Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

winscomrssrv.dll and StartupCheckLibrary.dll [Solved]


  • This topic is locked This topic is locked

#1
spiramirabilis

spiramirabilis

    Member

  • Member
  • PipPip
  • 22 posts

Hi, I recently updated windows 10 and removed several threats using Windows Defender, and now when I turn on my laptop I get two error messages, 

 

"There was a problem starting wincomrssrv.dll

The specified module cannot be found"

 

and

 

"There was a problem starting StartupCheckLibrary.dll

The specified module cannot be found"

 

I noticed there is another thread from a user on this forum (icekite) who had the same error:

 

http://www.geekstogo...missing-solved/

 

The user (Dr M) who was assisting them advised them to run any Farbar Recovery Scan Tool logs by them, and not to take actions without their recommendation. I have made my own thread on this subject so that a knowledgeable user on this site can assist me in the same way.

 

Thank you


  • 0

Advertisements


#2
spiramirabilis

spiramirabilis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts

Sorry, I double-clicked on the button to post the thread and it has duplicated. Please reply in this thread and ignore the other one.


  • 0

#3
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,577 posts

Hello!
 
Welcome to GTG Forums! EPFGbk7.gif

Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.

If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe

  • Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.

(To attach the files, click on the More Reply Options at the bottom right of the reply area, and then choose Attach File)


  • 0

#4
spiramirabilis

spiramirabilis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts

Okay, here are the files

Attached Files


  • 0

#5
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,577 posts

Thank you.  :thumbsup: 
 

Please, adhere to the guidelines below, and if you agree with them, let me know. As soon as I have your agreement, I'll start the cleaning procedure. 

 

 

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.


  • 0

#6
spiramirabilis

spiramirabilis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts

Okay, no problem


  • 0

#7
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,577 posts

Great.

 

I'll be back to you in a couple of hours. 


  • 0

#8
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,577 posts

Here I am.
 
Let's begin.
 

1. Remove a Chrome extension

  • Open Chrome.
  • At the top right choose More (the three vertical dots) > More Tools > Extensions
  • Find AVG Secure Search, and remove it, clicking on Remove.
  • Confirm the action by clicking Remove once again.

This extension appear in both, the Default and the Profile 1 of your Chrome browser. 
 
