Solved Im getting what looks like virus/adware

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Status
Not open for further replies.

Antoine

PCHF Member
PCHF Member
Apr 24, 2017
170
7
37
Fix result of Farbar Recovery Scan Tool (x64) Version: 28-02-2021
Ran by Owner (04-03-2021 11:07:48) Run:1
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {08FB5BE8-6146-45FE-82AA-AAEBD942693D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {0D219ACD-7011-4534-B120-F3505C4837B0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {1D8DF3E7-9F2D-40E4-88F5-F341BFD0253E} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {2E7A2325-D316-4452-9C0E-C1293B13226B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {45CA8801-18F2-4B31-9729-883429B5FECF} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {67A6FD32-C356-4EC5-95D4-CC1194581A0C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8C3EDB83-36E2-4054-9D57-8EF4192E26A2} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {9A3E4869-5465-442C-A6A9-8FF408CA91EF} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {9EDE4753-F683-4ECA-BAE0-7F320A3EBCC9} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {9EF291FD-9567-4DA4-A2AE-43E2A5E95508} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {A19C0C04-EA51-45A5-8A41-10A2539243F3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C36FCA9A-D611-4856-BFB3-2F5780E1458C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {E5FF7E72-8DAD-4F94-8287-1B81E5D2A1C9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F25A43D6-ACAA-44F8-80CE-1B1A9CF247E0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {F8AB5D5D-48F4-4B75-9D38-EC025CC9187F} - \WPD\SqmUpload_S-1-5-21-1014905426-3769363605-1701117676-1001 -> No File <==== ATTENTION
Task: {2F2589E7-DF1D-4E34-BE08-AC75A9E52FC6} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
CHR Notifications: Default -> hxxps://captchatopsource.com; hxxps://pchelpforum.net; hxxps://rktax.securefilepro.com; hxxps://us.letgo.com; hxxps://www.facebook.com
CHR HomePage: Default -> hxxp://www.deloittenet.com
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
FirewallRules: [{375B3A70-0160-4DF6-970B-A89FF225ECCE}] => (Allow) LPort=5558
FirewallRules: [{7E54A6EE-FB66-4B87-AF21-0770E20C250E}] => (Allow) LPort=5556
FirewallRules: [{38448C18-A688-49C7-8174-1B2BC24536EC}] => (Allow) LPort=54925
Hosts:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state On
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
reboot:
end
*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08FB5BE8-6146-45FE-82AA-AAEBD942693D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08FB5BE8-6146-45FE-82AA-AAEBD942693D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D219ACD-7011-4534-B120-F3505C4837B0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D219ACD-7011-4534-B120-F3505C4837B0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1D8DF3E7-9F2D-40E4-88F5-F341BFD0253E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D8DF3E7-9F2D-40E4-88F5-F341BFD0253E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2E7A2325-D316-4452-9C0E-C1293B13226B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E7A2325-D316-4452-9C0E-C1293B13226B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{45CA8801-18F2-4B31-9729-883429B5FECF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45CA8801-18F2-4B31-9729-883429B5FECF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{67A6FD32-C356-4EC5-95D4-CC1194581A0C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67A6FD32-C356-4EC5-95D4-CC1194581A0C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8C3EDB83-36E2-4054-9D57-8EF4192E26A2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C3EDB83-36E2-4054-9D57-8EF4192E26A2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9A3E4869-5465-442C-A6A9-8FF408CA91EF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A3E4869-5465-442C-A6A9-8FF408CA91EF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9EDE4753-F683-4ECA-BAE0-7F320A3EBCC9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9EDE4753-F683-4ECA-BAE0-7F320A3EBCC9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9EF291FD-9567-4DA4-A2AE-43E2A5E95508}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9EF291FD-9567-4DA4-A2AE-43E2A5E95508}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A19C0C04-EA51-45A5-8A41-10A2539243F3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A19C0C04-EA51-45A5-8A41-10A2539243F3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C36FCA9A-D611-4856-BFB3-2F5780E1458C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C36FCA9A-D611-4856-BFB3-2F5780E1458C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E5FF7E72-8DAD-4F94-8287-1B81E5D2A1C9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5FF7E72-8DAD-4F94-8287-1B81E5D2A1C9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F25A43D6-ACAA-44F8-80CE-1B1A9CF247E0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F25A43D6-ACAA-44F8-80CE-1B1A9CF247E0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F8AB5D5D-48F4-4B75-9D38-EC025CC9187F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8AB5D5D-48F4-4B75-9D38-EC025CC9187F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-1014905426-3769363605-1701117676-1001" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{2F2589E7-DF1D-4E34-BE08-AC75A9E52FC6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F2589E7-DF1D-4E34-BE08-AC75A9E52FC6}" => removed successfully
C:\WINDOWS\System32\Tasks\AVAST Software\Avast settings backup => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Avast settings backup" => removed successfully
"Chrome Notifications" => removed successfully
"Chrome HomePage" => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\daanglpcpkjjlkhcbladppjphglbigam => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{375B3A70-0160-4DF6-970B-A89FF225ECCE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7E54A6EE-FB66-4B87-AF21-0770E20C250E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{38448C18-A688-49C7-8174-1B2BC24536EC}" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state On =========

Ok.


========= End of CMD: =========


========= RemoveProxy: =========

"HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh int ip reset c:\resetlog.txt =========

Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= ipconfig /release =========


Windows IP Configuration

No operation can be performed on Ethernet while it has its media disconnected.
No operation can be performed on Local Area Connection* 3 while it has its media disconnected.
No operation can be performed on Local Area Connection* 4 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Local Area Connection* 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Local Area Connection* 4:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix . : hsd1.tn.comcast.net
IPv6 Address. . . . . . . . . . . : 2601:483:c400:110:e817:e563:ae0:1ee1
Temporary IPv6 Address. . . . . . : 2601:483:c400:110:68c1:38d3:16e0:23b6
Temporary IPv6 Address. . . . . . : 2601:483:c400:110:69cd:a2b8:3880:b0be
Temporary IPv6 Address. . . . . . : 2601:483:c400:110:a1f1:63e0:e393:4dd1
Link-local IPv6 Address . . . . . : fe80::e817:e563:ae0:1ee1%3
Default Gateway . . . . . . . . . : fe80::c641:1eff:fe3f:ab09%3

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

========= End of CMD: =========


========= ipconfig /renew =========


Windows IP Configuration

No operation can be performed on Ethernet while it has its media disconnected.
No operation can be performed on Local Area Connection* 3 while it has its media disconnected.
No operation can be performed on Local Area Connection* 4 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Local Area Connection* 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Local Area Connection* 4:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix . : hsd1.tn.comcast.net
IPv6 Address. . . . . . . . . . . : 2601:483:c400:110:e817:e563:ae0:1ee1
Temporary IPv6 Address. . . . . . : 2601:483:c400:110:68c1:38d3:16e0:23b6
Temporary IPv6 Address. . . . . . : 2601:483:c400:110:69cd:a2b8:3880:b0be
Temporary IPv6 Address. . . . . . : 2601:483:c400:110:a1f1:63e0:e393:4dd1
Link-local IPv6 Address . . . . . : fe80::e817:e563:ae0:1ee1%3
IPv4 Address. . . . . . . . . . . : 192.168.1.142
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : fe80::c641:1eff:fe3f:ab09%3
192.168.1.1

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

========= End of CMD: =========


========= netsh int ipv4 reset =========

Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 37771452 B
Java, Flash, Steam htmlcache => 7941 B
Windows/system/drivers => 1214494 B
Edge => 22576474 B
Chrome => 360866305 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 35662 B
NetworkService => 39238 B
Owner => 104684506 B

RecycleBin => 66899336 B
EmptyTemp: => 576.6 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 11:08:54 ====
 

Antoine

PCHF Member
PCHF Member
Apr 24, 2017
170
7
37
so after reboot i didnt get bombarded with 7 fake virus alerts yet (usually wouldve happened by now though) I did get a buncha script errors at startup but I was getting those already anyway. One thing that was new however is windows defender/firewall popped up at started up blocking Chrome.exe for some reason. I hit allow access (since it is just Chrome after all) but nothing happened thankfully
 

jmarket

PCHF's Almighty Ruler
PCHF Owner
Support Team
Security Manager
Jan 10, 2015
2,377
530
PCHF Bunker
pchelpforum.net
The reason why windows defender is blocking Chrome now is because we did a firewall reset, which removed any bad rules. Just allow it through and you'll be good :)
 

jmarket

PCHF's Almighty Ruler
PCHF Owner
Support Team
Security Manager
Jan 10, 2015
2,377
530
PCHF Bunker
pchelpforum.net
I want to reset your browsers just to be on the safe side too.

Download ResetBrowser to your desktop.

Now close all open browsers. All browsers MUST be closed during this operation!

Right click and Run as Administrator

vwueyaz-png.1017


Click on Reset Chrome-- Allow completion.
Click on Reset Firefox-- Allow completion.
Click on Reset Internet Explorer-- Allow completion.

Now reboot your machine.
 

Antoine

PCHF Member
PCHF Member
Apr 24, 2017
170
7
37
just restarted windows again just to test, still no pop ups, btw I notice the log says couldnt created a restore point. Is that ok?
 

jmarket

PCHF's Almighty Ruler
PCHF Owner
Support Team
Security Manager
Jan 10, 2015
2,377
530
PCHF Bunker
pchelpforum.net
It's because System Restore is disabled. Try this.

  1. Right click on the Start Button and select System.
  2. Click on System Protection.
  3. Under Protection Settings, select your primary drive and click the Configure button.
  4. Select Turn on system protection and then adjust the Max Usage percentage to something above zero. I like to set mine to 15%.
  5. Click OK and System Restore has been enabled.
 

Antoine

PCHF Member
PCHF Member
Apr 24, 2017
170
7
37
system protection on mny C drive was on already it was muy external that was off. Also i did the browser resets
 

jmarket

PCHF's Almighty Ruler
PCHF Owner
Support Team
Security Manager
Jan 10, 2015
2,377
530
PCHF Bunker
pchelpforum.net
Awesome. It seems like those rogue popups have stopped. Let's go ahead and remove the tools we've used :)

Please go HERE and download Delfix Save it to your desktop.

Right click the new Delfix desktop icon and then click "run as administrator"

Place a tick in the following checkboxes

  1. Remove disinfection tools
  2. Create registry backup
  3. Purge system restore

Then select "Run"

GBBRMwwxJ7zMghGQCMlCmxOCl8mlytvIqgaYzZKVcFimwvYqO4Nt41pS4yumHEfnaAq826QMwZE3-8-6Uv7maZHlHiR5EmCG8F-80WrEvqUHO1vE-vibO3aw7mFhbs0AHMcpjUbt=w2400


Delfix will remove the tools used to clean your PC and remove itself. When finished a .txt file will display on your desktop. A copy of this file will be also located as C:\Delfix.txt.

Please post a copy of this file in your next post :)
 

Antoine

PCHF Member
PCHF Member
Apr 24, 2017
170
7
37
# DelFix v1.013 - Logfile created 04/03/2021 at 11:33:52
# Updated 17/04/2016 by Xplode
# Username : Owner - OWNER-PC
# Operating System : Windows 10 Enterprise (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\QuickDiag
Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
Deleted : C:\QuickDiag_25_04_2017_14_31_10.txt
Deleted : C:\Users\Owner\Desktop\Addition.txt
Deleted : C:\Users\Owner\Desktop\AdwCleaner[C00].txt
Deleted : C:\Users\Owner\Desktop\AdwCleaner[S00].txt
Deleted : C:\Users\Owner\Desktop\adwcleaner_6.046.exe
Deleted : C:\Users\Owner\Desktop\adwcleaner_8.1.exe
Deleted : C:\Users\Owner\Desktop\Fixlog.txt
Deleted : C:\Users\Owner\Desktop\FRST.txt
Deleted : C:\Users\Owner\Desktop\FRST2.txt
Deleted : C:\Users\Owner\Desktop\FRST64.exe
Deleted : HKCU\Software\[email protected]@n

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #1 [ResetBrowser | 03/04/2021 17:22:38]

New restore point created !

########## - EOF - ##########
 

jmarket

PCHF's Almighty Ruler
PCHF Owner
Support Team
Security Manager
Jan 10, 2015
2,377
530
PCHF Bunker
pchelpforum.net
Looks good :) Even successfully created a restore point. :) I'll leave this thread open for a couple days and if no more popups happen then I think we can call it solved :)
 

Antoine

PCHF Member
PCHF Member
Apr 24, 2017
170
7
37
ok thanks. Btw that log says it deleted reset browser even though its still on my desktop? (i deleted it manually just now)
 

jmarket

PCHF's Almighty Ruler
PCHF Owner
Support Team
Security Manager
Jan 10, 2015
2,377
530
PCHF Bunker
pchelpforum.net
That's perfectly ok :) Sometimes the removal tool misses some files but you can safely delete the remnants.

There shouldn't be much, the only one that should be left is the fixlist.txt and ResetBrowser. You can uninstall Malwarebytes if you want as well
 

Antoine

PCHF Member
PCHF Member
Apr 24, 2017
170
7
37
Seems fine still (or at least the person using it hasn't said anything so I guess it is lol) thanks again
 
Status
Not open for further replies.