------------
CKScanner

Download CKScanner by askey127 from here

Important : Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
---------------------------------------------------
slmgr
  • Click the Start button, and type Command Prompt in the search box.
  • Right-click on "Command Prompt" in the search results and select Run as Administrator
  • At the command prompt, type slmgr -dli and press Enter
  • A window will open after a few seconds. Take a screenshot of the window.
  • Next, type type slmgr -xpr at the command prompt and press Enter
  • A window will open after a few seconds. Take a screenshot of the window.
  • Attach both screenshots in your reply.
---------------------------------------------------

In your next reply, please include:
  • CKFiles.txt
  • Screenshots from slmgr

  • 0

#4
PancakeOfSteel

PancakeOfSteel

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

I cannot open the Command prompt at all, as there is another prompt that opens up for a split second and closes the Command prompt I opened. Here is the CKFiles, though.

Many thanks.

 

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\asus\atk package\atk hotkey\atkmsgctrl.exe
c:\windows\winsxs\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.17134.1_none_a227092418e9be66\ssh-keygen.exe
c:\windows\winsxs\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.17134.81_none_b683e3bc89a9896c\ssh-keygen.exe
scanner sequence 3.CP.11.KOAPVZ
 ----- EOF ----- 

  • 0

#5
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 555 posts
Hi PancakeOfSteel,

Do you recognize this registry entry?
 

HKLM\...\Policies\Explorer: [HideSCAHealth] 1



---------------------------------------------------
Uninstall a Program
  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following program(s) on the list:
    Web Companion 
  • Select the above program(s) and click Uninstall.
  • Restart the computer if prompted.
---------------------------------------------------
Uninstall a Chrome Extension
  • Open Google Chrome. Type chrome://extensions in the address bar and press Enter.
  • Click the trash can icon next to the following extension(s):
    Adaware Secure
    
