Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
 
Topic Tools
  #16  
Old January 26th, 2022, 06:45 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
[*]Please open notepad (Start > All Programs > Accessories > Notepad)[*]Copy the entire contents of the code box below (Do not copy the word 'Code') to Notepad.[*]Save it to the Desktop, and name it: fixlist.txt


Code:
start:
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 19.7.0.632 - AVG Technologies)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-1674777451-104060087-3308858430-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [9250224 2021-11-19] (Lavasoft Software Canada Inc. -> Lavasoft)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {1EBD3074-9F59-4AA3-813B-EE9E525CB6F8} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe $(Arg0) (No File)
Task: {29619E57-65F3-47AC-91F4-28E2573EDEF9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {06C749F5-F390-47ED-A9F4-567A2D5A32D1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {412901A3-E641-4DFF-B845-96ACF8904E85} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {48BB0DD4-40EE-42F7-B60A-DDA9C3DA0260} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {54941C50-84C7-4AA2-B585-D55B0F299961} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxcon fig-B -> No File <==== ATTENTION
Task: {551DEED5-DE2E-43D4-BB83-45B3E365A17E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {5CD193FA-43CC-42ED-A43C-55F52B7A8DE0} - \WPD\SqmUpload_S-1-5-21-1674777451-104060087-3308858430-1001 -> No File <==== ATTENTION
Task: {C25DD8C7-C3EE-4893-A58A-F7689535C990} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\Backgro undConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {CEAD830B-B3DD-4611-B7A9-367DF41603EF} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {D09E295C-A59B-4D10-92AE-1F16F5F4B944} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {D1C4FF04-0B7C-4BC6-96E1-1F7ED96435A2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandco ntent -> No File <==== ATTENTION
Task: {DD2C952B-6BD3-43AA-B136-B5BC50724FC3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {FE743BA9-6233-459D-A62F-BF3B67949D88} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Edge HomePage: Default -> hxxps://?
Edge StartupUrls: Default -> "hxxps://?"
FF NewTabOverride: Mozilla\Firefox\Profiles\c5z23n9s.default -> Disabled: avg@safeguard
CHR HomePage: Default -> hxxps://?
CHR StartupUrls: Default -> "hxxps://?"
R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [367096 2021-11-16] (Bitdefender SRL -> Bitdefender)
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [70592 2014-04-03] (McAfee, Inc. -> McAfee, Inc.)
S3 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [177544 2014-04-03] (McAfee, Inc. -> McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [311856 2014-04-03] (McAfee, Inc. -> McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [69352 2014-04-03] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [522360 2014-04-03] (McAfee, Inc. -> McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [784760 2014-04-03] (McAfee, Inc. -> McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [346760 2014-04-03] (McAfee, Inc. -> McAfee, Inc.)
S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [25608 2020-09-24] (AVG Technologies CZ, s.r.o. -> SlimWare Utilities, Inc.)
2022-01-25 08:14 - 2021-11-16 12:28 - 000000000 ____D C:\Users\Jill\AppData\Roaming\Lavasoftf
2022-01-25 08:13 - 2021-11-16 12:28 - 000000000 ____D C:\Users\Jill\AppData\Local\Lavasoft
2022-01-25 08:13 - 2021-11-16 12:25 - 000000000 ____D C:\ProgramData\Lavasoft
finish:
[*]Running this on another computer may cause damage to the Operating System.[*]Now, please run FRST, and press theFix button, just once, and wait.[*]When done, the tool creates a report on the Desktop called: Fixlog.txt[/LIST]>> Please post the Fixlog.txt in your reply.
Reply With Quote
  #17  
Old January 26th, 2022, 08:11 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
I just noticed you saved FRST to the download folder. So be sure to save fixlist.txt to the same folder to run the fix.
Reply With Quote
  #18  
Old January 26th, 2022, 09:34 PM
Jaytee's Avatar
Jaytee Jaytee is offline
Senior Member
 
Join Date: May 2002
O/S: Linux
Location: Hamilton New Zealand
Age: 76
Posts: 3,620
Fix result of Farbar Recovery Scan Tool (x64) Version: 26-01-2022
Ran by Jill (27-01-2022 09:23:08) Run:1
Running from C:\Users\Jill\Desktop
Loaded Profiles: Jill & defaultuser1
Boot Mode: Normal
==============================================

fixlist content:
*****************
start:
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 19.7.0.632 - AVG Technologies)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-1674777451-104060087-3308858430-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [9250224 2021-11-19] (Lavasoft Software Canada Inc. -> Lavasoft)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {1EBD3074-9F59-4AA3-813B-EE9E525CB6F8} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe $(Arg0) (No File)
Task: {29619E57-65F3-47AC-91F4-28E2573EDEF9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {06C749F5-F390-47ED-A9F4-567A2D5A32D1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {412901A3-E641-4DFF-B845-96ACF8904E85} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {48BB0DD4-40EE-42F7-B60A-DDA9C3DA0260} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {54941C50-84C7-4AA2-B585-D55B0F299961} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxcon fig-B -> No File <==== ATTENTION
Task: {551DEED5-DE2E-43D4-BB83-45B3E365A17E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {5CD193FA-43CC-42ED-A43C-55F52B7A8DE0} - \WPD\SqmUpload_S-1-5-21-1674777451-104060087-3308858430-1001 -> No File <==== ATTENTION
Task: {C25DD8C7-C3EE-4893-A58A-F7689535C990} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\Backgro undConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {CEAD830B-B3DD-4611-B7A9-367DF41603EF} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {D09E295C-A59B-4D10-92AE-1F16F5F4B944} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {D1C4FF04-0B7C-4BC6-96E1-1F7ED96435A2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandco ntent -> No File <==== ATTENTION
Task: {DD2C952B-6BD3-43AA-B136-B5BC50724FC3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {FE743BA9-6233-459D-A62F-BF3B67949D88} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Edge HomePage: Default -> hxxps://?
Edge StartupUrls: Default -> "hxxps://?"
FF NewTabOverride: Mozilla\Firefox\Profiles\c5z23n9s.default -> Disabled: avg@safeguard
CHR HomePage: Default -> hxxps://?
CHR StartupUrls: Default -> "hxxps://?"
R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [367096 2021-11-16] (Bitdefender SRL -> Bitdefender)
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [70592 2014-04-03] (McAfee, Inc. -> McAfee, Inc.)
S3 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [177544 2014-04-03] (McAfee, Inc. -> McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [311856 2014-04-03] (McAfee, Inc. -> McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [69352 2014-04-03] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [522360 2014-04-03] (McAfee, Inc. -> McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [784760 2014-04-03] (McAfee, Inc. -> McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [346760 2014-04-03] (McAfee, Inc. -> McAfee, Inc.)
S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [25608 2020-09-24] (AVG Technologies CZ, s.r.o. -> SlimWare Utilities, Inc.)
2022-01-25 08:14 - 2021-11-16 12:28 - 000000000 ____D C:\Users\Jill\AppData\Roaming\Lavasoftf
2022-01-25 08:13 - 2021-11-16 12:28 - 000000000 ____D C:\Users\Jill\AppData\Local\Lavasoft
2022-01-25 08:13 - 2021-11-16 12:25 - 000000000 ____D C:\ProgramData\Lavasoft
finish:
*****************

"AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}" => removed successfully
"AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}" => removed successfully
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 19.7.0.632 - AVG Technologies) => Error: No automatic fix found for this entry.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
"HKU\S-1-5-21-1674777451-104060087-3308858430-1001\Software\Microsoft\Windows\CurrentVersion\Run \\Web Companion" => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1EBD30 74-9F59-4AA3-813B-EE9E525CB6F8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EBD30 74-9F59-4AA3-813B-EE9E525CB6F8}" => removed successfully
C:\WINDOWS\System32\Tasks\AVGPCTuneUp_Task_BkGndMa intenance => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVGPCTun eUp_Task_BkGndMaintenance" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{29619E 57-65F3-47AC-91F4-28E2573EDEF9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29619E 57-65F3-47AC-91F4-28E2573EDEF9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{06C749 F5-F390-47ED-A9F4-567A2D5A32D1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06C749 F5-F390-47ED-A9F4-567A2D5A32D1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{412901 A3-E641-4DFF-B845-96ACF8904E85}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{412901 A3-E641-4DFF-B845-96ACF8904E85}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{48BB0D D4-40EE-42F7-B60A-DDA9C3DA0260}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{48BB0D D4-40EE-42F7-B60A-DDA9C3DA0260}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{54941C 50-84C7-4AA2-B585-D55B0F299961}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54941C 50-84C7-4AA2-B585-D55B0F299961}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\refreshgwxcon fig-B" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{551DEE D5-DE2E-43D4-BB83-45B3E365A17E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{551DEE D5-DE2E-43D4-BB83-45B3E365A17E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5CD193 FA-43CC-42ED-A43C-55F52B7A8DE0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5CD193 FA-43CC-42ED-A43C-55F52B7A8DE0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmU pload_S-1-5-21-1674777451-104060087-3308858430-1001" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C25DD8 C7-C3EE-4893-A58A-F7689535C990}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C25DD8 C7-C3EE-4893-A58A-F7689535C990}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE2DE9 68-E342-40D7-9566-427D45E4A886}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE2DE9 68-E342-40D7-9566-427D45E4A886}" => removed successfully
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\PerfT rack\Backgro undConfigSurveyor" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\PerfTrack\Backgro undConfigSurveyor" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEAD83 0B-B3DD-4611-B7A9-367DF41603EF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEAD83 0B-B3DD-4611-B7A9-367DF41603EF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D09E29 5C-A59B-4D10-92AE-1F16F5F4B944}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D09E29 5C-A59B-4D10-92AE-1F16F5F4B944}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D1C4FF 04-0B7C-4BC6-96E1-1F7ED96435A2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1C4FF 04-0B7C-4BC6-96E1-1F7ED96435A2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\gwx\refreshgwxconfigandco ntent" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DD2C95 2B-6BD3-43AA-B136-B5BC50724FC3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD2C95 2B-6BD3-43AA-B136-B5BC50724FC3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FE743B A9-6233-459D-A62F-BF3B67949D88}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE743B A9-6233-459D-A62F-BF3B67949D88}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\UNP\RunCampaignManager" => not found
"Edge HomePage" => removed successfully
"Edge StartupUrls" => removed successfully
"Firefox NewTabOverride (avg@safeguard) " => removed successfully
"Chrome HomePage" => removed successfully
"Chrome StartupUrls" => removed successfully
BdDci => Unable to stop service.
HKLM\System\CurrentControlSet\Services\BdDci => removed successfully
BdDci => service removed successfully
HKLM\System\CurrentControlSet\Services\cfwids => removed successfully
cfwids => service removed successfully
HKLM\System\CurrentControlSet\Services\mfeapfk => removed successfully
mfeapfk => service removed successfully
mfeavfk => Unable to stop service.
HKLM\System\CurrentControlSet\Services\mfeavfk => removed successfully
mfeavfk => service removed successfully
HKLM\System\CurrentControlSet\Services\mfeelamk => removed successfully
mfeelamk => service removed successfully
mfefirek => Unable to stop service.
HKLM\System\CurrentControlSet\Services\mfefirek => removed successfully
mfefirek => service removed successfully
mfehidk => Unable to stop service.
HKLM\System\CurrentControlSet\Services\mfehidk => removed successfully
mfehidk => service removed successfully
mfewfpk => Unable to stop service.
HKLM\System\CurrentControlSet\Services\mfewfpk => removed successfully
mfewfpk => service removed successfully
HKLM\System\CurrentControlSet\Services\SWDUMon => removed successfully
SWDUMon => service removed successfully
"C:\Users\Jill\AppData\Roaming\Lavasoftf" => not found
C:\Users\Jill\AppData\Local\Lavasoft => moved successfully

"C:\ProgramData\Lavasoft" folder move:

Could not move "C:\ProgramData\Lavasoft" => Scheduled to move on reboot.

finish: => Error: No automatic fix found for this entry.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 27-01-2022 09:28:20)

C:\ProgramData\Lavasoft => Could not move

==== End of Fixlog 09:28:24 ====
Reply With Quote
  #19  
Old January 26th, 2022, 09:49 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
Any Improvement?
Reply With Quote
  #20  
Old January 26th, 2022, 10:10 PM
Jaytee's Avatar
Jaytee Jaytee is offline
Senior Member
 
Join Date: May 2002
O/S: Linux
Location: Hamilton New Zealand
Age: 76
Posts: 3,620
YES! CPU use has taken a dive 6% memory is still high 66% of 4gig Firefox using 500mb.
Boot to functional has improved to under three minutes from seven minutes prior.
As you are aware I am not a Windows user. Thank you so very much Tom...
Reply With Quote
  #21  
Old January 27th, 2022, 12:23 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
Make a new fixlist.txt and run a FRST fix again.

Quote:
start:
FF Homepage: Mozilla\Firefox\Profiles\c5z23n9s.default -> hxxps://mynewtab.co?pId=BT170603&searchEngine=bing&iDate=2 021-11-15 11:29:19
FF NewTab: Mozilla\Firefox\Profiles\c5z23n9s.default -> hxxps://mynewtab.co?pId=BT170603&searchEngine=bing&iDate=2 021-11-15 11:29:19
FF HomepageOverride: Mozilla\Firefox\Profiles\c5z23n9s.default -> Disabled: _b7Members_@free.mytransitguide.com
FF HomepageOverride: Mozilla\Firefox\Profiles\c5z23n9s.default -> Disabled: avg@safeguard
FF NewTabOverride: Mozilla\Firefox\Profiles\c5z23n9s.default -> Disabled: _b7Members_@free.mytransitguide.com
FF NewTabOverride: Mozilla\Firefox\Profiles\c5z23n9s.default -> Disabled: avg@safeguard
FF SearchPlugin: C:\Users\Jill\AppData\Roaming\Mozilla\Firefox\Prof iles\c5z23n9s.default\searchplugins\Yahoo Search.xml [2022-01-25]
finish:
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp .dll [2015-04-03] (WildTangent Inc -> )
finish:
Reply With Quote
  #22  
Old January 27th, 2022, 02:02 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
Be sure to reboot after running the fix.
Reply With Quote
  #23  
Old January 27th, 2022, 07:58 PM
Jaytee's Avatar
Jaytee Jaytee is offline
Senior Member
 
Join Date: May 2002
O/S: Linux
Location: Hamilton New Zealand
Age: 76
Posts: 3,620
That made a small difference to fire fox memory use.
This one could not be fixed automatically:
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp .dll [2015-04-03] (WildTangent Inc -> )
do I need to hunt it down and kill??
Reply With Quote
  #24  
Old January 27th, 2022, 08:42 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
I Just based that decision on the fact that the same program used to be used as an ad base by AOL, but it's likely okay there.
Reply With Quote
  #25  
Old January 27th, 2022, 09:25 PM
Jaytee's Avatar
Jaytee Jaytee is offline
Senior Member
 
Join Date: May 2002
O/S: Linux
Location: Hamilton New Zealand
Age: 76
Posts: 3,620
Cool, the machine is responding much better. Thank you very much on behalf of my sister......
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
How to get past windows10 password deltatango Windows 10 3 July 21st, 2021 12:36 AM
nvtmd.exe hogging CPU Apathwhy Windows Vista 1 September 10th, 2010 05:50 AM
Obscenely slow startup of XP and hogging of system resources Omnislash124 Malware Removal 13 October 9th, 2006 03:23 AM
scvhost.exe hogging cpu... Makaveli86 Malware Removal 1 July 25th, 2005 02:56 PM
Something is hogging my memory and CPU usage tigerw0man Malware Removal 2 March 24th, 2005 06:26 PM


All times are GMT +1. The time now is 07:33 AM.