Solved Mystarting123 and C:\Reimward

Walhalla

New Member
Thread author
Jul 24, 2017
3
Ive been trying to get rid of the search engine but it wont let me. I suspect it is also the reason a rather large amount of viruses are being detected by Avira. this morning I found a folder in the antivirus report in the C drive named Reimward which I cant seem to find in the filebrowser.

(win10, 64x,search engine redirects, mystarting123, scanned with Avira and MBAM)
 

Attachments

  • Addition.txt
    96.7 KB · Views: 1
  • FRST.txt
    82.4 KB · Views: 2

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hello,


adwcleaner_new.png
Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your Desktop.
  • Right-click on
    adwcleaner_new.png
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now.
  • After reboot, logfile will be opened. Copy its content into your next reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner



Please download Zemana AntiMalware and save it to your Desktop.
  • Install the program and once the installation is complete it will start automatically.
  • Without changing any options, press Scan to begin.
  • After the short scan is finished, if threats are detected press Next to remove them.
Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.
  • Open Zemana AntiMalware again.
  • Click on
    4zu6vb.jpg
    icon and double click the latest report.
  • Now click File > Save As and choose your Desktop before pressing Save.
  • The only left thing is to attach saved report in your next message.
 

Walhalla

New Member
Thread author
Jul 24, 2017
3
Thank you, and here you go:

# AdwCleaner 7.0.0.0 - Logfile created on Tue Jul 25 06:33:14 2017
# Updated on 2017/17/07 by Malwarebytes
# Running on Windows 10 Pro (X64)
# Mode: clean
# Support: Customer Support & Help Center

***** [ Services ] *****

Deleted: BIT


***** [ Folders ] *****

Deleted: C:\Program Files (x86)\Elex-tech
Deleted: C:\Users\stijn\AppData\Roaming\Elex-tech
Deleted: C:/Windows\System32\\SSL
Deleted: C:/Windows\SysWOW64\\SSL
Deleted: C:/Users\stijn\AppData\Roaming\\Firefox
Deleted: C:\Users\stijn\AppData\Local\AdvinstAnalytics
Deleted: C:\Users\stijn\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence


***** [ Files ] *****

Deleted: C:/Users\stijn\AppData\Roaming\\Installer.dat
Deleted: C:/Users\Public\Documents\\report.dat
Deleted: C:/Users\Public\Documents\\temp.dat
Deleted: C:\END
Deleted: C:\Windows\SysNative\log\iSafeKrnlCall.log


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\Elex-tech
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{7528F10C-90EB-43E0-8162-52F442258E27}
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d10lpsik1i8c69.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d10lpsik1i8c69.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\solvusoft.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\veoh.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.solvusoft.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.veoh.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d10lpsik1i8c69.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d10lpsik1i8c69.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\solvusoft.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\veoh.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.solvusoft.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.veoh.com
Deleted: [Key] - HKLM\SOFTWARE\InterSect Alliance
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\DMunversion
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|WinSAPSvc
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|BIT
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|glory
Deleted: [Key] - HKLM\SOFTWARE\Microleaves
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\bytefence.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\en.bytefence.com
Deleted: [Key] - HKLM\SOFTWARE\ScreenShot


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [5337 B] - [2017/7/25 6:32:59]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
 

Attachments

  • 2017.07.25-08.36.02-i0-t92-d20.txt
    9.1 KB · Views: 2

Walhalla

New Member
Thread author
Jul 24, 2017
3
Everything seems to work fine, no more virusses turned up in any scans and the search bar engine has defaulted back to google. Thank you very much for the help.
 
  • Like
Reactions: RoboMan

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top