  • A confirmation dialog will appear. Click Remove.
---------------------------------------------------
Farbar Recovery Scan Tool - Fix
  • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
    Start::
    CreateRestorePoint:
    EmptyTemp:
    CloseProcesses:
    HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [7514200 2019-06-04] (LAVASOFT SOFTWARE CANADA INC -> Lavasoft)
    HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\...\MountPoints2: {50974999-c377-11e8-902e-cc2f713c3939} - "G:\HiSuiteDownLoader.exe" 
    HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\...\Winlogon: [Shell] %comspec% <==== ATTENTION
    HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\...\Command Processor: @mode 20,5 & tasklist /FI "IMAGENAME eq SoundMixer.exe" 2>NUL | find /I /N "SoundMixer.exe">NUL && exit & if exist "C:\Users\ming2\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" ( start /MIN "" "C:\Users\ming2\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" & tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) else ( tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) <==== ATTENTION
    Task: {51AA5708-444E-4433-9E59-845FA6260DB5} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION
    Task: {AA4B18E6-C73D-4DA8-9B50-CD9D5322B38F} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost <==== ATTENTION
    HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10440__180225
    SearchScopes: HKU\S-1-5-21-3589471471-3968619273-1564904599-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-3589471471-3968619273-1564904599-1001 -> {993F5746-4C15-42BC-99C1-064A1764271B} URL = hxxps://securesearch.org?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3589471471-3968619273-1564904599-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://za.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10440__180225__yaie&p={searchTerms}
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
    FF Homepage: Mozilla\Firefox\Profiles\crw27yce.default -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10440__180225
    FF NewTab: Mozilla\Firefox\Profiles\crw27yce.default -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10440__180225
    CHR HKLM\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj] - hxxps://clients2.google.com/service/update2/crx
    R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [28760 2019-06-04] (LAVASOFT SOFTWARE CANADA INC -> )
    S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [X]
    2019-02-19 21:50 - 2019-02-19 21:50 - 000000033 __RSH () C:\Program Files\8f82c851.log
    2019-02-19 21:50 - 2019-02-19 21:50 - 000000033 __RSH () C:\Program Files (x86)\8f82c851.log
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll -> No File
    ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll -> No File
    ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll -> No File
    ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll -> No File
    AlternateDataStreams: C:\Users\ming2\OneDrive\Documents\30May.docx:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [66]
    AlternateDataStreams: C:\Users\ming2\OneDrive\Documents\BitLord:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
    AlternateDataStreams: C:\Users\ming2\OneDrive\Documents\desktop.ini:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
    AlternateDataStreams: C:\Users\ming2\OneDrive\Documents\FeedbackHub:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [242]
    AlternateDataStreams: C:\Users\ming2\OneDrive\Documents\HiSuite:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
    AlternateDataStreams: C:\Users\ming2\OneDrive\Documents\IMG_20180705_0001.pdf:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [66]
    AlternateDataStreams: C:\Users\ming2\OneDrive\Documents\NEKO WORKs:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
    AlternateDataStreams: C:\Users\ming2\OneDrive\Documents\Sonic Studio:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [242]
    AlternateDataStreams: C:\Users\ming2\OneDrive\Documents\Subject Pronouns.docx:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [66]
    AlternateDataStreams: C:\Users\ming2\OneDrive\Documents\Target.docx:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [66]
    IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
    IE trusted site: HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\...\webcompanion.com -> hxxp://webcompanion.com
    FirewallRules: [UDP Query User{0E8728C3-2F54-41BD-A45C-CC02AF7C478C}C:\program files\eagle dynamics\dcs world\bin\dcs_updater.exe] => (Allow) C:\program files\eagle dynamics\dcs world\bin\dcs_updater.exe No File
    FirewallRules: [TCP Query User{F6315357-E8DA-482A-9104-88ADF1BD0D46}C:\program files\eagle dynamics\dcs world\bin\dcs_updater.exe] => (Allow) C:\program files\eagle dynamics\dcs world\bin\dcs_updater.exe No File
