Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trying to Clean Up a friend's computer


  • Please log in to reply

#16
Yisroel

Yisroel

    GeekU Senior

  • GeekU Senior
  • 1,085 posts

Hi moondog830,

All is going in a great direction. We've cleaned up all the stuff, let's do some additional scans to make sure we're good and then we could declare it all clean!

JHlUMFt.png 1 - Scan with Malwarebytes

  • Download Malwarebytes to your Desktop
  • Double-click the file to open it. Install the program.
  • Follow the instruction given on screen.
  • Once installed, launch Malwarebytes from your Desktop.
  • Click Settings>Protection
  • Make sure that "scan for rootkits" option under Scan Options is On
    0zTZMPO.png
  • Go back to Dashboard and click the big, blue Scan Now button.
  • Wait for Malwarebytes to finish the scan
  • If the program will detect anything it will list it in the Scan Results window. Click Quarantine Selected. The program might want to reboot the system. Allow it if it wants to.
  • Once the deletion is done (or after reboot) go to Reports, select the latest Scan Log.
  • Click View Report, then click Export then click Copy to Clipboard.
  • Paste (CTRL+V) the log into your next reply.

ESETOnline.png 2 - Scan with ESET Online Scanner

Download ESET Online Scanner and save it to your desktop.

  • Temporarily disable your antivrus protection: Right-click on the avast! icon in system tray, Select avast! shields control and choose the option to disable avast permenetly.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Re-enable the Avast antivrus by Right-clicking on the avast! icon in system tray and in the avast! shields control choose to enable.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

  • 0

Advertisements


#17
moondog830

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 690 posts
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 9/15/19
Scan Time: 10:03 AM
Log File: 9a158906-d7c1-11e9-a7d8-2c59e5a50239.json
 
-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.625
Update Package Version: 1.0.12485
License: Trial
 
-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Newman-HP-2000\Harvey
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 230786
Threats Detected: 14
Threats Quarantined: 14
Time Elapsed: 14 min, 59 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 4
PUP.Optional.Jawego, HKLM\SOFTWARE\QXV0by1QQy1DbGVhbmVyMjAxOQ==, Quarantined, [629], [534889],1.0.12485
PUP.Optional.GoodGame, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Goodgame Empire0, Quarantined, [3893], [597957],1.0.12485
PUP.Optional.GoodGame, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Goodgame Empire1, Quarantined, [3893], [597957],1.0.12485
PUP.Optional.GoodGame, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Goodgame Empire2, Quarantined, [3893], [597957],1.0.12485
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 10
Generic.Malware/Suspicious, C:\USERS\HARVEY\DOWNLOADS\HPSET_2017.11.14.02.EXE, Quarantined, [0], [392686],1.0.12485
PUP.Optional.WinZipMalwareProtector, C:\USERS\HARVEY\DOWNLOADS\WZMP_24 (1).EXE, Quarantined, [12885], [627246],1.0.12485
PUP.Optional.DriverReviver, C:\USERS\HARVEY\DOWNLOADS\DRIVERREVIVERSETUP_PPC4 (2).EXE, Quarantined, [4223], [462815],1.0.12485
Generic.Malware/Suspicious, C:\USERS\HARVEY\APPDATA\LOCAL\YAHOO\YSET\WEBEXT_DL.EXE, Quarantined, [0], [392686],1.0.12485
PUP.Optional.MindSpark, C:\USERS\HARVEY\DESKTOP\TRACE, Quarantined, [649], [301125],1.0.12485
PUP.Optional.WinZipMalwareProtector, C:\USERS\HARVEY\DOWNLOADS\WZMP_24.EXE, Quarantined, [12885], [627246],1.0.12485
PUP.Optional.DriverReviver, C:\USERS\HARVEY\DOWNLOADS\DRIVERREVIVERSETUP_PPC4 (3).EXE, Quarantined, [4223], [462815],1.0.12485
Generic.Malware/Suspicious, C:\USERS\HARVEY\DOWNLOADS\HPSET_2018.06.28.01.EXE, Quarantined, [0], [392686],1.0.12485
PUP.Optional.DriverReviver, C:\USERS\HARVEY\DOWNLOADS\DRIVERREVIVERSETUP_PPC4 (1).EXE, Quarantined, [4223], [462815],1.0.12485
PUP.Optional.DriverReviver, C:\USERS\HARVEY\DOWNLOADS\DRIVERREVIVERSETUP_PPC4.EXE, Quarantined, [4223], [462815],1.0.12485
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)
 
