[nigella]

Apologies!!! Life has been busy Ive run the two processes you asked for I need to post them. The laptop has not been used since running them. I am hoping to post the log files this evening after Ive been to work thank you

[Advertisements]

[Satchfan]

[nigella]

mbam130120

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 13/01/2020
Scan Time: 02:07
Log File: 7c0f6350-35a9-11ea-a802-a0d3c1694068.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.629
Update Package Version: 1.0.14305
Licence: Trial

-System Information-
OS: Windows 10 (Build 15063.1387)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 289724
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 48 min, 35 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 1
PUP.Optional.MySearchDial, HKU\S-1-5-21-4036567448-3610357976-3683549566-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [120], [168579],1.0.14305

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

 

eset130120

 

13/01/2020 09:33:12
Files scanned: 327585
Detected files: 2
Cleaned files: 0
Total scan time 04:08:50
Scan status: Finished
C:\Program Files (x86)\AVG\Antivirus\setup\aswOfferTool.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application error while deleting (Access denied)

C:\Program Files (x86)\AVG\Antivirus\setup\offertool_x64_ais-c24.vpx Win32/Bundled.Toolbar.Google.D potentially unsafe application error while deleting (Access denied)

 

thank you for being so patient

[nigella]

mbam130120

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 13/01/2020
Scan Time: 02:07
Log File: 7c0f6350-35a9-11ea-a802-a0d3c1694068.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.629
Update Package Version: 1.0.14305
Licence: Trial

-System Information-
OS: Windows 10 (Build 15063.1387)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 289724
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 48 min, 35 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 1
PUP.Optional.MySearchDial, HKU\S-1-5-21-4036567448-3610357976-3683549566-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [120], [168579],1.0.14305

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

 

eset130120

 

13/01/2020 09:33:12
Files scanned: 327585
Detected files: 2
Cleaned files: 0
Total scan time 04:08:50
Scan status: Finished
C:\Program Files (x86)\AVG\Antivirus\setup\aswOfferTool.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application error while deleting (Access denied)

C:\Program Files (x86)\AVG\Antivirus\setup\offertool_x64_ais-c24.vpx Win32/Bundled.Toolbar.Google.D potentially unsafe application error while deleting (Access denied)

 

thank you for being so patient

[nigella]

mbam130120

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 13/01/2020
Scan Time: 02:07
Log File: 7c0f6350-35a9-11ea-a802-a0d3c1694068.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.629
Update Package Version: 1.0.14305
Licence: Trial

-System Information-
OS: Windows 10 (Build 15063.1387)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 289724
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 48 min, 35 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 1
PUP.Optional.MySearchDial, HKU\S-1-5-21-4036567448-3610357976-3683549566-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [120], [168579],1.0.14305

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

 

eset130120

 

13/01/2020 09:33:12
Files scanned: 327585
Detected files: 2
Cleaned files: 0
Total scan time 04:08:50
Scan status: Finished
C:\Program Files (x86)\AVG\Antivirus\setup\aswOfferTool.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application error while deleting (Access denied)

C:\Program Files (x86)\AVG\Antivirus\setup\offertool_x64_ais-c24.vpx Win32/Bundled.Toolbar.Google.D potentially unsafe application error while deleting (Access denied)

 

thank you for being so patient

[nigella]

I don't know what you mean. Have you forgotten your Windows password?

I had forgotten the windows password but I found a way to reset it but it involved renaming utilman to utilman1 and then renaming cmd to utilman but now windows will not allow me to rename them back. do you have any ideas as to how I can rename the files?

[Satchfan]

Is your account a local account or linked to your microsoft account?

==============================================

I didn't ask for a Malwarebytes log but when checking my last post, I posted the wrong 'fix' so please do the following:

Copy all text in the code box below and paste it into Notepad:

@echo off
del /f /s /q "C:\Program Files (x86)\AVG\Antivirus\setup\aswOfferTool.exe”
del /f /s /q “C:\Program Files (x86)\AVG\Antivirus\setup\offertool_x64_ais-c24.vpx”
del %0

• save the Notepad file to your desktop and name it delfiles.bat
• save type as All Files
• on your desktop, double-click on delfiles.bat to run it, (a black CMD window will flash, then disappear - this is normal).

The files/folders, if found, will have been deleted and the ‘delfile.bat’ file will also be deleted.

Please re-run Eset and post the results.

[Satchfan]

It has again been 3 days since I replied. Please answer in the next 24 hours.

 

If I don't hear from you, I'll assume all is now well and close the topic.

 

Satchfan

[nigella]

Sorry, life got in the way again, ill kick off the eset scan so it canrunwhile I'm at work

[Satchfan]

[nigella]

Eset log

 

22/01/2020 18:16:10
Files scanned: 476104
Detected files: 2
Cleaned files: 0
Total scan time 09:45:58
Scan status: Finished
C:\Program Files (x86)\AVG\Antivirus\setup\aswOfferTool.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application error while deleting (Access denied)

C:\Program Files (x86)\AVG\Antivirus\setup\offertool_x64_ais-c24.vpx Win32/Bundled.Toolbar.Google.D potentially unsafe application error while deleting (Access denied)

[Satchfan]

Let's try it in safe mode.

 

Again, disable AVG.

 

Start your computer in safe mode.

Copy all text in the code box below and paste it into Notepad:

@echo off
del /f /s /q "C:\Program Files (x86)\AVG\Antivirus\setup\aswOfferTool.exe”
del /f /s /q “C:\Program Files (x86)\AVG\Antivirus\setup\offertool_x64_ais-c24.vpx”
del %0

• save the Notepad file to your desktop and name it delfiles.bat
• save type as "All Files"
• on your desktop, double-click on delfiles.bat to run it, (a black CMD window will flash, then disappear - this is normal).

The files/folders, if found, will have been deleted and the "delfile.bat" file will also be deleted.

Please run Eset again and send the new log.

[nigella]

I ran eset after deleting files in safe mode but I don't have the log file so I am rerunning now

[Satchfan]

Thanks for the update.

 

To be honest, those are not a big problem and running Eset to get rid of them is a bit like using a hammer to crack a nut.

 

Almost everything found by AdwCleaner was AVG-related.

 

I would suggest that you uninstall AVG, which is not a reliable antivirus any more and brings adware an unwanted programmes bundles with it. Avast acquired AVG and neither one of those are what they used to be. Windows Defender is as good as you'll get on Windows 10. It's what I use, as do many of the malware removal team.

 

See https://www.bleeping...ndows-defender/

 

Please let me know what you decide to do and if there are any remaining problems.

 

Satchfan

[Satchfan]

Can you please answer the last post.

 

If I don't hear from you in 24 hours, I'll assume that all is OK and close the topic as 'solved'.

 

Satchfan