Fix result of Farbar Recovery Scan Tool (x64) Version: 09-10-2019 01
Ran by Josip (10-10-2019 21:09:44) Run:1
Running from C:\Users\Josip\Desktop
Loaded Profiles: Josip (Available Profiles: Josip)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CloseProcesses:
Task: {BEBAAB68-97FF-4B01-8A9B-AB30494A317A} - \Microsoft\Windows\WDI\SrvHost -> No File <==== ATTENTION
Task: {FD8C43F9-66AC-4BF8-A0B7-EA73FB0B8866} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION
Lenovo App Explorer (HKU\S-1-5-21-81866132-2518726467-3289997804-1001\...\Host App Service) (Version: 0.273.2.314 - SweetLabs for Lenovo) <==== ATTENTION
Task: {BEBAAB68-97FF-4B01-8A9B-AB30494A317A} - \Microsoft\Windows\WDI\SrvHost -> No File <==== ATTENTION
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll No File
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [No File]
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [No File]
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll -> No File
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll -> No File
FirewallRules: [UDP Query User{49F49E88-DE09-442D-8158-97DF4B3600A7}D:\program files (x86)\killsquad\killsquad\game\binaries\win64\game-win64-shipping.exe] => (Block) D:\program files (x86)\killsquad\killsquad\game\binaries\win64\game-win64-shipping.exe No File
FirewallRules: [TCP Query User{A6ABE2F4-71CD-4917-AEA2-D50288A314EA}D:\program files (x86)\killsquad\killsquad\game\binaries\win64\game-win64-shipping.exe] => (Block) D:\program files (x86)\killsquad\killsquad\game\binaries\win64\game-win64-shipping.exe No File
FirewallRules: [TCP Query User{5E21CD7A-560B-4E0B-986F-2269EF4F19CD}D:\program files (x86)\destiny 2\destiny2.exe] => (Allow) D:\program files (x86)\destiny 2\destiny2.exe No File
FirewallRules: [UDP Query User{202BD50D-1384-4FCE-AEE3-B86610234860}D:\program files (x86)\destiny 2\destiny2.exe] => (Allow) D:\program files (x86)\destiny 2\destiny2.exe No File
FirewallRules: [TCP Query User{A5755C93-DA6E-402B-9A42-CD0A66FE6DD7}D:\program files (x86)\call of duty modern warfare beta\modernwarfare.exe] => (Allow) D:\program files (x86)\call of duty modern warfare beta\modernwarfare.exe No File
FirewallRules: [UDP Query User{C3CBCBCF-30C5-4B9D-980F-20289BC063FD}D:\program files (x86)\call of duty modern warfare beta\modernwarfare.exe] => (Allow) D:\program files (x86)\call of duty modern warfare beta\modernwarfare.exe No File
HOSTS:
CMD: fltmc instances
CMD: Removeproxy
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
*****************
Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BEBAAB68-97FF-4B01-8A9B-AB30494A317A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BEBAAB68-97FF-4B01-8A9B-AB30494A317A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WDI\SrvHost" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FD8C43F9-66AC-4BF8-A0B7-EA73FB0B8866}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD8C43F9-66AC-4BF8-A0B7-EA73FB0B8866}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\StartupCheckLibrary" => removed successfully
Lenovo App Explorer (HKU\S-1-5-21-81866132-2518726467-3289997804-1001\...\Host App Service) (Version: 0.273.2.314 - SweetLabs for Lenovo) <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BEBAAB68-97FF-4B01-8A9B-AB30494A317A}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WDI\SrvHost" => not found
HKLM\Software\Classes\PROTOCOLS\Handler\sacore => removed successfully
HKLM\Software\Classes\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => removed successfully
HKLM\Software\Classes\PROTOCOLS\Filter\application/x-mfe-ipt => removed successfully
HKLM\Software\Classes\CLSID\{3EF5086B-5478-4598-A054-786C45D75692} => removed successfully
HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10 => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/MSC,version=10 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\McCtxMenuFrmWrk => removed successfully
HKLM\Software\Classes\CLSID\{CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\McCtxMenuFrmWrk => removed successfully
HKLM\Software\Classes\CLSID\{CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{49F49E88-DE09-442D-8158-97DF4B3600A7}D:\program files (x86)\killsquad\killsquad\game\binaries\win64\game-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A6ABE2F4-71CD-4917-AEA2-D50288A314EA}D:\program files (x86)\killsquad\killsquad\game\binaries\win64\game-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{5E21CD7A-560B-4E0B-986F-2269EF4F19CD}D:\program files (x86)\destiny 2\destiny2.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{202BD50D-1384-4FCE-AEE3-B86610234860}D:\program files (x86)\destiny 2\destiny2.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A5755C93-DA6E-402B-9A42-CD0A66FE6DD7}D:\program files (x86)\call of duty modern warfare beta\modernwarfare.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C3CBCBCF-30C5-4B9D-980F-20289BC063FD}D:\program files (x86)\call of duty modern warfare beta\modernwarfare.exe" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
========= fltmc instances =========
Filter Volume Name Altitude Instance Name Frame SprtFtrs VlStatus
-------------------- ------------------------------------- ------------ ---------------------- ----- -------- --------
CldFlt C: 180451 CldFlt 0 00000007
FileCrypt D: 141100 FileCrypt Instance 0 00000007
FileCrypt E: 141100 FileCrypt Instance 0 00000007
FileInfo 40500 FileInfo 0 00000007
FileInfo C: 40500 FileInfo 0 00000007
FileInfo 40500 FileInfo 0 00000007
FileInfo D: 40500 FileInfo 0 00000007
FileInfo 40500 FileInfo 0 00000007
FileInfo \Device\HarddiskVolume7 40500 FileInfo 0 00000007
FileInfo E: 40500 FileInfo 0 00000007
FileInfo \Device\Mup 40500 FileInfo 0 00000007
Gemma 320782 Gemma Instance 0 00000007
Gemma C: 320782 Gemma Instance 0 00000007
Gemma 320782 Gemma Instance 0 00000007
Gemma D: 320782 Gemma Instance 0 00000007
Gemma 320782 Gemma Instance 0 00000007
Gemma \Device\HarddiskVolume7 320782 Gemma Instance 0 00000007
Gemma E: 320782 Gemma Instance 0 00000007
Gemma \Device\Mup 320782 Gemma Instance 0 00000007
Ignis 320811 ignis Instance 0 00000004
Ignis C: 320811 ignis Instance 0 00000004
Ignis 320811 ignis Instance 0 00000004
Ignis D: 320811 ignis Instance 0 00000004
Ignis 320811 ignis Instance 0 00000004
Ignis \Device\HarddiskVolume7 320811 ignis Instance 0 00000004
Ignis E: 320811 ignis Instance 0 00000004
Ignis \Device\Mup 320811 ignis Instance 0 00000004
Wof C: 40700 Wof Instance 0 00000007
Wof 40700 Wof Instance 0 00000007
Wof D: 40700 Wof Instance 0 00000007
Wof 40700 Wof Instance 0 00000007
Wof E: 40700 Wof Instance 0 00000007
atc 320781 Atc Instance 0 00000007
atc C: 320781 Atc Instance 0 00000007
atc 320781 Atc Instance 0 00000007
atc D: 320781 Atc Instance 0 00000007
atc 320781 Atc Instance 0 00000007
atc \Device\HarddiskVolume7 320781 Atc Instance 0 00000007
atc E: 320781 Atc Instance 0 00000007
atc \Device\Mup 320781 Atc Instance 0 00000007
bindflt C: 409800 bindflt Instance 0 00000007
gameflt C: 189850 gameflt Instance 0 00000003
gameflt 189850 gameflt Instance 0 00000003
gameflt D: 189850 gameflt Instance 0 00000003
gameflt 189850 gameflt Instance 0 00000003
gameflt E: 189850 gameflt Instance 0 00000003
gzflt 320820 GzFlt Instance 0 00000004
gzflt C: 320820 GzFlt Instance 0 00000004
gzflt 320820 GzFlt Instance 0 00000004
gzflt D: 320820 GzFlt Instance 0 00000004
gzflt 320820 GzFlt Instance 0 00000004
gzflt \Device\HarddiskVolume7 320820 GzFlt Instance 0 00000004
gzflt E: 320820 GzFlt Instance 0 00000004
gzflt \Device\Mup 320820 GzFlt Instance 0 00000004
luafv C: 135000 luafv 0 00000007
mfehidk 321300.00 mfehidk 0 00000007
mfehidk C: 321300.00 mfehidk 0 00000007
mfehidk 321300.00 mfehidk 0 00000007
mfehidk D: 321300.00 mfehidk 0 00000007
mfehidk 321300.00 mfehidk 0 00000007
mfehidk \Device\HarddiskVolume7 321300.00 mfehidk 0 00000007
mfehidk E: 321300.00 mfehidk 0 00000007
mfehidk \Device\Mup 321300.00 mfehidk 0 00000007
mfehidk \Device\NamedPipe 321300.00 mfehidk 0 00000007
npsvctrig \Device\NamedPipe 46000 npsvctrig 0 00000000
trufos 320770 Trufos Instance 0 00000004
trufos C: 320770 Trufos Instance 0 00000004
trufos 320770 Trufos Instance 0 00000004
trufos D: 320770 Trufos Instance 0 00000004
trufos 320770 Trufos Instance 0 00000004
trufos \Device\HarddiskVolume7 320770 Trufos Instance 0 00000004
wcifs C: 189900 wcifs Instance 0 00000007
wcifs D: 189900 wcifs Instance 0 00000007
wcifs E: 189900 wcifs Instance 0 00000007
========= End of CMD: =========
========= Removeproxy =========
'Removeproxy' is not recognized as an internal or external command,
operable program or batch file.
========= End of CMD: =========
========= netsh advfirewall reset =========
Ok.
========= End of CMD: =========
========= netsh advfirewall set allprofiles state ON =========
Ok.
========= End of CMD: =========
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
========= netsh winsock reset catalog =========
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
========= End of CMD: =========
========= netsh int ip reset C:\resettcpip.txt =========
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
tkomst nekad.
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
========= End of CMD: =========
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
Failed to clear log Microsoft-Windows-LiveId/Analytic.
Åtkomst nekad.
Failed to clear log Microsoft-Windows-LiveId/Operational.
Åtkomst nekad.
Failed to clear log Microsoft-Windows-USBVideo/Analytic.
WMI-dataprovidern kunde inte godkänna det överförda instansnamnet.
========= End of CMD: =========
========= Bitsadmin /Reset /Allusers =========
BITSADMIN version 3.0
BITS administration utility.
© Copyright Microsoft Corp.
{7E021B57-13DC-4C1E-B951-4872A9F05A98} canceled.
Unable to cancel {5E1E1712-8753-4980-A96B-8CCE2FFD14C2}.
1 out of 2 jobs canceled.
========= End of CMD: =========
=========== EmptyTemp: ==========
BITS transfer queue => 11558912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 58506922 B
Java, Flash, Steam htmlcache => 391055141 B
Windows/system/drivers => 22612576 B
Edge => 13380431 B
Chrome => 438452212 B
Firefox => 159754738 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 194910 B
LocalService => 194910 B
NetworkService => 300810 B
NetworkService => 300810 B
Josip => 41758647 B
RecycleBin => 28132 B
EmptyTemp: => 1.1 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 21:12:58 ====
# -------------------------------
# Malwarebytes AdwCleaner 7.4.1.0
# -------------------------------
# Build: 09-05-2019
# Database: 2019-10-03.2 (Cloud)
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 10-10-2019
# Duration: 00:00:05
# OS: Windows 10 Home
# Cleaned: 19
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\ProgramData\Application Data\Lavasoft\Web Companion
Deleted C:\ProgramData\Lavasoft\Web Companion
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion
Deleted C:\Users\Default\AppData\Local\Host App Service
Deleted C:\Users\Josip\AppData\Local\Host App Service
Deleted C:\Users\Josip\AppData\Local\Lavasoft\WEBCOMPANION.EXE_URL_SIQ0LWF3TZGXP2KHFKLLYBK3IDTBEHNG
Deleted C:\Users\Josip\AppData\Roaming\Lavasoft\Web Companion
Deleted C:\Users\TEMP\AppData\Local\Host App Service
Deleted C:\Windows\ServiceProfiles\LocalService\AppData\Local\Host App Service
Deleted C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Host App Service
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\Host App Service
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\glassinbox.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.glassinbox.com
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Deleted HKCU\Software\csastats
***** [ Chromium (and derivatives) ] *****
Deleted Adaware Secure Search
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner_Debug.log - [18519 octets] - [10/10/2019 21:16:42]
AdwCleaner[S00].txt - [3749 octets] - [10/10/2019 21:24:08]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########