9/15/2019 19:41:35 PM
Files scanned: 224895
Infected files: 29
Cleaned threats: 27
Total scan time 01:55:46
Scan status: Finished
C:\AdwCleaner\Quarantine\v1\20190911.204017\25\WinZip Driver Updater\trz2051.tmp#A4472C1BCB3DE19F a variant of Win64/DriverReviver.A potentially unwanted application cleaned by deleting
 
C:\AdwCleaner\Quarantine\v1\20190911.204017\38\AUTO-PC-CLEANER2019 FOR NEWMAN-HP-2000\offers\a_p_t.exe#290F1B6600FB1A53 a variant of MSIL/GT32SupportGeeks.O potentially unwanted application cleaned by deleting
 
C:\AdwCleaner\Quarantine\v1\20190911.204017\54\RelevantKnowledge\rlservice.exe#08C012A6341A81BC a variant of Win32/Adware.RK application cleaned by deleting
 
C:\FRST\Quarantine\C\Program Files (x86)\DigitalTrailEHF\ie.exe a variant of Win32/Adware.OpenSUpdater.DQ application cleaned by deleting
 
C:\Program Files\AVAST Software\Avast\setup\aswOfferTool.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application error while deleting (Access denied)
 
C:\Program Files\AVAST Software\Avast\setup\offertool_x64_ais-954.vpx Win32/Bundled.Toolbar.Google.D potentially unsafe application error while deleting (Access denied)
 
C:\Program Files (x86)\Internet Explorer\00003467.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting
 
C:\Program Files (x86)\Internet Explorer\00021963.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting
 
C:\Program Files (x86)\Internet Explorer\00025953.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting
 
C:\Users\Harvey\AppData\Local\Facebook\Games\00000805.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting
 
C:\Users\Harvey\AppData\Local\Facebook\Games\00001313.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting
 
C:\Users\Harvey\AppData\Local\Facebook\Games\00004801.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting
 
C:\Users\Harvey\AppData\Local\Facebook\Games\00005824.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting
 
C:\Users\Harvey\AppData\Local\Facebook\Games\00007022.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting
 
C:\Users\Harvey\AppData\Local\Facebook\Games\00008516.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting
 
C:\Users\Harvey\AppData\Local\Facebook\Games\00010943.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting
 
C:\Users\Harvey\AppData\Local\Facebook\Games\00015911.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting
 
C:\Users\Harvey\AppData\Local\Facebook\Games\00017444.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting
 
C:\Users\Harvey\AppData\Local\Facebook\Games\00018643.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting
 
C:\Users\Harvey\AppData\Local\Facebook\Games\00018701.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting
 
C:\Users\Harvey\AppData\Local\Facebook\Games\00018721.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting
 
C:\Users\Harvey\AppData\Local\Facebook\Games\00018853.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting
 
C:\Users\Harvey\AppData\Local\Facebook\Games\00020228.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting
 
C:\Users\Harvey\AppData\Local\Facebook\Games\00020670.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting
 
C:\Users\Harvey\AppData\Local\Facebook\Games\00026114.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting
 
C:\Users\Harvey\AppData\Local\Facebook\Games\00027537.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting
 
C:\Users\Harvey\AppData\Local\Facebook\Games\00028251.tmp a variant of Win32/RiskWare.PEMalform.I application cleaned by deleting
 
C:\Users\Harvey\AppData\Local\Yahoo\yset\YSearchUtil.dll a variant of Win32/YahooSearch.C potentially unwanted application cleaned by deleting
 
C:\Users\Harvey\Downloads\hpset_2017.09.01.01.exe a variant of Win32/YahooSearch.C potentially unwanted application cleaned by deleting
 

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP