In Progress Help removing PUPs and PUMs

kevyboyo

Thread Starter
Joined
Jan 24, 2013
Messages
23
Hi,

I hope you can help. I have a laptop that's running a bit slow on startup and in general. I think this is partly because it has various PUPs, PUMs and this 'Win32/Toolbar.Visicom.C' and other toolbars and search tools. I hope you could help me remove them all?

I ran a MalwareBytes AM scan and the Eset free online scanner and have uploaded both the logs to this post.

TSG INFO: -
Tech Support Guy System Info Utility version 1.0.0.9
OS Version: Microsoft Windows 10 Home, 64 bit, Build 19041, Installed 20200731004939.000000+060
Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz, Intel64 Family 6 Model 37 Stepping 5, CPU Count: 4
Total Physical RAM: 4 GB
Graphics Card: Intel(R) HD Graphics, 1755 MB
Hard Drives: C: 284 GB (155 GB Free);
Motherboard: Acer Aspire 5742, ver V1.05, s/n Base Board Serial Number
System: Acer, ver ACRSYS - 1, s/n LXR4F020820385208F1601
Antivirus: Windows Defender, Enabled and Updated

Please let me know if you need more information.

Thanks,

Kevin
 

Attachments

kevyboyo

Thread Starter
Joined
Jan 24, 2013
Messages
23
I think I may have a problem with the battery on this laptop losing charge rapidly too. Please see 'powercfg /batteryreport' and 'powercfg /energy' results below. You will see from the energy report that it found 17 errors and 9 warnings. It also seems to have some emojis too :) : -

Battery report
COMPUTER NAMEHOME-PC
SYSTEM PRODUCT NAMEAcer Aspire 5742
BIOSV1.05 08/24/2010
OS BUILD19041.1.amd64fre.vb_release.191206-1406
PLATFORM ROLEMobile
CONNECTED STANDBYNot supported
REPORT TIME2020-08-0211:35:30
Installed batteries
Information about each currently installed battery
BATTERY 1
NAMELi_Ion_4000mA
MANUFACTURERSimplo
SERIAL NUMBER50C8
CHEMISTRYLion
DESIGN CAPACITY48,840 mWh
FULL CHARGE CAPACITY2,054 mWh
CYCLE COUNT-
Recent usage
Power states over the last 3 days
START TIMESTATESOURCECAPACITY REMAINING
2020-07-3023:57:58ActiveAC100 %2,054 mWh
2020-07-3100:08:00Suspended100 %2,054 mWh
00:19:25ActiveAC100 %2,054 mWh
03:37:00Suspended100 %2,054 mWh
03:39:39ActiveAC100 %2,054 mWh
05:53:00Suspended100 %2,054 mWh
2020-08-0108:13:22ActiveAC100 %2,054 mWh
10:37:00Suspended100 %2,054 mWh
10:38:59ActiveAC100 %2,054 mWh
10:49:00Suspended100 %2,054 mWh
10:55:57ActiveAC100 %2,054 mWh
12:00:00Suspended100 %2,054 mWh
12:06:23ActiveAC100 %2,054 mWh
12:29:00Suspended100 %2,054 mWh
17:28:55ActiveAC100 %2,054 mWh
2020-08-0206:38:32Suspended100 %2,054 mWh
08:04:55ActiveBattery77 %1,587 mWh
08:06:19Suspended63 %1,299 mWh
08:06:57ActiveBattery64 %1,321 mWh
08:07:34ActiveAC65 %1,343 mWh
08:42:00Suspended100 %2,054 mWh
11:11:06ActiveAC100 %2,054 mWh
11:35:30Report generatedAC100 %2,054 mWh
Battery usage
Battery drains over the last 3 days
START TIMESTATEDURATIONENERGY DRAINED
2020-08-0208:04:55Active0:01:2414 %288 mWh
08:06:57Active0:00:37--22 mWh
Usage history
History of system usage on AC and battery
BATTERY DURATIONAC DURATION
PERIODACTIVECONNECTED STANDBYACTIVECONNECTED STANDBY
2020-07-30--0:02:01-
2020-07-31--1:13:39-
2020-08-01--4:50:03-
Battery capacity history
Charge capacity history of the system's batteries
PERIODFULL CHARGE CAPACITYDESIGN CAPACITY
2020-07-302,054 mWh48,840 mWh
2020-07-312,054 mWh48,840 mWh
2020-08-012,054 mWh48,840 mWh
Battery life estimates
Battery life estimates based on observed drains
AT FULL CHARGEAT DESIGN CAPACITY
PERIODACTIVECONNECTED STANDBYACTIVECONNECTED STANDBY
2020-07-30----
2020-07-31----
2020-08-01----
Current estimate of battery life based on all observed drains since OS install
Since OS install----



------------------------------------------------------



Power Efficiency Diagnostics Report
Computer NameHOME-PC
Scan Time2020-08-02T12:34:51Z
Scan Duration60 seconds
System ManufacturerAcer
System Product NameAspire 5742
BIOS Date08/24/2010
BIOS VersionV1.05
OS Build19041
Platform RolePlatformRoleMobile
Plugged Intrue
Process Count196
Thread Count2723
Report GUID{f1ec5d57-4d8f-45cb-838b-fc974b273e2d}
Analysis Results
Errors

Power Policy:power Plan Personality is High Performance (On Battery)
The current power plan personality is High Performance when the system is on battery power.
Power Policy:Sleep timeout is disabled (On Battery)
The computer is not configured to automatically sleep after a period of inactivity.
Power Policy:802.11 Radio Power Policy is Maximum Performance (On Battery)
The current power policy for 802.11-compatible wireless network adapters is not configured to use low-power modes.
Power Policy:pCI Express ASPM is disabled (On Battery)
The current power policy for PCI Express Active State Power Management (ASPM) is configured to Off.
Power Policy:power Plan Personality is High Performance (Plugged In)
The current power plan personality is High Performance when the system is plugged in.
Power Policy:Dim timeout is disabled (Plugged In)
The display is not configured to automatically dim after a period of inactivity.
Power Policy:Sleep timeout is disabled (Plugged In)
The computer is not configured to automatically sleep after a period of inactivity.
Power Policy:Minimum processor performance state is 100% (Plugged In)
The processor is not configured to automatically reduce power consumption based on activity.
Power Policy:pCI Express ASPM is disabled (Plugged In)
The current power policy for PCI Express Active State Power Management (ASPM) is configured to Off.
System Availability Requests:Execution Required Request
The program has made a request for execution-required.
Requesting Process\Device\HarddiskVolume3\Windows\System32\MoUsoCoreWorker.exe
USB Suspend:USB Device not Entering Selective Suspend
This device did not enter the USB Selective Suspend state. Processor power management may be prevented when this USB device is not in the Selective Suspend state. Note that this issue will not prevent the system from sleeping.
Device NameUSB Root Hub
Host Controller IDPCI\VEN_8086&DEV_3B34
Host Controller LocationPCI bus 0, device 29, function 0
Device IDUSB\VID_8086&PID_3B34
Port Path
USB Suspend:USB Device not Entering Selective Suspend
This device did not enter the USB Selective Suspend state. Processor power management may be prevented when this USB device is not in the Selective Suspend state. Note that this issue will not prevent the system from sleeping.
Device NameRealtek RTL8811AU Wireless LAN 802.11ac USB 2.0 Network Adapter
Host Controller IDPCI\VEN_8086&DEV_3B34
Host Controller LocationPCI bus 0, device 29, function 0
Device IDUSB\VID_0BDA&PID_A811
Port Path1,2
USB Suspend:USB Device not Entering Selective Suspend
This device did not enter the USB Selective Suspend state. Processor power management may be prevented when this USB device is not in the Selective Suspend state. Note that this issue will not prevent the system from sleeping.
Device NameGeneric USB Hub
Host Controller IDPCI\VEN_8086&DEV_3B34
Host Controller LocationPCI bus 0, device 29, function 0
Device IDUSB\VID_8087&PID_0020
Port Path1
USB Suspend:USB Device not Entering Selective Suspend
This device did not enter the USB Selective Suspend state. Processor power management may be prevented when this USB device is not in the Selective Suspend state. Note that this issue will not prevent the system from sleeping.
Device NameUSB Composite Device
Host Controller IDPCI\VEN_8086&DEV_3B34
Host Controller LocationPCI bus 0, device 29, function 0
Device IDUSB\VID_046D&PID_C52F
Port Path1,1
CPU Utilization:processor utilization is high
The average processor utilization during the trace was high. The system will consume less power when the average processor utilization is very low. Review processor utilization for individual processes to determine which applications and services contribute the most to total processor utilization.
Average Utilization (%)7.37
Battery:Last Full Charge (%)
The battery stored less than 40% of the Designed Capacity the last time the battery was fully charged.
Battery ID50C8Simplo Li_Ion_4000mA
Design Capacity48840
Last Full Charge2054
Last Full Charge (%)4
Platform Power Management Capabilities:pCI Express Active-State Power Management (ASPM) Disabled
PCI Express Active-State Power Management (ASPM) has been disabled due to a known incompatibility with the hardware in this computer.
Warnings
Platform Timer Resolution:platform Timer Resolution
The default platform timer resolution is 15.6ms (15625000ns) and should be used whenever the system is idle. If the timer resolution is increased, processor power management technologies may not be effective. The timer resolution may be increased due to multimedia playback or graphical animations.
Current Timer Resolution (100ns units)156246
Maximum Timer Period (100ns units)156250
Platform Timer Resolution:Outstanding Timer Request
A program or service has requested a timer resolution smaller than the platform maximum timer resolution.
Requested Period10000
Requesting Process ID12168
Requesting Process Path\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe
Platform Timer Resolution:Outstanding Timer Request
A program or service has requested a timer resolution smaller than the platform maximum timer resolution.
Requested Period10000
Requesting Process ID11988
Requesting Process Path\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe
Power Policy:Display timeout is long (On Battery)
The display is configured to turn off after longer than 5 minutes.
Timeout (seconds)600
Power Policy:Dim timeout is long (On Battery)
The display is configured to automatically dim after longer than 5 minutes.
Timeout (seconds)480
CPU Utilization:Individual process with significant processor utilization.
This process is responsible for a significant portion of the total processor utilization recorded during the trace.
Process NameWmiPrvSE.exe
PID6576
Average Utilization (%)3.26
ModuleAverage Module Utilization (%)
\SystemRoot\system32\ntoskrnl.exe2.29
\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll0.36
\Device\HarddiskVolume3\Windows\System32\ntdll.dll0.21
CPU Utilization:Individual process with significant processor utilization.
This process is responsible for a significant portion of the total processor utilization recorded during the trace.
Process Namesvchost.exe
PID3472
Average Utilization (%)0.58
ModuleAverage Module Utilization (%)
\Device\HarddiskVolume3\Windows\System32\ntdll.dll0.17
\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll0.15
\SystemRoot\system32\ntoskrnl.exe0.11
CPU Utilization:Individual process with significant processor utilization.
This process is responsible for a significant portion of the total processor utilization recorded during the trace.
Process NameSystem
PID4
Average Utilization (%)0.45
ModuleAverage Module Utilization (%)
\SystemRoot\system32\ntoskrnl.exe0.32
\SystemRoot\system32\DRIVERS\bcmwl63a.sys0.05
\SystemRoot\System32\drivers\USBPORT.SYS0.01
CPU Utilization:Individual process with significant processor utilization.
This process is responsible for a significant portion of the total processor utilization recorded during the trace.
Process Namesvchost.exe
PID2132
Average Utilization (%)0.35
ModuleAverage Module Utilization (%)
\Device\HarddiskVolume3\Windows\System32\sysmain.dll0.25
\SystemRoot\system32\ntoskrnl.exe0.08
\Device\HarddiskVolume3\Windows\System32\msvcrt.dll0.00
Information
Platform Timer Resolution:Timer Request Stack
The stack of modules responsible for the lowest platform timer setting in this process.
Requested Period10000
Requesting Process ID12168
Requesting Process Path\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe
Calling Module Stack\Device\HarddiskVolume3\Windows\System32\ntdll.dll
\Device\HarddiskVolume3\Windows\System32\kernel32.dll
\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\84.0.4147.105\chrome.dll
\Device\HarddiskVolume3\Windows\System32\kernel32.dll
\Device\HarddiskVolume3\Windows\System32\ntdll.dll
Platform Timer Resolution:Timer Request Stack
The stack of modules responsible for the lowest platform timer setting in this process.
Requested Period10000
Requesting Process ID11988
Requesting Process Path\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe
Calling Module Stack\Device\HarddiskVolume3\Windows\System32\ntdll.dll
\Device\HarddiskVolume3\Windows\System32\kernel32.dll
\Device\HarddiskVolume3\Windows\System32\d3d9.dll
\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\84.0.4147.105\libGLESv2.dll
\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\84.0.4147.105\chrome.dll
\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe
Power Policy:Active Power Plan
The current power plan in use
Plan NameOEM High Performance
Plan GUID{8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c}
Power Policy:power Plan Personality (On Battery)
The personality of the current power plan when the system is on battery power.
PersonalityHigh Performance
Power Policy:Video Quality (On Battery)
Enables Windows Media Player to optimize for quality or power savings when playing video.
Quality ModeOptimize for Video Quality
Power Policy:power Plan Personality (Plugged In)
The personality of the current power plan when the system is plugged in.
PersonalityHigh Performance
Power Policy:802.11 Radio Power Policy is Maximum Performance (Plugged In)
The current power policy for 802.11-compatible wireless network adapters is not configured to use low-power modes.
Power Policy:Video quality (Plugged In)
Enables Windows Media Player to optimize for quality or power savings when playing video.
Quality ModeOptimize for Video Quality
Battery:Battery Information

Battery ID50C8Simplo Li_Ion_4000mA
ManufacturerSimplo
Serial Number50C8
ChemistryLion
Long Term1
Sealed0
Design Capacity48840
Last Full Charge2054
Platform Power Management Capabilities:Supported Sleep States
Sleep states allow the computer to enter low-power modes after a period of inactivity. The S3 sleep state is the default sleep state for Windows platforms. The S3 sleep state consumes only enough power to preserve memory contents and allow the computer to resume working quickly. Very few platforms support the S1 or S2 Sleep states.
S1 Sleep Supportedfalse
S2 Sleep Supportedfalse
S3 Sleep Supportedtrue
S4 Sleep Supportedtrue
Platform Power Management Capabilities:Connected Standby Support
Connected standby allows the computer to enter a low-power mode in which it is always on and connected. If supported, connected standby is used instead of system sleep states.
Connected Standby Supportedfalse
Platform Power Management Capabilities:Adaptive Display Brightness is supported.
This computer enables Windows to automatically control the brightness of the integrated display.
Platform Power Management Capabilities:processor Power Management Capabilities
Effective processor power management enables the computer to automatically balance performance and energy consumption.
Group0
Index0
Idle State Count2
Idle State TypeACPI Idle (C) States
Nominal Frequency (MHz)2399
Maximum Performance Percentage100
Lowest Performance Percentage38
Lowest Throttle Percentage4
Performance Controls TypeACPI Performance (P) / Throttle (T) States
Platform Power Management Capabilities:processor Power Management Capabilities
Effective processor power management enables the computer to automatically balance performance and energy consumption.
Group0
Index1
Idle State Count2
Idle State TypeACPI Idle (C) States
Nominal Frequency (MHz)2399
Maximum Performance Percentage100
Lowest Performance Percentage38
Lowest Throttle Percentage4
Performance Controls TypeACPI Performance (P) / Throttle (T) States
Platform Power Management Capabilities:processor Power Management Capabilities
Effective processor power management enables the computer to automatically balance performance and energy consumption.
Group0
Index2
Idle State Count2
Idle State TypeACPI Idle (C) States
Nominal Frequency (MHz)2399
Maximum Performance Percentage100
Lowest Performance Percentage38
Lowest Throttle Percentage4
Performance Controls TypeACPI Performance (P) / Throttle (T) States
Platform Power Management Capabilities:processor Power Management Capabilities
Effective processor power management enables the computer to automatically balance performance and energy consumption.
Group0
Index3
Idle State Count2
Idle State TypeACPI Idle (C) States
Nominal Frequency (MHz)2399
Maximum Performance Percentage100
Lowest Performance Percentage38
Lowest Throttle Percentage4
Performance Controls TypeACPI Performance (P) / Throttle (T) States
Device Drivers:Analysis Success
Analysis was successful. No energy efficiency problems were found. No information was returned.
 

iMacg3

Malware Specialist
Joined
Nov 3, 2018
Messages
903
Welcome. :)

Please do the following.


---------------------------------------------------
Farbar Recovery Scan Tool (FRST)

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, and that will be the right version.
  • Right-click FRST.exe/FRST64.exe then click "Run as administrator"
  • When the tool opens, click Yes to the disclaimer.
  • Press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste the logs in your next reply.
 

kevyboyo

Thread Starter
Joined
Jan 24, 2013
Messages
23
Hi iMacg3,

Thanks for getting in touch.

Please find the 2 FRST logs attached as pasting both logs into this post contained to many characters: -

Kevin
 

Attachments

iMacg3

Malware Specialist
Joined
Nov 3, 2018
Messages
903
Hi kevyboyo
,

Re-run Malwarebytes and remove all detected threats.

========

Did you set a proxy in Firefox?

Please do this.


---------------------------------------------------
Farbar Recovery Scan Tool - Fix

  • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
    Code:
    Start::
    CreateRestorePoint:
    CloseProcesses:
    HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> 
    Task: {00720CCF-CB3D-494A-BBFB-62615D59B2F4} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {019C6A42-0B0F-451E-B6DB-101D6066697E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {05C940A5-FDE1-4A51-BA49-4C24FB720380} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {309498F9-FDC3-47A6-96C6-4DF0035B7B6A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {5EC3FBCF-1676-4D51-9096-7AD6ACEA56B0} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
    Task: {7096D439-5D9E-4485-99C8-3C3749720CDE} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {793A13C8-EE16-4BD1-B0FB-F26D3593E2ED} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {7A81B539-27BF-44A1-8563-B763431410A9} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION
    Task: {7AA9F6A2-4B0E-4296-B8E8-19D7FE3C0BAC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {8CAB9EB7-28EC-40F1-8ECD-BDFD4BDB8E9B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {9842DB1C-24A7-4ECE-B9E7-40C278451F9C} - \Games\UpdateCheck_S-1-5-21-362861970-2315259613-3687165331-1001 -> No File <==== ATTENTION
    Task: {AA18E9A4-A1CC-4E60-8BAF-1B638F8EF8C2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {B461B1B2-E526-41B2-8566-11C68EC438CC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {C98F04E8-9009-4D33-BE47-D76FE3AEEE5A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
    Task: {D369EEF9-6B5A-4044-A859-84D823F32DFB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {D9576C69-4126-4181-968A-8F06FFA4C1A6} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
    Task: {D98C81EA-0D51-4976-BD5D-EDA9C2F8CF8D} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
    Task: {E42EFADE-1CC8-405F-BF99-F12F6BDEC5F0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    URLSearchHook: HKU\S-1-5-21-362861970-2315259613-3687165331-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll No File
    URLSearchHook: HKU\S-1-5-21-362861970-2315259613-3687165331-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll No File
    SearchScopes: HKU\S-1-5-21-362861970-2315259613-3687165331-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    Toolbar: HKU\S-1-5-21-362861970-2315259613-3687165331-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
    Toolbar: HKU\S-1-5-21-362861970-2315259613-3687165331-1000 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll No File
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll No File
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
    2020-07-30 19:17 - 2015-10-23 16:38 - 000000000 ____D C:\Users\Donald\AppData\Local\SlimWare Utilities Inc
    ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
    ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
    ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
    ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
    ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
    ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
    ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
    ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
    ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
    AlternateDataStreams: C:\ProgramData\Temp:93EB7685 [288]
    AlternateDataStreams: C:\ProgramData\Temp:E3C56885 [240]
    FirewallRules: [{3EC06521-E526-49EC-91DA-B0BC2B2F4B21}] => (Allow) C:\Users\Donald\AppData\Local\Temp\7zS5A0D\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{4759C97A-9F49-480F-BFC2-2615EF4F0C00}] => (Allow) C:\Users\Donald\AppData\Local\Temp\7zS5A0D\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{3B900B1A-089A-4C1D-8F09-A326D193EF2C}] => (Allow) C:\Users\Donald\AppData\Local\Temp\7zS4A18\HP.EasyStart.exe => No File
    FirewallRules: [UDP Query User{9A468CF6-703C-42E7-86C9-89EE36D6CA18}C:\users\donald\appdata\local\temp\7zs66cf\enterprisedu.exe] => (Allow) C:\users\donald\appdata\local\temp\7zs66cf\enterprisedu.exe => No File
    FirewallRules: [TCP Query User{6C61C623-2619-436D-8E12-009B04444CE5}C:\users\donald\appdata\local\temp\7zs66cf\enterprisedu.exe] => (Allow) C:\users\donald\appdata\local\temp\7zs66cf\enterprisedu.exe => No File
    FirewallRules: [{989ABA61-FF87-4753-BBC8-10453F01DCE2}] => (Allow) C:\Users\Donald\AppData\Local\Temp\7zS3D0E\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{8D3D9048-EF18-4537-AA45-F0039E8E04E0}] => (Allow) C:\Users\Donald\AppData\Local\Temp\7zS3D0E\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{8CC9ADFB-208F-462A-84A3-C67484AB3B03}] => (Allow) C:\Users\Donald\AppData\Local\Temp\7zS15A8\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{EB16DFD3-A3E9-4BF1-879A-CF033D7EBF1C}] => (Allow) C:\Users\Donald\AppData\Local\Temp\7zS15A8\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{967DD615-5A98-426D-BBE0-8623942486D1}] => (Allow) C:\Users\Donald\AppData\Local\Temp\7zS6AD2\HP.EasyStart.exe => No File
    FirewallRules: [{BE91328D-D274-435E-9056-F7A3A1F8B006}] => (Allow) C:\Users\Donald\AppData\Local\Temp\7zS3580\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{C2E2E63C-644E-4711-AA31-36FE817E6AA6}] => (Allow) C:\Users\Donald\AppData\Local\Temp\7zS3580\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{2A249D07-1C8D-42CB-939F-4DAAF63A8867}] => (Allow) C:\Users\Donald\AppData\Local\Temp\7zS0D75\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{A3A82AB3-2866-48B4-B7A5-03B70EB7445C}] => (Allow) C:\Users\Donald\AppData\Local\Temp\7zS0D75\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{780E7803-BA71-4ED3-8E55-29A0DA833970}] => (Allow) C:\Users\Donald\AppData\Local\Temp\7zS4FD2\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{47249A3D-6DD7-4DE8-A618-BE3EE87C2409}] => (Allow) C:\Users\Donald\AppData\Local\Temp\7zS4FD2\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{1B7B81F8-DD68-47DA-8C3C-CF8B9BC99D3A}] => (Allow) C:\Users\Donald\AppData\Local\Temp\7zS515E\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{9412F7C3-CC5B-476B-A64B-FE94A20D1F29}] => (Allow) C:\Users\Donald\AppData\Local\Temp\7zS515E\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{C8F27B7F-67C4-46DF-A31B-EF846CAF474B}] => (Allow) C:\Users\Donald\AppData\Local\Temp\7zS2E8E\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{EDC9E00A-D1C7-4582-A4DB-97B65CF3EC69}] => (Allow) C:\Users\Donald\AppData\Local\Temp\7zS2E8E\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{A3E26435-913E-4F9F-BD0F-5DA98F974203}] => (Allow) C:\Users\Donald\AppData\Local\Temp\7zS207F\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{D08BC4F5-64A1-44D9-ACB3-18A49AE5E86F}] => (Allow) C:\Users\Donald\AppData\Local\Temp\7zS207F\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{03A46A3C-79B7-4348-AF63-7DCD64160F79}] => (Allow) C:\Users\Donald\AppData\Roaming\Zoom\bin\airhost.exe => No File
    FirewallRules: [{F831512F-9A08-4E5D-8C12-24B020AACA0C}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe => No File
    FirewallRules: [{B3567642-7156-4393-A089-170BE3124481}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe => No File
    FirewallRules: [{9B72CE53-7807-4145-8639-2FA930E6B12B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe => No File
    FirewallRules: [{2822CD4D-B446-496B-85EA-36FF5B2D010C}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe => No File
    FirewallRules: [{36B60DB1-D062-4876-844F-05EC1EE492DA}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe => No File
    FirewallRules: [TCP Query User{4D892393-63F7-4632-A527-F9DE7676E19E}C:\program files (x86)\logitech\vid hd\vid.exe] => (Allow) C:\program files (x86)\logitech\vid hd\vid.exe => No File
    FirewallRules: [UDP Query User{B2C3E062-5CCF-4479-9835-73E889C7192B}C:\program files (x86)\logitech\vid hd\vid.exe] => (Allow) C:\program files (x86)\logitech\vid hd\vid.exe => No File
    FirewallRules: [{ED720A43-4C63-41B8-B32A-69F913F0AAF6}] => (Allow) C:\Windows\System32\lxcycoms.exe => No File
    FirewallRules: [{B49A2FE3-30E2-426D-B7AE-A5D4975C8B9A}] => (Allow) C:\Windows\System32\lxcycoms.exe => No File
    FirewallRules: [{7B8F5D40-2190-436A-83A7-639291D9491F}] => (Allow) LPort=135
    FirewallRules: [{A6257186-68D6-4E48-AA87-090483CE5A50}] => (Allow) C:\Program Files (x86)\bttb\dtuser.exe => No File
    FirewallRules: [{A1DF720F-3902-4827-917E-9485FF91549A}] => (Allow) C:\Program Files (x86)\bttb\dtuser.exe => No File
    CMD: type "C:\Users\Donald\AppData\Roaming\ksWjG.txt"
    VirusTotal: C:\Users\Donald\AppData\Local\uninstall.exe
    End::
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
    Note: No need to paste the script into FRST.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.


---------------------------------------------------
Emsisoft Emergency Kit

Download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).
  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When update is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning.
  • When the scan is completed click Quarantine selected objects. Note, this option is only available if malicious objects were detected during the scan.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop and post the contents in your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.
 

kevyboyo

Thread Starter
Joined
Jan 24, 2013
Messages
23
Hi iMacG3,

I have checked and I do not have a proxy setup in Firefox as it is set to 'No proxy'.

Please can you let me know if the Free version of MalwareBytes will remove all the threats?

I have ran through these fixes and scans and attached the 3 required logs to this post.

Thanks,

Kevin
 

Attachments

iMacg3

Malware Specialist
Joined
Nov 3, 2018
Messages
903
Looks like the threats were removed by Malwarebytes.

Yes, the free version will remove detected threats. The paid version provides real-time scanning, while the free version functions as an on-demand scanner.

One more fix for you to run. Please do this -


---------------------------------------------------
Farbar Recovery Scan Tool - Fix

  • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
    Code:
    Start::
    CreateRestorePoint:
    C:\Users\Donald\AppData\Local\uninstall.exe
    FF NetworkProxy: Mozilla\Firefox\Profiles\k9copqqy.default -> type", 0
    End::
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
    Note: No need to paste the script into FRST.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.


How is the computer running?
 

kevyboyo

Thread Starter
Joined
Jan 24, 2013
Messages
23
Thanks,

I have run the FRST fix you sent me and attached the fixlog.txt to this post.

I found that the FRST tool, Malwarebytes and Edge browser apps we not responding. It's slow to load up icons on the desktop when you first boot up the laptop too but I will need to use the laptop a bit more to find out how its running now.

I noticed there are 730 threats in quarantine in Malwarebytes. Shall I just delete these?

Thanks for your help so far.

Kevin
 

Attachments

iMacg3

Malware Specialist
Joined
Nov 3, 2018
Messages
903
Yes you can delete the threats from quarantine.

Please run a new scan with FRST and attach both logs to your reply.
 

kevyboyo

Thread Starter
Joined
Jan 24, 2013
Messages
23
Thanks,

I managed to delete the threats in the quarantine in MalwareBytes.

I have ran a scan in FRST and attached the 2 scan results logs.

Do you think I need to replace the battery in the laptop?

Kevin
 

Attachments

iMacg3

Malware Specialist
Joined
Nov 3, 2018
Messages
903
How is the computer running?

--------------------------

Once this topic is complete I will refer you to another section of the forum that specializes in computer hardware for assistance with your laptop battery.
 

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top