 
2. FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2964040095-1466076873-307546714-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
FirewallRules: [{9DA19C3F-7562-46CB-9B04-8E0034598E2D}] => (Allow) C:\WINDOWS\system32\winrmsrv.exe => No File
FirewallRules: [{F137624A-DBE4-46D3-964B-CAFCAC7D2BA0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe => No File
FirewallRules: [{47E65306-9BFC-4229-B37E-2B2510380843}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe => No File
FirewallRules: [UDP Query User{9157C0EF-FEAB-4F90-AD1A-4C9A4C90B58D}C:\users\marie\downloads\disco.elysium.v29.09.2020-goldberg\disco elysium\disco.exe] => (Allow) C:\users\marie\downloads\disco.elysium.v29.09.2020-goldberg\disco elysium\disco.exe => No File
FirewallRules: [TCP Query User{E63FA332-9178-48B2-85CE-072DD3D2FB3E}C:\users\marie\downloads\disco.elysium.v29.09.2020-goldberg\disco elysium\disco.exe] => (Allow) C:\users\marie\downloads\disco.elysium.v29.09.2020-goldberg\disco elysium\disco.exe => No File
FirewallRules: [UDP Query User{35A67AAE-5964-4DAF-94FD-ED6B3E6C38B0}C:\program files (x86)\valve\half-life\hl.exe] => (Allow) C:\program files (x86)\valve\half-life\hl.exe => No File
FirewallRules: [TCP Query User{3B28BC87-997C-4D35-AB70-F2EF685087CB}C:\program files (x86)\valve\half-life\hl.exe] => (Allow) C:\program files (x86)\valve\half-life\hl.exe => No File
FirewallRules: [UDP Query User{94B5D445-BBDC-4368-A86C-FF8FDC0AE98A}C:\gog games\shadowrun hong kong extended edition\srhk.exe] => (Allow) C:\gog games\shadowrun hong kong extended edition\srhk.exe => No File
FirewallRules: [TCP Query User{F43788DE-83ED-4619-A9DB-C3896C4CED55}C:\gog games\shadowrun hong kong extended edition\srhk.exe] => (Allow) C:\gog games\shadowrun hong kong extended edition\srhk.exe => No File
FirewallRules: [{3D4BC587-495B-4263-AB71-ABDDA23EE4AA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe => No File
FirewallRules: [{0AB1A933-A620-4467-917C-22489567617F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe => No File
FirewallRules: [{04733B03-BD48-48FF-AF0F-B19548F69A5B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HatinTime\Binaries\Win64\HatinTimeGame.exe => No File
FirewallRules: [{149DB85A-30F1-4560-9D32-8693DFD5DC62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HatinTime\Binaries\Win64\HatinTimeGame.exe => No File
FirewallRules: [UDP Query User{C4B9FF35-0E9B-4828-83EB-CA37955AE3BF}C:\users\marie\downloads\iv.rar\isabella valentine\treegame\treegame.exe] => (Allow) C:\users\marie\downloads\iv.rar\isabella valentine\treegame\treegame.exe => No File
FirewallRules: [TCP Query User{94D0D0F1-6F42-48F2-B012-452E01595270}C:\users\marie\downloads\iv.rar\isabella valentine\treegame\treegame.exe] => (Allow) C:\users\marie\downloads\iv.rar\isabella valentine\treegame\treegame.exe => No File
FirewallRules: [{6D4C50A0-6DBD-44D4-B1BA-6F4D69A5269E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe => No File
FirewallRules: [{C72BC142-B600-4309-A656-DEE2DF738059}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe => No File
FirewallRules: [{D637D393-5EFB-4F68-9177-D5D9550CE17B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Doki Doki Literature Club\DDLC.exe => No File
FirewallRules: [{CBCEAF9A-5E51-4971-8AFA-58C185175D59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Doki Doki Literature Club\DDLC.exe => No File
FirewallRules: [{66E6AA2E-5208-4B0D-B878-E965F54BB1D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HatinTime\Binaries\Win64\HatinTimeGame.exe => No File
FirewallRules: [{0B52DA8F-076D-4935-B5FF-60023D6476DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HatinTime\Binaries\Win64\HatinTimeGame.exe => No File
FirewallRules: [{D4E0DB3B-D416-4425-807A-15033926880E}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe => No File
FirewallRules: [{59021CD3-CCF2-476D-9B39-C3D618DC40D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hylics\Game.exe => No File
FirewallRules: [{42F5F655-9A24-4A96-A613-C6F15056823D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hylics\Game.exe => No File
FirewallRules: [{F4D295AA-CBB4-4AD0-9744-A3266CEDF26B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe => No File
FirewallRules: [{DC3C219B-F2CD-4442-8B87-F42C4EF05C3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe => No File
FirewallRules: [{4BF7BB51-D08A-4713-844E-F538ED3AB544}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Resident Evil 4\Bin32\bio4.exe => No File
FirewallRules: [{71265262-6C56-4087-A472-C97A8BEDFE27}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Resident Evil 4\Bin32\bio4.exe => No File
FirewallRules: [UDP Query User{68A4B211-A6AD-4003-A5A0-ED5635EEC0F2}C:\users\marie\appdata\roaming\utorrent web\utweb.exe] => (Allow) C:\users\marie\appdata\roaming\utorrent web\utweb.exe => No File
FirewallRules: [TCP Query User{C1ECB21B-D5C9-49F7-8470-C20739FDC21E}C:\users\marie\appdata\roaming\utorrent web\utweb.exe] => (Allow) C:\users\marie\appdata\roaming\utorrent web\utweb.exe => No File
FirewallRules: [{3D43AFD2-E5C0-439C-8B68-EDFA79B0E842}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Momodora III\Momodora3.exe => No File
FirewallRules: [{1942E64B-322B-43A9-B88B-E08570E0B4C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Momodora III\Momodora3.exe => No File
FirewallRules: [{AC14D700-00A7-4A43-B82C-0E8A33DE0375}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{6CEA770F-B4F9-456F-9B42-96D68032ABDA}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{349422F6-C616-41C5-91BC-5F0CAAE0DD7C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{DD1A0923-7E95-456C-99B7-47FF317EA91E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{711FDEEF-B510-4133-9C34-81F1A0686771}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gone Home\GoneHome.exe => No File
FirewallRules: [{2566CD25-F04E-4F1A-A3BC-A23E0CAF71DB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gone Home\GoneHome.exe => No File
FirewallRules: [{5BCAD969-125F-480A-8889-017E507B042D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe => No File
FirewallRules: [{DCE6D5A3-09A3-42DE-8C2F-6C0DFBC3C51B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe => No File
FirewallRules: [{B67ECDFD-9C58-452E-86C2-AE9D792AE669}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\All Our Asias\All Our Asias.exe => No File
FirewallRules: [{F99743CA-D186-4E1A-B468-9D91D82CFDBD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\All Our Asias\All Our Asias.exe => No File
FirewallRules: [{61A7D82F-A2E2-4FB2-8E25-1DB5DF022193}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hook\hook.exe => No File
FirewallRules: [{EA1889EC-8F00-4AB4-8744-C99D4672C2A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hook\hook.exe => No File
FirewallRules: [{B0B9867A-98F2-455A-A1CA-299AAF5AD844}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Engare\Engare.exe => No File
FirewallRules: [{D74A4762-A7B0-4399-BFAE-841A65468FAD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Engare\Engare.exe => No File
FirewallRules: [{57EB884D-7C27-4006-B77A-A16ABDCFFBFE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mountain\Mountain.exe => No File
FirewallRules: [{F740F60E-3029-46CB-8F31-0A9A6C5233BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mountain\Mountain.exe => No File
FirewallRules: [{D8EF20DC-6E92-4A93-86D7-894AC74A17F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HER STORY\HerStory.exe => No File
FirewallRules: [{0B8B652A-1420-4FA5-BE71-ED4B6B8AD080}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HER STORY\HerStory.exe => No File
FirewallRules: [{C9E922BB-B8B4-49AB-926B-7B3A012D3FFA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Momodora RUtM\MomodoraRUtM.exe => No File
FirewallRules: [{4840A2DE-9C68-4981-9726-D35961EEBFAC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Momodora RUtM\MomodoraRUtM.exe => No File
FirewallRules: [TCP Query User{E8AE2D59-5EBD-473F-B822-B867AB82C869}C:\program files\fox\no one lives forever\ereg\navbrowser.exe] => (Block) C:\program files\fox\no one lives forever\ereg\navbrowser.exe => No File
FirewallRules: [UDP Query User{26DF90D8-B9F9-40DF-8AD9-46605D9AE9DF}C:\program files\fox\no one lives forever\ereg\navbrowser.exe] => (Block) C:\program files\fox\no one lives forever\ereg\navbrowser.exe => No File
FirewallRules: [TCP Query User{BD5A5C88-C536-4F93-A9FA-8BB199CF97C4}C:\program files (x86)\halo combat evolved\halo.exe] => (Allow) C:\program files (x86)\halo combat evolved\halo.exe => No File
FirewallRules: [UDP Query User{E8B9DF46-CCA8-4D99-856A-DB86E3FF3EE2}C:\program files (x86)\halo combat evolved\halo.exe] => (Allow) C:\program files (x86)\halo combat evolved\halo.exe => No File
FirewallRules: [TCP Query User{7599CEC9-651C-4CCC-AB6D-BAE0E45A2DDB}C:\users\marie\appdata\local\temp\ss2tool\rsync.exe] => (Allow) C:\users\marie\appdata\local\temp\ss2tool\rsync.exe => No File
FirewallRules: [UDP Query User{DB5CCA03-D5D5-49E9-BFD9-3D792C7C3FF2}C:\users\marie\appdata\local\temp\ss2tool\rsync.exe] => (Allow) C:\users\marie\appdata\local\temp\ss2tool\rsync.exe => No File
FirewallRules: [TCP Query User{D21F674E-3017-4C98-B800-B780EEC27CA2}C:\gog games\divinity - original sin 2\bin\eocapp.exe] => (Block) C:\gog games\divinity - original sin 2\bin\eocapp.exe => No File
FirewallRules: [UDP Query User{F77F8FFA-C3F5-4AD3-9FEA-16F6E42B0840}C:\gog games\divinity - original sin 2\bin\eocapp.exe] => (Block) C:\gog games\divinity - original sin 2\bin\eocapp.exe => No File
FirewallRules: [{BC3AA50D-CF7D-4386-B513-12BB81AF071E}] => (Allow) C:\Users\Marie\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{623B99CE-5E9D-42FC-B6F5-3C6F1B3725AB}] => (Allow) C:\Users\Marie\AppData\Roaming\Zoom\bin\airhost.exe => No File
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {007E68DB-3748-4377-B376-7A912DB9AFE4} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION
Task: {15FD9887-A193-41B2-BA32-6960FF15FE88} - System32\Tasks\Microsoft\Windows\Wininet\Winlogui => winlogui.exe -o pool.supportxmr.com:80 -u 882cATBK88FMXFcfkV834JHatxbTxUpyBVbp4cvVqR6ojKPhASUPc4M2ZyYXqjFKABDEzZERmxzhsXuz4btNkygo39ELM2C -p x (No File) <==== ATTENTION
Task: {625F736A-F3D7-44DA-A23F-C6688F50299B} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\winrmsrv => winrmsrv.exe /startup (No File) <==== ATTENTION
Task: {97ABF0F7-3FB7-48E3-B609-92282B3B6D3A} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {D67ADCA9-5E1D-4709-A17F-43DD6E401DA1} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
CHR HomePage: Default -> mysearch.avg.com
CHR StartupUrls: Default -> "hxxp://capitadiscovery.co.uk/gsa","hxxp://www.google.co.uk/","hxxp://mysearch.avg.com?cid={CAEB7B4F-C0D1-4087-A406-7A6A2F19F971}&mid=ba7031927b5947d39dc1314fa046d54b-fb3ef3b01386b7a64a45bfec614b38a473486cd1&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-12-09 13:14:56&v=17.1.2.1&pid=safeguard&sg=&sap=hp","hxxp://www.google.co.uk/|hxxp://mysearch.avg.com?cid={CAEB7B4F-C0D1-4087-A406-7A6A2F19F971}&mid=ba7031927b5947d39dc1314fa046d54b-fb3ef3b01386b7a64a45bfec614b38a473486cd1&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-12-09 13:14:56&v=17.2.0.38&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={CAEB7B4F-C0D1-4087-A406-7A6A2F19F971}&mid=ba7031927b5947d39dc1314fa046d54b-fb3ef3b01386b7a64a45bfec614b38a473486cd1&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-09 08:03:09&v=17.3.1.204&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={CAEB7B4F-C0D1-4087-A406-7A6A2F19F971}&mid=ba7031927b5947d39dc1314fa046d54b-fb3ef3b01386b7a64a45bfec614b38a473486cd1&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-09 08:03:09&v=18.1.5.512&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={CAEB7B4F-C0D1-4087-A406-7A6A2F19F971}&mid=ba7031927b5947d39dc1314fa046d54b-fb3ef3b01386b7a64a45bfec614b38a473486cd1&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-09 08:03:09&v=18.1.7.598&pid=safeguard&sg=0&sap=hp","hxxps://mysearch.avg.com?cid={CAEB7B4F-C0D1-4087-A406-7A6A2F19F971}&mid=ba7031927b5947d39dc1314fa046d54b-fb3ef3b01386b7a64a45bfec614b38a473486cd1&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-09 08:03:09&v=18.1.9.786&pid=safeguard&sg=0&sap=hp","hxxps://mysearch.avg.com?cid={CAEB7B4F-C0D1-4087-A406-7A6A2F19F971}&mid=ba7031927b5947d39dc1314fa046d54b-fb3ef3b01386b7a64a45bfec614b38a473486cd1&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-09 08:03:09&v=18.1.9.799&pid=safeguard&sg=0&sap=hp","hxxp://www.google.com/"
CHR StartupUrls: Profile 1 -> "hxxp://www.google.co.uk/","hxxp://mysearch.avg.com?cid={CAEB7B4F-C0D1-4087-A406-7A6A2F19F971}&mid=ba7031927b5947d39dc1314fa046d54b-fb3ef3b01386b7a64a45bfec614b38a473486cd1&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-12-09 13:14:56&v=17.1.2.1&pid=safeguard&sg=&sap=hp","hxxp://www.google.co.uk/|hxxp://mysearch.avg.com?cid={CAEB7B4F-C0D1-4087-A406-7A6A2F19F971}&mid=ba7031927b5947d39dc1314fa046d54b-fb3ef3b01386b7a64a45bfec614b38a473486cd1&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-12-09 13:14:56&v=17.2.0.38&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={CAEB7B4F-C0D1-4087-A406-7A6A2F19F971}&mid=ba7031927b5947d39dc1314fa046d54b-fb3ef3b01386b7a64a45bfec614b38a473486cd1&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-09 08:03:09&v=17.3.1.204&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={CAEB7B4F-C0D1-4087-A406-7A6A2F19F971}&mid=ba7031927b5947d39dc1314fa046d54b-fb3ef3b01386b7a64a45bfec614b38a473486cd1&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-09 08:03:09&v=18.1.5.512&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={CAEB7B4F-C0D1-4087-A406-7A6A2F19F971}&mid=ba7031927b5947d39dc1314fa046d54b-fb3ef3b01386b7a64a45bfec614b38a473486cd1&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-09 08:03:09&v=18.1.7.598&pid=safeguard&sg=0&sap=hp","hxxps://mysearch.avg.com?cid={CAEB7B4F-C0D1-4087-A406-7A6A2F19F971}&mid=ba7031927b5947d39dc1314fa046d54b-fb3ef3b01386b7a64a45bfec614b38a473486cd1&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-09 08:03:09&v=18.1.9.786&pid=safeguard&sg=0&sap=hp","hxxps://mysearch.avg.com?cid={CAEB7B4F-C0D1-4087-A406-7A6A2F19F971}&mid=ba7031927b5947d39dc1314fa046d54b-fb3ef3b01386b7a64a45bfec614b38a473486cd1&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-09 08:03:09&v=18.1.9.799&pid=safeguard&sg=0&sap=hp","hxxp://www.google.com/"
cmd: netsh advfirewall reset
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

 

3. Search with FRST

  • Double-click FRST.exe/FRST64.exe to run it.
  • Copy and paste the following into the Search box:
     winlogui.exe;winscomrssrv.dll;StartupCheckLibrary.dll;winrmsrv.exe
    Press the Search Files button.
  • When complete, FRST will generate a log, named Search.txt, in the same location it was run from.
  • Please copy and paste its contents into your reply.

 

 

In your next reply please post:

  1. If the Chrome extension was successfully uninstalled
  2. The fixlog.txt
  3. The Search.txt

  • 0

#9
spiramirabilis

spiramirabilis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts

I successfully uninstalled the chrome extension. Also, the error prompts did not reappear when I restarted the computer this time.

Attached Files


  • 0

#10
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,577 posts

Also, the error prompts did not reappear when I restarted the computer this time.

 

I know.  :laughing: 

 

Continue...
 
 
1. Run AdwCleaner (Scan mode)

Download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

 

2. Run Malwarebytes (Scan mode)

  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) the option is NOT checked.
    Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.

If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.

  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

 

In your next reply, please post:

  • The AdwCleaner[S0*].txt
  • The Malwarebytes report

 

P.S. I will be back to you tomorrow, my time, since here it is almost midnight now. 


  • 0

Advertisements


#11
spiramirabilis

spiramirabilis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
I wasn't able to uncheck this setting and got a message telling me to upgrade to premium:  "Under the title Windows Security Center (Premium only) the option is NOT checked."
I've attached a photo of how the setting looked in the program. Otherwise the logs follow as requested:
 
 
# -------------------------------
# Malwarebytes AdwCleaner 8.3.2.0
# -------------------------------
# Build:    03-23-2022
# Database: 2022-03-15.3 (Local)
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    05-25-2022
# Duration: 00:00:11
# OS:       Windows 10 Home
# Scanned:  32039
# Detected: 30
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries found.
 
***** [ Chromium URLs ] *****
 
PUP.Optional.Legacy             http://mysearch.avg....fr&d=2014-02-0908:03:09&v=17.3.1.204&pid=safeguard&sg=0&sap=hp
PUP.Optional.Legacy             http://mysearch.avg....fr&d=2014-02-0908:03:09&v=18.1.5.512&pid=safeguard&sg=0&sap=hp
PUP.Optional.Legacy             http://mysearch.avg....fr&d=2014-02-0908:03:09&v=18.1.7.598&pid=safeguard&sg=0&sap=hp
PUP.Optional.Legacy             http://mysearch.avg....fr&d=2013-12-0913:14:56&v=17.1.2.1&pid=safeguard&sg=&sap=hp
PUP.Optional.Legacy             https://mysearch.avg...fr&d=2014-02-0908:03:09&v=18.1.9.786&pid=safeguard&sg=0&sap=hp
PUP.Optional.Legacy             https://mysearch.avg...fr&d=2014-02-0908:03:09&v=18.1.9.799&pid=safeguard&sg=0&sap=hp
PUP.Optional.Legacy             mysearch.avg.com
PUP.Optional.Legacy             scistarter.com
PUP.Optional.MySearch           http://mysearch.avg....fr&d=2014-02-0908:03:09&v=17.3.1.204&pid=safeguard&sg=0&sap=hp
PUP.Optional.MySearch           http://mysearch.avg....fr&d=2014-02-0908:03:09&v=18.1.5.512&pid=safeguard&sg=0&sap=hp
PUP.Optional.MySearch           http://mysearch.avg....fr&d=2014-02-0908:03:09&v=18.1.7.598&pid=safeguard&sg=0&sap=hp
PUP.Optional.MySearch           http://mysearch.avg....fr&d=2013-12-0913:14:56&v=17.1.2.1&pid=safeguard&sg=&sap=hp
PUP.Optional.MySearch           https://mysearch.avg...fr&d=2014-02-0908:03:09&v=18.1.9.786&pid=safeguard&sg=0&sap=hp
PUP.Optional.MySearch           https://mysearch.avg...fr&d=2014-02-0908:03:09&v=18.1.9.799&pid=safeguard&sg=0&sap=hp
PUP.Optional.MySearch           mysearch.avg.com
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries found.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs found.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries found.
 
