Oh Boy.. I checked on the Forza Horizon 4 folder in D: and it listed a link to the DL at Reworkedgames.eu back in 2018. I vaguely remember now that at the time the game was just coming out with the PC version having been only Xbox before that and they offered a free intro dl of it... so I went for it. I always buy games on Steam, or Uplay or directly from the game company, but not that time. After Notre Dame in Paris burned I was given a free DL of Assassin's Creed Unity for donating to the restoration. The game is staged in Paris and was actually used to help in the restoration of the church. I don't believe in free hacked software or games, I made a mistake.Hi, rhoag.
Good job! Bravo!
Since Defender detected it, no other action is needed. I saw the Forenza Horizon 4 in your installed Windows applications and was also surprised about the specific detection. Then I noticed the path of the detected item in D and it seems that you may also downloaded it from somewhere else. Have you payed for it?
Now let's clean what AdwCleaner and Malwarebytes found, mostly Restoro remnants.
1. AdwCleaner (Clean mode)
To proceed, please do the following:
- Double click AdwCleaner.exe on your Desktop, to run it as you did before.
- Click Scan Now.
- When the scan has finished a Scan Results window will open.
- Please check all the boxes and then click Quarantine.
- Click Next.
- If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
- Check any pre-installed software items you want to remove.
- Click Quarantine.
- A prompt to save your work will appear.
- Click Continue when you're ready to proceed.
- A prompt to restart your computer will appear.
- Click Restart Now.
- Once your computer has restarted:
- If it doesn't open automatically, please start AdwCleaner.
- Click the Log Files tab.
- Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
- A Notepad file will open containing the results of the removal.
- Please post the contents of the file in your next reply.
# Malwarebytes AdwCleaner 184.108.40.206
# Build: 06-29-2021
# Database: 2021-06-29.1 (Local)
# Support: https://www.malwarebytes.com/support
# Mode: Clean
# Start: 08-04-2021
# Duration: 00:00:01
# OS: Windows 10 Home
# Cleaned: 18
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\Users\doane\AppData\Roaming\IObit\Advanced SystemCare
***** [ Files ] *****
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com
Deleted HKCU\Software\Local AppWizard-Generated Applications\Restoro
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
[+] Delete Tracing Keys
[+] Reset Winsock
AdwCleaner[S00].txt - [3506 octets] - [04/08/2021 08:22:04]
AdwCleaner[S01].txt - [3567 octets] - [04/08/2021 14:15:01]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
2. Run Malwarebytes (Clean mode)
- Double click the program's icon on your Desktop, as you did before.
- Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
Under the title Scan Options, all the options are checked. Under the title Windows Security Center (Premium only) the option is unchecked. Under the title Potentially unwanted items all options are set to Always.
- Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
- When finished, you will see the Threat Scan Summary window open.
- If threats are not found, click View Report and proceed to the two last steps below.
- If threats are found, make sure that all threats are selected, and click on Quarantine/Remove selected.
- You may need to restart the computer.
- Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
- Find the report with the most recent date and double click on it.
- Click on Export and then Copy to Clipboard.
- Paste its content here, in your next reply.
3. Fresh FRST logs
- Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
- Press Scan button and wait for a while.
- The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
- Please attach the content of these two logs in your next reply.
In your next reply, please post:
P.S. Please do not press the Reply button to quote parts of my posts into your reply. Just put points/numbers. It's easier for me to read what you write.
- The AdwCleaner[C0*].txt
- The Malwarebytes report
- The fresh FRST logs, Addition and FRST.