    FirewallRules: [UDP Query User{C55F163B-5134-4F51-805A-C91028974F6E}D:\mr dj\borderlands 2 goty\binaries\win32\borderlands2.exe] => (Allow) D:\mr dj\borderlands 2 goty\binaries\win32\borderlands2.exe No File
    FirewallRules: [TCP Query User{B82A8C95-BC7F-46D7-B374-CA781BC865CB}D:\mr dj\borderlands 2 goty\binaries\win32\borderlands2.exe] => (Allow) D:\mr dj\borderlands 2 goty\binaries\win32\borderlands2.exe No File
    FirewallRules: [{13E6CAC0-DDA6-4514-89DC-6E5FC18611CB}] => (Allow) C:\Program Files\Unigine\Superposition Benchmark\bin\superposition.exe No File
    FirewallRules: [{84009250-907C-4A14-836D-3AB1E4FFC8FE}] => (Allow) C:\Program Files\Unigine\Superposition Benchmark\bin\superposition.exe No File
    FirewallRules: [{7A3A8EEB-B174-46D8-8130-4D1338882F0E}] => (Allow) C:\Program Files\Unigine\Superposition Benchmark\bin\launcher.exe No File
    FirewallRules: [{06660CDF-72D6-443C-AC19-83455485C272}] => (Allow) C:\Program Files\Unigine\Superposition Benchmark\bin\launcher.exe No File
    FirewallRules: [{EE09B5F9-FC86-45B5-B3AD-AA85F313F8C2}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe No File
    FirewallRules: [{31865CEB-B47C-433C-8636-1488907DD011}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe No File
    FirewallRules: [{C843B669-F203-4844-8798-A375DDE1B4E2}] => (Allow) C:\Program Files (x86)\Mr DJ\The Elder Scrolls V Skyrim Legendary Edition\SkyrimLauncher.exe No File
    FirewallRules: [{56749A80-AAF9-486B-ABCD-E73BD6423F44}] => (Allow) C:\Program Files (x86)\Mr DJ\The Elder Scrolls V Skyrim Legendary Edition\SkyrimLauncher.exe No File
    FirewallRules: [{A4CD322F-5C77-4D39-87AA-3EEA4AD8A9A4}] => (Allow) C:\Program Files\CyberLink\PowerDirector12\PDR10.EXE No File
    FirewallRules: [{C0234DFB-B07E-4D86-9E5A-0101D81504CA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe No File
    FirewallRules: [{D54C3B53-FCA8-4D39-87E5-832A36B03342}] => (Allow) C:\Program Files (x86)\BitLord\BitLord.exe No File
    FirewallRules: [{66EBFDCC-65DE-4494-BB3D-262AD9363E70}] => (Allow) C:\Program Files (x86)\BitLord\BitLord.exe No File
    FirewallRules: [{E8EC61F2-596F-4403-90AA-9EBB05C72BF2}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File
    FirewallRules: [{D8D99F69-79D5-46B8-9CAB-9FF1CB1D63F3}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File
    FirewallRules: [TCP Query User{6210528D-25F5-4C63-8DC9-961048E48505}D:\dcs world\bin\dcs_updater.exe] => (Allow) D:\dcs world\bin\dcs_updater.exe No File
    FirewallRules: [UDP Query User{E89FF2DC-A17A-4F16-BFB2-FC12B0023046}D:\dcs world\bin\dcs_updater.exe] => (Allow) D:\dcs world\bin\dcs_updater.exe No File
    FirewallRules: [TCP Query User{C7493074-35F5-4CB3-92BD-1D884FA36C0A}C:\users\ming2\onedrive\desktop\x64\slimerancher.exe] => (Allow) C:\users\ming2\onedrive\desktop\x64\slimerancher.exe No File
    FirewallRules: [UDP Query User{28A03C43-699D-402C-87AC-B285392FD0A6}C:\users\ming2\onedrive\desktop\x64\slimerancher.exe] => (Allow) C:\users\ming2\onedrive\desktop\x64\slimerancher.exe No File
    FirewallRules: [{D7FF6BFF-713E-4C42-BC56-718DDA41BC58}] => (Allow) D:\STM\bin\cef\cef.win7\steamwebhelper.exe No File
    FirewallRules: [{964AA79D-3C81-485E-8898-82A9CE6AE2F4}] => (Allow) D:\STM\bin\cef\cef.win7\steamwebhelper.exe No File
    FirewallRules: [TCP Query User{BA6CF46C-E386-4B82-BFC7-BDF6869C36A4}D:\subnautica.repack-kaos\subnautica.exe] => (Allow) D:\subnautica.repack-kaos\subnautica.exe No File
    FirewallRules: [UDP Query User{8598CEB1-6328-457E-B451-258B9C028E3A}D:\subnautica.repack-kaos\subnautica.exe] => (Allow) D:\subnautica.repack-kaos\subnautica.exe No File
    FirewallRules: [TCP Query User{A6AD5D45-4092-4BD5-BE08-EE02951F4EB4}D:\subnautica.below.zero.update.08.03.2019\subnautica.below.zero\subnauticazero.exe] => (Allow) D:\subnautica.below.zero.update.08.03.2019\subnautica.below.zero\subnauticazero.exe No File
    FirewallRules: [UDP Query User{9815F55C-FD9D-4161-8F77-A0CB06304AAE}D:\subnautica.below.zero.update.08.03.2019\subnautica.below.zero\subnauticazero.exe] => (Allow) D:\subnautica.below.zero.update.08.03.2019\subnautica.below.zero\subnauticazero.exe No File
    FirewallRules: [TCP Query User{704E49F9-9E92-463F-90D7-8925583EA80A}D:\farming simulator 19\x64\farmingsimulator2019game.exe] => (Block) D:\farming simulator 19\x64\farmingsimulator2019game.exe No File
    FirewallRules: [UDP Query User{8FB7A11A-B6E3-4937-807A-888D35D6C735}D:\farming simulator 19\x64\farmingsimulator2019game.exe] => (Block) D:\farming simulator 19\x64\farmingsimulator2019game.exe No File
    C:\Program Files (x86)\Lavasoft
    C:\Users\ming2\AppData\Roaming\Microsoft\SoundMixer
    VirusTotal: C:\Utilman.exe
    CMD: Bitsadmin /Reset /Allusers
    End::
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.
---------------------------------------------------
AdwCleaner

Download AdwCleaner and save it to your desktop.
  • Right-click on the AdwCleaner icon and select Run as Administrator
  • Accept the EULA (I agree), then click on Scan.
  • When the scan is complete, click View Scan Log File. (Don't click the Clean and Repair button yet)
  • The scan log will open in Notepad.
  • Copy and paste its contents into your next reply.
  • Note: The log is also saved to C:\AdwCleaner\Logs\AdwCleaner[Sxx].txt
---------------------------------------------------

In your next reply, please include:
  • Fixlog.txt
  • AdwCleaner[Sxx].txt
  • Let me know how the computer is doing.

  • 0

#6
PancakeOfSteel

PancakeOfSteel

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

Hello, iMacg3, here is the information you have requested.

 

   -The problem with startupchecklibrary.dll has been fixed

   -The problem with the Command prompt has been fixed

   -The problem with the error Code: 0x80070424 persists

 

 

Fixlog.txt:

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-07-2019 01
Ran by ming2 (15-07-2019 23:23:06) Run:1
Running from C:\Users\ming2\Downloads
Loaded Profiles: ming2 (Available Profiles: ming2 & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [7514200 2019-06-04] (LAVASOFT SOFTWARE CANADA INC -> Lavasoft)
HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\...\MountPoints2: {50974999-c377-11e8-902e-cc2f713c3939} - "G:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\...\Winlogon: [Shell] %comspec% <==== ATTENTION
HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\...\Command Processor: @mode 20,5 & tasklist /FI "IMAGENAME eq SoundMixer.exe" 2>NUL | find /I /N "SoundMixer.exe">NUL && exit & if exist "C:\Users\ming2\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" ( start /MIN "" "C:\Users\ming2\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" & tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) else ( tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) <==== ATTENTION
Task: {51AA5708-444E-4433-9E59-845FA6260DB5} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION
Task: {AA4B18E6-C73D-4DA8-9B50-CD9D5322B38F} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost <==== ATTENTION
HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10440__180225
SearchScopes: HKU\S-1-5-21-3589471471-3968619273-1564904599-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3589471471-3968619273-1564904599-1001 -> {993F5746-4C15-42BC-99C1-064A1764271B} URL = hxxps://securesearch.org?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3589471471-3968619273-1564904599-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://za.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10440__180225__yaie&p={searchTerms}
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
FF Homepage: Mozilla\Firefox\Profiles\crw27yce.default -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10440__180225
FF NewTab: Mozilla\Firefox\Profiles\crw27yce.default -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10440__180225
CHR HKLM\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj] - hxxps://clients2.google.com/service/update2/crx
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [28760 2019-06-04] (LAVASOFT SOFTWARE CANADA INC -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [X]
2019-02-19 21:50 - 2019-02-19 21:50 - 000000033 __RSH () C:\Program Files\8f82c851.log
2019-02-19 21:50 - 2019-02-19 21:50 - 000000033 __RSH () C:\Program Files (x86)\8f82c851.log
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll -> No File
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll -> No File
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll -> No File
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll -> No File
AlternateDataStreams: C:\Users\ming2\OneDrive\Documents\30May.docx:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [66]
AlternateDataStreams: C:\Users\ming2\OneDrive\Documents\BitLord:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\ming2\OneDrive\Documents\desktop.ini:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\ming2\OneDrive\Documents\FeedbackHub:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [242]
AlternateDataStreams: C:\Users\ming2\OneDrive\Documents\HiSuite:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\ming2\OneDrive\Documents\IMG_20180705_0001.pdf:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [66]
AlternateDataStreams: C:\Users\ming2\OneDrive\Documents\NEKO WORKs:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\ming2\OneDrive\Documents\Sonic Studio:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [242]
AlternateDataStreams: C:\Users\ming2\OneDrive\Documents\Subject Pronouns.docx:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [66]
AlternateDataStreams: C:\Users\ming2\OneDrive\Documents\Target.docx:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [66]
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\...\webcompanion.com -> hxxp://webcompanion.com
FirewallRules: [UDP Query User{0E8728C3-2F54-41BD-A45C-CC02AF7C478C}C:\program files\eagle dynamics\dcs world\bin\dcs_updater.exe] => (Allow) C:\program files\eagle dynamics\dcs world\bin\dcs_updater.exe No File
FirewallRules: [TCP Query User{F6315357-E8DA-482A-9104-88ADF1BD0D46}C:\program files\eagle dynamics\dcs world\bin\dcs_updater.exe] => (Allow) C:\program files\eagle dynamics\dcs world\bin\dcs_updater.exe No File
FirewallRules: [UDP Query User{C55F163B-5134-4F51-805A-C91028974F6E}D:\mr dj\borderlands 2 goty\binaries\win32\borderlands2.exe] => (Allow) D:\mr dj\borderlands 2 goty\binaries\win32\borderlands2.exe No File
FirewallRules: [TCP Query User{B82A8C95-BC7F-46D7-B374-CA781BC865CB}D:\mr dj\borderlands 2 goty\binaries\win32\borderlands2.exe] => (Allow) D:\mr dj\borderlands 2 goty\binaries\win32\borderlands2.exe No File
FirewallRules: [{13E6CAC0-DDA6-4514-89DC-6E5FC18611CB}] => (Allow) C:\Program Files\Unigine\Superposition Benchmark\bin\superposition.exe No File
FirewallRules: [{84009250-907C-4A14-836D-3AB1E4FFC8FE}] => (Allow) C:\Program Files\Unigine\Superposition Benchmark\bin\superposition.exe No File
FirewallRules: [{7A3A8EEB-B174-46D8-8130-4D1338882F0E}] => (Allow) C:\Program Files\Unigine\Superposition Benchmark\bin\launcher.exe No File
FirewallRules: [{06660CDF-72D6-443C-AC19-83455485C272}] => (Allow) C:\Program Files\Unigine\Superposition Benchmark\bin\launcher.exe No File
FirewallRules: [{EE09B5F9-FC86-45B5-B3AD-AA85F313F8C2}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{31865CEB-B47C-433C-8636-1488907DD011}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{C843B669-F203-4844-8798-A375DDE1B4E2}] => (Allow) C:\Program Files (x86)\Mr DJ\The Elder Scrolls V Skyrim Legendary Edition\SkyrimLauncher.exe No File
FirewallRules: [{56749A80-AAF9-486B-ABCD-E73BD6423F44}] => (Allow) C:\Program Files (x86)\Mr DJ\The Elder Scrolls V Skyrim Legendary Edition\SkyrimLauncher.exe No File
FirewallRules: [{A4CD322F-5C77-4D39-87AA-3EEA4AD8A9A4}] => (Allow) C:\Program Files\CyberLink\PowerDirector12\PDR10.EXE No File
FirewallRules: [{C0234DFB-B07E-4D86-9E5A-0101D81504CA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe No File
FirewallRules: [{D54C3B53-FCA8-4D39-87E5-832A36B03342}] => (Allow) C:\Program Files (x86)\BitLord\BitLord.exe No File
FirewallRules: [{66EBFDCC-65DE-4494-BB3D-262AD9363E70}] => (Allow) C:\Program Files (x86)\BitLord\BitLord.exe No File
FirewallRules: [{E8EC61F2-596F-4403-90AA-9EBB05C72BF2}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File
FirewallRules: [{D8D99F69-79D5-46B8-9CAB-9FF1CB1D63F3}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File
FirewallRules: [TCP Query User{6210528D-25F5-4C63-8DC9-961048E48505}D:\dcs world\bin\dcs_updater.exe] => (Allow) D:\dcs world\bin\dcs_updater.exe No File
FirewallRules: [UDP Query User{E89FF2DC-A17A-4F16-BFB2-FC12B0023046}D:\dcs world\bin\dcs_updater.exe] => (Allow) D:\dcs world\bin\dcs_updater.exe No File
FirewallRules: [TCP Query User{C7493074-35F5-4CB3-92BD-1D884FA36C0A}C:\users\ming2\onedrive\desktop\x64\slimerancher.exe] => (Allow) C:\users\ming2\onedrive\desktop\x64\slimerancher.exe No File
FirewallRules: [UDP Query User{28A03C43-699D-402C-87AC-B285392FD0A6}C:\users\ming2\onedrive\desktop\x64\slimerancher.exe] => (Allow) C:\users\ming2\onedrive\desktop\x64\slimerancher.exe No File
FirewallRules: [{D7FF6BFF-713E-4C42-BC56-718DDA41BC58}] => (Allow) D:\STM\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{964AA79D-3C81-485E-8898-82A9CE6AE2F4}] => (Allow) D:\STM\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [TCP Query User{BA6CF46C-E386-4B82-BFC7-BDF6869C36A4}D:\subnautica.repack-kaos\subnautica.exe] => (Allow) D:\subnautica.repack-kaos\subnautica.exe No File
FirewallRules: [UDP Query User{8598CEB1-6328-457E-B451-258B9C028E3A}D:\subnautica.repack-kaos\subnautica.exe] => (Allow) D:\subnautica.repack-kaos\subnautica.exe No File
FirewallRules: [TCP Query User{A6AD5D45-4092-4BD5-BE08-EE02951F4EB4}D:\subnautica.below.zero.update.08.03.2019\subnautica.below.zero\subnauticazero.exe] => (Allow) D:\subnautica.below.zero.update.08.03.2019\subnautica.below.zero\subnauticazero.exe No File
FirewallRules: [UDP Query User{9815F55C-FD9D-4161-8F77-A0CB06304AAE}D:\subnautica.below.zero.update.08.03.2019\subnautica.below.zero\subnauticazero.exe] => (Allow) D:\subnautica.below.zero.update.08.03.2019\subnautica.below.zero\subnauticazero.exe No File
FirewallRules: [TCP Query User{704E49F9-9E92-463F-90D7-8925583EA80A}D:\farming simulator 19\x64\farmingsimulator2019game.exe] => (Block) D:\farming simulator 19\x64\farmingsimulator2019game.exe No File
FirewallRules: [UDP Query User{8FB7A11A-B6E3-4937-807A-888D35D6C735}D:\farming simulator 19\x64\farmingsimulator2019game.exe] => (Block) D:\farming simulator 19\x64\farmingsimulator2019game.exe No File
C:\Program Files (x86)\Lavasoft
C:\Users\ming2\AppData\Roaming\Microsoft\SoundMixer
VirusTotal: C:\Utilman.exe
CMD: Bitsadmin /Reset /Allusers
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
"HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Web Companion" => removed successfully
HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50974999-c377-11e8-902e-cc2f713c3939} => removed successfully
HKLM\Software\Classes\CLSID\{50974999-c377-11e8-902e-cc2f713c3939} => not found
"HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell" => removed successfully
"HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\Software\Microsoft\Command Processor\\AutoRun" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{51AA5708-444E-4433-9E59-845FA6260DB5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51AA5708-444E-4433-9E59-845FA6260DB5}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\StartupCheckLibrary" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AA4B18E6-C73D-4DA8-9B50-CD9D5322B38F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA4B18E6-C73D-4DA8-9B50-CD9D5322B38F}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\WDI\SrvHost => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WDI\SrvHost" => removed successfully
HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
"HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{993F5746-4C15-42BC-99C1-064A1764271B} => removed successfully
HKLM\Software\Classes\CLSID\{993F5746-4C15-42BC-99C1-064A1764271B} => not found
HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353} => removed successfully
HKLM\Software\Classes\CLSID\{C0C3A6C6-03BC-4195-8FCB-AEA091301353} => not found
HKLM\Software\Classes\PROTOCOLS\Handler\sacore => removed successfully
HKLM\Software\Classes\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => removed successfully
"Firefox homepage" => removed successfully
"Firefox newtab" => removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\nladljmabboanhihfkjacnnkgjhnokhj => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nladljmabboanhihfkjacnnkgjhnokhj => removed successfully
WCAssistantService => service not found.
HKLM\System\CurrentControlSet\Services\EasyAntiCheat => removed successfully
EasyAntiCheat => service removed successfully
C:\Program Files\8f82c851.log => moved successfully
C:\Program Files (x86)\8f82c851.log => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\avast => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\avast => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
C:\Users\ming2\OneDrive\Documents\30May.docx => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS removed successfully
C:\Users\ming2\OneDrive\Documents\BitLord => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS removed successfully
C:\Users\ming2\OneDrive\Documents\desktop.ini => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS removed successfully
C:\Users\ming2\OneDrive\Documents\FeedbackHub => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS removed successfully
C:\Users\ming2\OneDrive\Documents\HiSuite => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS removed successfully
C:\Users\ming2\OneDrive\Documents\IMG_20180705_0001.pdf => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS removed successfully
C:\Users\ming2\OneDrive\Documents\NEKO WORKs => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS removed successfully
C:\Users\ming2\OneDrive\Documents\Sonic Studio => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS removed successfully
C:\Users\ming2\OneDrive\Documents\Subject Pronouns.docx => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS removed successfully
C:\Users\ming2\OneDrive\Documents\Target.docx => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => removed successfully
HKU\S-1-5-21-3589471471-3968619273-1564904599-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0E8728C3-2F54-41BD-A45C-CC02AF7C478C}C:\program files\eagle dynamics\dcs world\bin\dcs_updater.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F6315357-E8DA-482A-9104-88ADF1BD0D46}C:\program files\eagle dynamics\dcs world\bin\dcs_updater.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C55F163B-5134-4F51-805A-C91028974F6E}D:\mr dj\borderlands 2 goty\binaries\win32\borderlands2.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B82A8C95-BC7F-46D7-B374-CA781BC865CB}D:\mr dj\borderlands 2 goty\binaries\win32\borderlands2.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{13E6CAC0-DDA6-4514-89DC-6E5FC18611CB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{84009250-907C-4A14-836D-3AB1E4FFC8FE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7A3A8EEB-B174-46D8-8130-4D1338882F0E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{06660CDF-72D6-443C-AC19-83455485C272}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EE09B5F9-FC86-45B5-B3AD-AA85F313F8C2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{31865CEB-B47C-433C-8636-1488907DD011}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C843B669-F203-4844-8798-A375DDE1B4E2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{56749A80-AAF9-486B-ABCD-E73BD6423F44}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A4CD322F-5C77-4D39-87AA-3EEA4AD8A9A4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C0234DFB-B07E-4D86-9E5A-0101D81504CA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D54C3B53-FCA8-4D39-87E5-832A36B03342}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{66EBFDCC-65DE-4494-BB3D-262AD9363E70}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E8EC61F2-596F-4403-90AA-9EBB05C72BF2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D8D99F69-79D5-46B8-9CAB-9FF1CB1D63F3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6210528D-25F5-4C63-8DC9-961048E48505}D:\dcs world\bin\dcs_updater.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E89FF2DC-A17A-4F16-BFB2-FC12B0023046}D:\dcs world\bin\dcs_updater.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C7493074-35F5-4CB3-92BD-1D884FA36C0A}C:\users\ming2\onedrive\desktop\x64\slimerancher.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{28A03C43-699D-402C-87AC-B285392FD0A6}C:\users\ming2\onedrive\desktop\x64\slimerancher.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D7FF6BFF-713E-4C42-BC56-718DDA41BC58}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{964AA79D-3C81-485E-8898-82A9CE6AE2F4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{BA6CF46C-E386-4B82-BFC7-BDF6869C36A4}D:\subnautica.repack-kaos\subnautica.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8598CEB1-6328-457E-B451-258B9C028E3A}D:\subnautica.repack-kaos\subnautica.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A6AD5D45-4092-4BD5-BE08-EE02951F4EB4}D:\subnautica.below.zero.update.08.03.2019\subnautica.below.zero\subnauticazero.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{9815F55C-FD9D-4161-8F77-A0CB06304AAE}D:\subnautica.below.zero.update.08.03.2019\subnautica.below.zero\subnauticazero.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{704E49F9-9E92-463F-90D7-8925583EA80A}D:\farming simulator 19\x64\farmingsimulator2019game.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8FB7A11A-B6E3-4937-807A-888D35D6C735}D:\farming simulator 19\x64\farmingsimulator2019game.exe" => removed successfully
C:\Program Files (x86)\Lavasoft => moved successfully
C:\Users\ming2\AppData\Roaming\Microsoft\SoundMixer => moved successfully
VirusTotal: C:\Utilman.exe => https://www.virustot...sis/1561012696/
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0
BITS administration utility.
© Copyright Microsoft Corp.
 
Unable to cancel {9465DF48-E212-4822-9D69-F7808E30CE0C}.
0 out of 1 jobs canceled.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 216964897 B
Java, Flash, Steam htmlcache => 110033439 B
Windows/system/drivers => 599478 B
Edge => 14344449 B
Chrome => 238893370 B
Firefox => 80091083 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 66922 B
LocalService => 0 B
NetworkService => 6110048 B
NetworkService => 0 B
ming2 => 12715304 B
Administrator => 23895 B
 
RecycleBin => 14179505890 B
EmptyTemp: => 13.8 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 23:24:22 ====

 

 

 

 

 

 

AdwCleaner[S00].txt:

 

 

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-06-28.1 (Cloud)
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    07-15-2019
# Duration: 00:00:11
# OS:       Windows 10 Home Single Language
# Scanned:  27557
# Detected: 12
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
PUP.Optional.ProductSetup.A     HKCU\Software\PRODUCTSETUP
PUP.Optional.SearchManager      HKCU\Software\ProductSetup\Uninstall\0S1P1T1C1R1MtT0P1C1F2X1L1Q1P1QtT1S2UtT0Y1T1M1F1F
PUP.Optional.WarThunder         HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\warthunder.com
PUP.Optional.WarThunder         HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\warthunder.com
PUP.Optional.WebCompanion       HKCU\Software\Lavasoft\Web Companion
PUP.Optional.WebCompanion       HKLM\SYSTEM\Setup\FirstBoot\Services\WCAssistantService
PUP.Optional.WebCompanion       HKLM\Software\Wow6432Node\Lavasoft\Web Companion
 
***** [ Chromium (and derivatives) ] *****
 
PUP.Optional.DefaultSearch.ShrtCln Adaware Secure Search
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries found.
 
***** [ Firefox URLs ] *****
 
PUP.Optional.Legacy             api.bing.com
PUP.Optional.Legacy             api.bing.com
PUP.Optional.Legacy             api.bing.com
 
 
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

  • 0

#7
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 555 posts
Hi PancakeOfSteel,

---------------------------------------------------
AdwCleaner - Clean
  • Double-click the AdwCleaner icon to run it.
  • Press the Scan button.
  • When the scan is complete, ensure that all the listed items are checked and click Clean and Repair.
  • Select Clean & Restart Now. AdwCleaner will restart the computer to complete the cleaning process.
  • After the restart, an AdwCleaner window will open. Select View Log File.
  • The scan log will open in Notepad.
  • Copy and paste its contents into your next reply.
  • Note: The log is also saved to C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt
---------------------------------------------------
ESET Online Scanner

Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.
---------------------------------------------------

In your next reply, please include:
  • AdwCleaner[Cxx].txt
  • eset.txt

  • 0

#8
PancakeOfSteel

PancakeOfSteel

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

Hi again, iMacg3, here are the files:

 

AdwCleaner[C01].txt:

 

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-07-15.1 (Cloud)
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    07-16-2019
# Duration: 00:00:01
# OS:       Windows 10 Home Single Language
# Cleaned:  9
# Failed:   3
 
 
***** [ Services ] *****
 
No malicious services cleaned.
 
***** [ Folders ] *****
 
No malicious folders cleaned.
 
***** [ Files ] *****
 
No malicious files cleaned.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks cleaned.
 
***** [ Registry ] *****
 
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\warthunder.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\warthunder.com
Deleted       HKCU\Software\Lavasoft\Web Companion
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted       HKCU\Software\PRODUCTSETUP
Deleted       HKCU\Software\ProductSetup\Uninstall\0S1P1T1C1R1MtT0P1C1F2X1L1Q1P1QtT1S2UtT0Y1T1M1F1F
Deleted       HKLM\SYSTEM\Setup\FirstBoot\Services\WCAssistantService
Deleted       HKLM\Software\Wow6432Node\Lavasoft\Web Companion
 
***** [ Chromium (and derivatives) ] *****
 
Deleted       Adaware Secure Search
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs cleaned.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries cleaned.
 
***** [ Firefox URLs ] *****
 
Not Deleted   api.bing.com
Not Deleted   api.bing.com
Not Deleted   api.bing.com
 
 
*************************
 
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
AdwCleaner[S00].txt - [2355 octets] - [15/07/2019 23:30:46]
AdwCleaner[S01].txt - [2416 octets] - [16/07/2019 17:26:40]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
 
 
 
 
 
 
 
eset.txt:
 
 
 
2019/07/16 18:49:36
Files scanned: 444942
Infected files: 6
Cleaned threats: 6
Total scan time 01:04:01
Scan status: Finished
 
 
C:\FRST\Quarantine\C\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll a variant of MSIL/WebCompanion.D potentially unwanted application cleaned by deleting
C:\FRST\Quarantine\C\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe a variant of MSIL/WebCompanion.D potentially unwanted application cleaned by deleting
C:\FRST\Quarantine\C\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe a variant of MSIL/WebCompanion.D potentially unwanted application cleaned by deleting
C:\FRST\Quarantine\C\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe a variant of MSIL/WebCompanion.C potentially unwanted application cleaned by deleting
C:\Program Files (x86)\ASUS\GameFirst IV\nfapi.dll a variant of Win32/NetFilter.A potentially unsafe application cleaned by deleting
C:\Windows\System32\winscomrssrv.dll Win64/Agent.NK trojan cleaned by deleting
 
Thanks again.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP