Hi, rhoag.
Thank you for all the info provided.
The items detected by Windows Defender are potentially unwanted programs. They don't appear in your installed programs list, but you have their executable files in Drive D. It's up to you to keep them or not, but first read
here for further information about this kind of programs.
Code:
D:\Documents\Computer Related\Media\Video Converters\Cnet free Any-Viceo-Converet\avc-free.exe
D:\Documents\Computer Related\Media\Video Converters\Cnet free Format Factory\FFSetup280.exe
D:\Documents\Computer Related\Media\Video Downloaders\Freemake\FreemakeVideoDownloaderSetup.exe
D:\Documents\Games\Forenza Horizon 4\Forza Horizon 4 Manager.rar
I will delete the video converters, but I use video downloader, so will keep it unless there is a problem.
The Forenza Horizon 4 is a Windows game and is in the Windows uninstall list. I checked on the Manager on the D: drive as I wasn't familiar with it. I did a MS scan on it and it reported a "Severity Trojan:Win32/wacatac.B!ml so I quarantined it.
Let's continue:
1. Uninstall an Edge extension
Of course you didn't find Norton Safe Web. My mistake! It's an extension, not an application.
Open Edge, click on the three horizontal dots at the browser's top right and choose Extensions. Find Norton Safe Web and select Remove.
Thank you, done. I don't use Edge for browsing, I use Firefox.. wish I could just disable MS Edge, I can't find it in the Win Task manager strart up.
2. Search for Norton remnants (again)
- Download the Revo Uninstaller (Free Download) and save it on your Desktop.
- Double click on the exe file created on your Desktop to run the installer, and follow the instructions to install the program.
- Double click the program's icon to open it.
- Write in the search area, on the top left, the following program:
- Choose the Uninstall tab from the menu and let the program to create a Restore point.
- Choose Scan, and then the Advanced mode scan.
- Select all the Norton items found, Delete and Next.
- Let the procedure be completed and click on Finish.
- Restart the computer.
Ran the Revo as instructed and the search for
and there were zero results, also scanned for "Norton" with no results
3. Run AdwCleaner (Scan mode)
Download
AdwCleaner and save it to your desktop.
- Double click AdwCleaner.exe to run it.
- Click Scan Now.
- When the scan has finished, a Scan Results window will open.
- Click Cancel (at this point do not attempt to Quarantine anything that is found)
- Now click the Log Filestab.
- Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
- A Notepad file will open containing the results of the scan.
- Please post the contents of the file in your next reply.
# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build: 06-29-2021
# Database: 2021-06-29.1 (Local)
# Support:
https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 08-04-2021
# Duration: 00:00:06
# OS: Windows 10 Home
# Scanned: 31972
# Detected: 18
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
PUP.Optional.AdvancedSystemCare C:\Users\doane\AppData\Roaming\IObit\Advanced SystemCare
***** [ Files ] *****
PUP.Optional.Restoro C:\Windows\restoro.ini
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
PUP.Optional.Restoro HKCU\Software\Local AppWizard-Generated Applications\Restoro
PUP.Optional.Restoro HKCU\Software\Restoro
PUP.Optional.Restoro HKLM\Software\Classes\CLSID\{AE198C69-7358-4856-9029-F4C0FAD524C1}
PUP.Optional.Restoro HKLM\Software\Classes\CLSID\{BA827421-E282-479E-AE60-34796877B8AE}
PUP.Optional.Restoro HKLM\Software\Classes\Restoro.Engine
PUP.Optional.Restoro HKLM\Software\Classes\TypeLib\{C661BE9A-11D8-47DD-A980-6494B09F3AF3}
PUP.Optional.Restoro HKLM\Software\Restoro
PUP.Optional.Restoro HKLM\Software\Wow6432Node\\Classes\TypeLib\{C661BE9A-11D8-47DD-A980-6494B09F3AF3}
PUP.Optional.TheBrightTag HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com
PUP.Optional.TheBrightTag HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
No Preinstalled Software found.
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
4. Run Malwarebytes (Scan mode)
- Download Malwarebytes and save it to your Desktop.
- Once downloaded, close all programs and Windows on your computer.
- Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
- Follow the instructions to install the program.
During the install it reported unable to load AntiRootKit DDA driver and suggested a reboot to install it. I did that and started the program.
- When finished, double click the program's icon created on your Desktop.
- Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
Code:
Under the title Scan Options, all the options are checked.
Under the title Windows Security Center (Premium only) the option is NOT checked.
Under the title Potentially unwanted items all options are set to Always.
- Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
Set the options above. The scan froze with no indication of action. I tried several times. I uninstalled the program and reinstalled it, set the options and it now works.
- When finished, you will see the Threat Scan Summary window open.
If threats are not found, click
View Report and proceed to the
two last steps below.
If threats are found, make sure that
all threats are not selected, close the program and proceed to the next steps below.
- Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
- Find the report with the most recent date and double click on it.
- Click on Export and then Copy to Clipboard.
- Paste its content here, in your next reply.
In your next reply, please post:
- How the procedure went at steps 1 and 2
- The AdwCleaner[S0*].txt
- The Malwarebytes report
Okay, I athink I got this all right above, really appreciate all the help, Professor ;-)
Malwarebytes summary:
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 8/4/21
Scan Time: 9:36 AM
Log File: 10cb5914-f542-11eb-ab5a-50e549c0216d.json
-Software Information-
Version: 4.4.4.126
Components Version: 1.0.1413
Update Package Version: 1.0.43862
License: Trial
-System Information-
OS: Windows 10 (Build 19043.1151)
CPU: x64
File System: NTFS
User: Doane-PC\doane
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 331083
Threats Detected: 8
Threats Quarantined: 0
Time Elapsed: 2 min, 52 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 6
PUP.Optional.Restoro, HKLM\SOFTWARE\CLASSES\CLSID\{BA827421-E282-479E-AE60-34796877B8AE}, No Action By User, 842, 551619, , , , , ,
PUP.Optional.Restoro, HKLM\SOFTWARE\CLASSES\Restoro.Engine.1, No Action By User, 842, 551619, , , , , ,
PUP.Optional.Restoro, HKLM\SOFTWARE\CLASSES\Restoro.Engine, No Action By User, 842, 551619, 1.0.43862, , ame, , ,
PUP.Optional.Restoro, HKLM\SOFTWARE\Restoro, No Action By User, 842, 551614, 1.0.43862, , ame, , ,
PUP.Optional.Restoro, HKU\S-1-5-21-2159283933-1585630817-402555402-1001\SOFTWARE\Restoro, No Action By User, 842, 551610, 1.0.43862, , ame, , ,
PUP.Optional.Restoro, HKU\S-1-5-21-2159283933-1585630817-402555402-1001\SOFTWARE\Local AppWizard-Generated Applications\Restoro, No Action By User, 842, 551612, 1.0.43862, , ame, , ,
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 2
PUP.Optional.Restoro, C:\WINDOWS\RESTORO.INI, No Action By User, 842, 551609, 1.0.43862, , ame, , 598FAEEB808113E58C7D89A03ECCED39, 1D39D9534C2B88081582CE350BA75072FD492E718B3621BE9BBB68B95C7DAECC
PUP.Optional.Restoro, C:\WINDOWS\SYSTEM32\NATIVE.EXE, No Action By User, 842, 551621, 1.0.43862, , ame, , A1E5E09208F19DE7AD33554E9627D5E4, E4F2EBA8E47DA66A0794A9FF41D2764C05B089C5706586345BA417F4DAAA7430
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)