***** [ Preinstalled Software ] *****
 
Preinstalled.ASUSDeviceActivation   Folder   C:\Program Files (x86)\ASUS\ASUS DEVICE ACTIVATION 
Preinstalled.ASUSDeviceActivation   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{9C4B0706-9F9A-47BF-B417-0A111FC52B04} 
Preinstalled.ASUSLiveUpdate   Folder   C:\Program Files (x86)\ASUS\ASUS LIVE UPDATE 
Preinstalled.ASUSLiveUpdate   Folder   C:\ProgramData\ASUS\ASUS LIVE UPDATE 
Preinstalled.ASUSLiveUpdate   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{28444F41-C1CE-4437-BA6E-9E217EC4B7BF}  
Preinstalled.ASUSLiveUpdate   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Update Checker 
Preinstalled.ASUSLiveUpdate   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4} 
Preinstalled.ASUSLiveUpdate   Task   C:\Windows\System32\Tasks\UPDATE CHECKER 
Preinstalled.ASUSProductRegistration   Folder   C:\Program Files (x86)\ASUS\APRP 
Preinstalled.ASUSProductRegistration   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{8D6B05E0-F457-408C-9D13-549334D8FAE1} 
Preinstalled.ASUSSplendid   Folder   C:\Program Files (x86)\ASUS\SPLENDID 
Preinstalled.ASUSSplendid   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D00BE5AD-5D2E-463E-B360-4B6ACF58CA2D}  
Preinstalled.ASUSSplendid   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Splendid ACMON 
Preinstalled.ASUSSplendid   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{0969AF05-4FF6-4C00-9406-43599238DE0D} 
Preinstalled.ASUSSplendid   Task   C:\Windows\System32\Tasks\ASUS SPLENDID ACMON 
 
 
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 25/05/2022
Scan Time: 22:05
Log File: 5eb37f30-dc6e-11ec-9446-88b11118abef.json
 
-Software Information-
Version: 4.5.9.198
Components Version: 1.0.1676
Update Package Version: 1.0.55394
Licence: Expired
 
-System Information-
OS: Windows 10 (Build 19044.1706)
CPU: x64
File System: NTFS
User: DESKTOP-KFRRP2F\Marie
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 330949
Threats Detected: 4
Threats Quarantined: 0
Time Elapsed: 15 min, 0 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 4
Malware.Heuristic.1001, C:\USERS\MARIE\DESKTOP\Tools\DromEd [Thief 2].lnk, No Action By User, 1000001, 0, , , , , 433D3F12690131B91B7AA1F005273D15, FE24CD44968B9D0D64D07144A4B86590D342AF2AC3937787A200665B24A370CD
Malware.Heuristic.1001, C:\USERS\MARIE\DESKTOP\PROJECTS\THE DEVILS THE VIDEOGAME\THIEF 2 THE METAL AGE (GOG)\THIEF 2 - THE METAL AGE\DROMED.EXE, No Action By User, 1000001, 0, 1.0.55394, 0000000000000000000003E9, dds, 01786694, 9DE85F71CB9B5093F838D717AEE12ECC, E9882A172C72BD225C1F9226491F477FB21BCC110B732F3F67FBCDC9DBFF64E6
Malware.AI.4207690491, C:\USERS\MARIE\DOWNLOADS\CLIP_STUDIO_PAINT_EX_1.8.2.FIX\CRACK.RAR, No Action By User, 1000000, 0, 1.0.55394, 3B098126008926D0FACC42FB, dds, 01786694, 780E26A9828A4AD3A269ED381112C931, 9C2E0623FD8407348B827C04D1A28E64532F447D93EFAAEAD08D423BA6F3E7A2
Malware.AI.3887398071, C:\USERS\MARIE\DOWNLOADS\UMINEKOWHENTHEYCRY\STEAM_API.DLL, No Action By User, 1000000, 0, 1.0.55394, 00173EE700173A19E7B4FCB7, dds, 01786694, E2EB670A4DD973E7625E737094D01047, 7D7EFE3CCA3E290924901A0FFF818D6C51A2F0EC90D0B956871A06CFBC67BA94
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)

  • 0

#12
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,577 posts

Many things were detected and I'll try to explain to you the results.
 
 
1. Run AdwCleaner (Clean mode)

The findings in Chromium parts of the log, are adware and PUPs which stands for Potentially Unwanted Programs. In the instructions below, I will list them all to be removed.

The section at the bottom under Preinstalled Software is software that was apparently installed when the device was new, which you may or may not use. Personally, I do not keep anything I don't use/need. But it's your computer, so your decision.

To proceed, please do the following:

  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

 

 

2. Run Malwarebytes (Clean mode)

 

Malwarebytes detected these items:

 

C:\USERS\MARIE\DESKTOP\Tools\DromEd [Thief 2].lnk, 
C:\USERS\MARIE\DESKTOP\PROJECTS\THE DEVILS THE VIDEOGAME\THIEF 2 THE METAL AGE (GOG)\THIEF 2 - THE METAL AGE\DROMED.EXE
C:\USERS\MARIE\DOWNLOADS\CLIP_STUDIO_PAINT_EX_1.8.2.FIX\CRACK.RAR
C:\USERS\MARIE\DOWNLOADS\UMINEKOWHENTHEYCRY\STEAM_API.DLL
 

The item in red points to a cracked program. Have in mind that cracked/pirated programs consist the best and the easier way to infect your computer. The guidelines at the beginning of this topic asked for these programs' removal. If you didn't do so, please do that now. It's really a waste of time to try to clean a computer having installed such programs, since it is going to get infected soon or later. 

 

To remove all the above: 

  • Double click the program's icon on your Desktop, as you did before.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) the option is unchecked.
    Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Thread Scan Summary window open.
  • If threats are not found, click View Report and proceed to the two last steps below.
  • If threats are found, make sure that all threats are selected, and click on Quarantine/Remove selected.
  • You may need to restart the computer.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

 

In your next reply, please post:
  1. The AdwCleaner[C0*].txt
  2. The Malwarebytes report

  • 0

#13
spiramirabilis

spiramirabilis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
# -------------------------------
# Malwarebytes AdwCleaner 8.3.2.0
# -------------------------------
# Build:    03-23-2022
# Database: 2022-03-15.3 (Local)
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    05-26-2022
# Duration: 00:00:02
# OS:       Windows 10 Home
# Cleaned:  15
# Failed:   0
 
 
***** [ Services ] *****
 
No malicious services cleaned.
 
***** [ Folders ] *****
 
No malicious folders cleaned.
 
***** [ Files ] *****
 
No malicious files cleaned.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks cleaned.
 
***** [ Registry ] *****
 
No malicious registry entries cleaned.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries cleaned.
 
***** [ Chromium URLs ] *****
 
Deleted       http://mysearch.avg....fr&d=2014-02-0908:03:09&v=17.3.1.204&pid=safeguard&sg=0&sap=hp
Deleted       http://mysearch.avg....fr&d=2014-02-0908:03:09&v=17.3.1.204&pid=safeguard&sg=0&sap=hp
Deleted       http://mysearch.avg....fr&d=2014-02-0908:03:09&v=18.1.5.512&pid=safeguard&sg=0&sap=hp
Deleted       http://mysearch.avg....fr&d=2014-02-0908:03:09&v=18.1.5.512&pid=safeguard&sg=0&sap=hp
Deleted       http://mysearch.avg....fr&d=2014-02-0908:03:09&v=18.1.7.598&pid=safeguard&sg=0&sap=hp
Deleted       http://mysearch.avg....fr&d=2014-02-0908:03:09&v=18.1.7.598&pid=safeguard&sg=0&sap=hp
Deleted       http://mysearch.avg....fr&d=2013-12-0913:14:56&v=17.1.2.1&pid=safeguard&sg=&sap=hp
Deleted       http://mysearch.avg....fr&d=2013-12-0913:14:56&v=17.1.2.1&pid=safeguard&sg=&sap=hp
Deleted       https://mysearch.avg...fr&d=2014-02-0908:03:09&v=18.1.9.786&pid=safeguard&sg=0&sap=hp
Deleted       https://mysearch.avg...fr&d=2014-02-0908:03:09&v=18.1.9.786&pid=safeguard&sg=0&sap=hp
Deleted       https://mysearch.avg...fr&d=2014-02-0908:03:09&v=18.1.9.799&pid=safeguard&sg=0&sap=hp
Deleted       https://mysearch.avg...fr&d=2014-02-0908:03:09&v=18.1.9.799&pid=safeguard&sg=0&sap=hp
Deleted       mysearch.avg.com
Deleted       mysearch.avg.com
Deleted       scistarter.com
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries cleaned.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs cleaned.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries cleaned.
 
***** [ Preinstalled Software ] *****
 
No Preinstalled Software cleaned.
 
 
*************************
 
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
AdwCleaner[S00].txt - [6629 octets] - [25/05/2022 21:50:19]
AdwCleaner[S01].txt - [6690 octets] - [26/05/2022 11:15:51]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
 
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 26/05/2022
Scan Time: 11:29
Log File: c27d296a-dcde-11ec-9041-88b11118abef.json
 
-Software Information-
Version: 4.5.9.198
Components Version: 1.0.1676
Update Package Version: 1.0.55422
Licence: Expired
 
-System Information-
OS: Windows 10 (Build 19044.1706)
CPU: x64
File System: NTFS
User: DESKTOP-KFRRP2F\Marie
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 331022
Threats Detected: 4
Threats Quarantined: 4
Time Elapsed: 11 min, 6 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 4
Malware.AI.3887398071, C:\USERS\MARIE\DOWNLOADS\UMINEKOWHENTHEYCRY\STEAM_API.DLL, Quarantined, 1000000, 0, 1.0.55422, 00173EE700173A19E7B4FCB7, dds, 01787524, E2EB670A4DD973E7625E737094D01047, 7D7EFE3CCA3E290924901A0FFF818D6C51A2F0EC90D0B956871A06CFBC67BA94
Malware.AI.4207690491, C:\USERS\MARIE\DOWNLOADS\CLIP_STUDIO_PAINT_EX_1.8.2.FIX\CRACK.RAR, Quarantined, 1000000, 0, 1.0.55422, 3B098126008926D0FACC42FB, dds, 01787524, 780E26A9828A4AD3A269ED381112C931, 9C2E0623FD8407348B827C04D1A28E64532F447D93EFAAEAD08D423BA6F3E7A2
Malware.Heuristic.1001, C:\USERS\MARIE\DESKTOP\Tools\DromEd [Thief 2].lnk, Quarantined, 1000001, 0, , , , , 433D3F12690131B91B7AA1F005273D15, FE24CD44968B9D0D64D07144A4B86590D342AF2AC3937787A200665B24A370CD
Malware.Heuristic.1001, C:\USERS\MARIE\DESKTOP\PROJECTS\THE DEVILS THE VIDEOGAME\THIEF 2 THE METAL AGE (GOG)\THIEF 2 - THE METAL AGE\DROMED.EXE, Quarantined, 1000001, 0, 1.0.55422, 0000000000000000000003E9, dds, 01787524, 9DE85F71CB9B5093F838D717AEE12ECC, E9882A172C72BD225C1F9226491F477FB21BCC110B732F3F67FBCDC9DBFF64E6
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)

  • 0

#14
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,577 posts

Thank you.
 
A last scan to ensure that everything is clean.

Download ESET Online Scanner and save it to your desktop.

  • Right-click on esetonlinescanner.exe and select Run as Administrator.
  • When the tool opens, click Computer Scan.
  • Click Yes to allow the tool run.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • After downloading updates, ESET will begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Disable the feature and click on Save and continue.
  • On the next screen, you can leave feedback about the program if you wish. If you left feedback, click Submit and continue. If not, Close the application.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

  • 0

#15
spiramirabilis

spiramirabilis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
26/05/2022 15:18:12
Files scanned: 675534
Detected files: 4
Cleaned files: 4
Total scan time 03:05:10
Scan status: Finished
C:\Program Files (x86)\AddSoft\Offer.url Win32/Adware.QualityApproach.A application cleaned by deleting
 
C:\Program Files (x86)\AddSoft\Offer2.url Win32/Adware.QualityApproach.A application cleaned by deleting
 
C:\Users\Marie\Downloads\Clip_Studio_Paint_EX_1.8.2.fix\Crack\Keygen-1.8.2.exe a variant of Win32/Keygen.ADI potentially unsafe application cleaned by deleting
 
C:\Windows.old\Program Files\Windows Defender\MSASCuiL.exe a variant of MSIL/Agent.UPS trojan cleaned by deleting

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP