Jump to content

SQx

Trusted Advisors
  • Posts

    205
  • Joined

  • Last visited

Reputation

5 Neutral

1 Follower

Profile Information

  • Location
    Searching ...
  • Interests
    CyberSecurity, Network Security, Database Security, Threat Detection and Response

Recent Profile Visitors

2,468 profile views
  1. Greetings, Please do the following to run a FRST fix. NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere. Start:: CreateRestorePoint: Task: {56F3FA41-8407-47DE-A3E1-6EAD5E0C8063} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-643858719-1823263509-3636400489-1001 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File) Task: {E718D044-8F6E-48E7-953D-85D8F0FF19E2} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-643858719-1823263509-3636400489-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File) ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File File: C:\Users\Tim\AppData\Local\Temp\853C6CBF-E323-48B2-A9C0-7B874AC559D2\DismHost.exe File: C:\Windows\Temp\MUBSTemp\BCILauncher.exe Folder: C:\Users\Tim\appdata\local\OneLaunch ExportKey: HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate ExportKey: HKCU\Software\OneLaunch ExportKey: HKCU\SOFTWARE\Classes\OneLaunchHTML ExportKey: HKCU\SOFTWARE\RegisteredApplications ExportKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\TREE End:: Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer. Press the Fix button once and wait. FRST will process fixlist.txt When finished, it will produce a log fixlog.txt on your Desktop. Post the log in your next reply.
  2. Perfect, thank you for the details. If all is well then we can proceed with cleanup of tools we used. 1. To remove the FRST64.exe tool & its work files, do this. Go to your Downloads folder. Do a RIGHT-click on FRST64.exe & select RENAME & then change it to UNINSTALL.exe . Then run that ( double click on it) to begin the cleanup process. 2. Any other download file I had you download, you may delete. 3. The following information will help you to keep your computer and data safer as well as improve your overall privacy Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site. https://www.howtogeek.com/780233/best-password-manager/ Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/ Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download https://patchmypc.com/about-us Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2 Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security Malwarebytes Browser Guard Google Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee Microsoft Edge: https://support.malwarebytes.com/hc/en-us/articles/4413298736787-Install-Malwarebytes-Browser-Guard-on-Microsoft-Edge-browser Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/ uBlock Origin Google Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm Microsoft Edge: https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin Cybersecurity basics & protection Everything you need to know about cybercrime https://www.malwarebytes.com/cybersecurity Further reading if you'd like to keep up on the malware threat scene: Malwarebytes Blog https://blog.malwarebytes.com/ Hopefully, we've been able to assist you with correcting your system issues. Thank you for using Malwarebytes. Please tell your friends and family if they too need assistance with malware removal
  3. Thank you for the log, all is well as you can see: Total 95049 files (133898 objects) are clean There are no infected objects detected Please let me know if you have any concerns or new alerts.
  4. Perfect, thank you for the details. If all is well then we can proceed with cleanup of tools we used. 1. To remove the FRST64.exe tool & its work files, do this. Go to your Downloads folder. Do a RIGHT-click on FRST64.exe & select RENAME & then change it to UNINSTALL.exe . Then run that ( double click on it) to begin the cleanup process. 2. Any other download file I had you download, you may delete. 3. The following information will help you to keep your computer and data safer as well as improve your overall privacy Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site. https://www.howtogeek.com/780233/best-password-manager/ Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/ Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download https://patchmypc.com/about-us Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2 Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security Malwarebytes Browser Guard Google Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee Microsoft Edge: https://support.malwarebytes.com/hc/en-us/articles/4413298736787-Install-Malwarebytes-Browser-Guard-on-Microsoft-Edge-browser Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/ uBlock Origin Google Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm Microsoft Edge: https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin Cybersecurity basics & protection Everything you need to know about cybercrime https://www.malwarebytes.com/cybersecurity Further reading if you'd like to keep up on the malware threat scene: Malwarebytes Blog https://blog.malwarebytes.com/ Hopefully, we've been able to assist you with correcting your system issues. Thank you for using Malwarebytes. Please tell your friends and family if they too need assistance with malware removal
  5. Looks like all went good. Please run AV scanner just to be sure. Dr.Web CureIt! Please download the Dr.Web CureIt! anti-virus utility https://free.drweb.com/ You will need to send them an email to obtain a link to download the scanner, please do so The downloaded file will normally have a unique name such as: q7a9tr4p.exe Close all open applications and locate the downloaded file and double-click to run it The program will take a moment to launch and bring up the License and Update screen Place a check mark to agree to the terms and then click on the Continue button Click the underlined link Select objects for scanning On the top left click the Scanning objects that should automatically check all objects Click the small wrench and make sure there is a check on Automatically apply actions to threats Then click the large button on bottom right Start scanning Once the scan has completed there will be a link named Open report click that and a log named cureit.log should open in Notepad The log is saved in the folder named Doctor Web in the top of your user profile folders Please attach that log on your next reply
  6. Greetings, Please do the following to run a FRST fix. NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere. Start:: CreateRestorePoint: ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions Task: {33a255f3-1fbb-4d1a-a27b-2f2ed52956a7} - no filepath. <==== ATTENTION Task: {96523e47-4e35-44b3-8149-f0aab7345091} - no filepath. <==== ATTENTION Task: {cd4012b0-26a2-4303-9b4f-957ae6e13c94} - no filepath. <==== ATTENTION Unlock: C:\Program Files\Google\Libs\WR64.sys File: C:\Program Files\Google\Libs\WR64.sys C:\Program Files\Google\Libs\WR64.sys StartBatch: DISM.exe /Online /Cleanup-image /Restorehealth sfc /scannow Endbatch: Folder: C:\PROGRAM FILES\WINDOWSMALWAREPROTECTION\CONFIG Folder: C:\Users\Logan Damme\AppData\Google\Libs FirewallRules: [{4E476F36-17F0-48DB-8E59-A517CF6460EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe => No File FirewallRules: [{6B29F115-262A-4961-BCAC-7918E54CD939}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe => No File FirewallRules: [TCP Query User{4EE74976-7779-4BD6-AECF-65B74B924E72}C:\program files\epic games\gtav\gta5.exe] => (Allow) C:\program files\epic games\gtav\gta5.exe => No File FirewallRules: [UDP Query User{4900FE1E-C40E-4C42-9320-D0FE97E0BF94}C:\program files\epic games\gtav\gta5.exe] => (Allow) C:\program files\epic games\gtav\gta5.exe => No File FirewallRules: [TCP Query User{C76BD27B-BD9A-4718-BF80-A8A7DA9D99D6}C:\program files (x86)\steam\steamapps\common\ready or not\readyornot\binaries\win64\readyornot-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\ready or not\readyornot\binaries\win64\readyornot-win64-shipping.exe => No File FirewallRules: [UDP Query User{5F9CC8CD-64C6-4220-8807-1B0FDEE802F4}C:\program files (x86)\steam\steamapps\common\ready or not\readyornot\binaries\win64\readyornot-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\ready or not\readyornot\binaries\win64\readyornot-win64-shipping.exe => No File FirewallRules: [TCP Query User{325BF6CC-4EB8-4E7A-A6A1-41CC32CF8E61}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe => No File FirewallRules: [UDP Query User{5BC14DFF-4C04-4F4D-911F-F7B01166A4EF}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe => No File FirewallRules: [{467278F5-7124-4906-AD8D-480FE6FE2A3F}] => (Allow) C:\Program Files\VMware\VMware Horizon View Client\vmware-remotemks.exe => No File FirewallRules: [{4688B6B5-AAB0-4515-8B9D-91869FE7550A}] => (Allow) C:\Program Files\VMware\VMware Horizon View Client\vmware-remotemks.exe => No File FirewallRules: [TCP Query User{0BAF186C-C7A9-4387-871D-68B080BCAF87}C:\users\logan damme\appdata\local\discord\app-1.0.9006\discord.exe] => (Allow) C:\users\logan damme\appdata\local\discord\app-1.0.9006\discord.exe => No File FirewallRules: [UDP Query User{8DD4C96B-A968-41C8-9D79-4289147C599E}C:\users\logan damme\appdata\local\discord\app-1.0.9006\discord.exe] => (Allow) C:\users\logan damme\appdata\local\discord\app-1.0.9006\discord.exe => No File FirewallRules: [{7C37C4DA-FFE3-4D22-B604-FE21AD722DAE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ready Or Not\Engine\Binaries\Win64\CrashReporter.exe => No File FirewallRules: [{C5B10CD6-01CB-4A41-9986-FEE56DE88AFB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ready Or Not\Engine\Binaries\Win64\CrashReporter.exe => No File FirewallRules: [TCP Query User{1585A8F1-D5FF-4974-B09D-78758E247886}D:\secondextinction\secondextinctioneos.exe] => (Allow) D:\secondextinction\secondextinctioneos.exe => No File FirewallRules: [UDP Query User{522D26A5-EB0B-4FA8-ADA7-28605463E5C7}D:\secondextinction\secondextinctioneos.exe] => (Allow) D:\secondextinction\secondextinctioneos.exe => No File End:: Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer. Press the Fix button once and wait. FRST will process fixlist.txt When finished, it will produce a log fixlog.txt on your Desktop. Post the log in your next reply.
  7. No malware were found in the log; only one file was deleted due to suspicious entries: C:\WINDOWS\system32\drivers\etc\hosts - infected with HOSTS:MALWARE.URL C:\WINDOWS\system32\drivers\etc\hosts - cured - 0ms, 0 bytes Please let me know if you have any concerns or new alerts.
  8. Then it's better to work with your ISP to find the right solution. If bad actor gains access to your router and manipulates routes (like dns spoofing, cache poisoning, etc) the second (intermediate) router will not help in this case. Please ensure that you follow the guidelines provided above.
  9. Hello _hv, No malware was found, just leftovers. 1. Please do the following to run a FRST fix. NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere. Start:: CreateRestorePoint: C:\WINDOWS\SYSTEM32\TASKS\Microsoft\Windows\Management\Provisioning\21MUdbtLYt C:\WINDOWS\SYSTEM32\TASKS\Microsoft\Windows\Management\Provisioning\jklKe C:\WINDOWS\SYSTEM32\TASKS\Microsoft\Windows\Management\Provisioning\kmPxbS C:\WINDOWS\SYSTEM32\TASKS\Microsoft\Windows\Management\Provisioning\zs2trQF69 C:\WINDOWS\system32\Drivers\etlhMkW04 C:\WINDOWS\system32\Drivers\bSjD0l C:\WINDOWS\system32\Drivers\VPfvJcrgRY C:\WINDOWS\system32\Drivers\btLYtVYV End:: Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer. Press the Fix button once and wait. FRST will process fixlist.txt When finished, it will produce a log fixlog.txt on your Desktop. Post the log in your next reply. 2. please run AV scanner just to be sure. Dr.Web CureIt! Please download the Dr.Web CureIt! anti-virus utility https://free.drweb.com/ You will need to send them an email to obtain a link to download the scanner, please do so The downloaded file will normally have a unique name such as: q7a9tr4p.exe Close all open applications and locate the downloaded file and double-click to run it The program will take a moment to launch and bring up the License and Update screen Place a check mark to agree to the terms and then click on the Continue button Click the underlined link Select objects for scanning On the top left click the Scanning objects that should automatically check all objects Click the small wrench and make sure there is a check on Automatically apply actions to threats Then click the large button on bottom right Start scanning Once the scan has completed there will be a link named Open report click that and a log named cureit.log should open in Notepad The log is saved in the folder named Doctor Web in the top of your user profile folders Please attach that log on your next reply
  10. Greetings, 1. Malwarebytes forum does not support piracy, please remove all piracy software, otherwise our help will be useless. See example below: https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/crack&threatid=2147734096&enterprise=0 Name: HackTool:Win32/crack 2. I found torrent app in your logs. Please note, almost all of the Torrent Clients have multiple detections and should not be installed on your system. However, if you choose to do so, you're increasing your system's attack surface area, which can increase the risk of infection. 3. Please do the following to run a FRST fix. NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere. Start:: CreateRestorePoint: ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions File: C:\WINDOWS\System32\drivers\hanvonugeemfilter.sys Folder: C:\Windows\System32\Tasks_Migrated Folder: C:\WINDOWS\SYSTEM32\TASKS\Microsoft\Windows\Management\Provisioning Folder: C:\WINDOWS\system32\Drivers\etlhMkW04 Folder: C:\WINDOWS\system32\Drivers\bSjD0l Folder: C:\WINDOWS\system32\Drivers\VPfvJcrgRY Folder: C:\WINDOWS\system32\Drivers\btLYtVYV End:: Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer. Press the Fix button once and wait. FRST will process fixlist.txt When finished, it will produce a log fixlog.txt on your Desktop. Post the log in your next reply.
  11. Perfect, thank you for the details. We can proceed with cleanup of tools we used. 1. To remove the FRSTENGLISH tool & its work files, do this. Go to your Downloads folder. Do a RIGHT-click on FRSTENGLISH.exe & select RENAME & then change it to UNINSTALL.exe . Then run that ( double click on it) to begin the cleanup process. 2. Any other download file I had you download, you may delete. 3. The following information will help you to keep your computer and data safer as well as improve your overall privacy Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site. https://www.howtogeek.com/780233/best-password-manager/ Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/ Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download https://patchmypc.com/about-us Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2 Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security Malwarebytes Browser Guard Google Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee Microsoft Edge: https://support.malwarebytes.com/hc/en-us/articles/4413298736787-Install-Malwarebytes-Browser-Guard-on-Microsoft-Edge-browser Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/ uBlock Origin Google Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm Microsoft Edge: https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin Cybersecurity basics & protection Everything you need to know about cybercrime https://www.malwarebytes.com/cybersecurity Further reading if you'd like to keep up on the malware threat scene: Malwarebytes Blog https://blog.malwarebytes.com/ Hopefully, we've been able to assist you with correcting your system issues. Thank you for using Malwarebytes. Please tell your friends and family if they too need assistance with malware removal
  12. Please confirm that you don't have other devices and you have followed the following instructions? 1.Sign out & turn off sync. To delete synced info from your Google Account: On your Android device/computer, open Chrome Chrome. Go to chrome.google.com/sync. Scroll to Clear Data and click it. Please note: that all sync data will be deleted from your Google Account. 2.Reset the Chrome setting and clean the data in Chrome if you don't need them, otherwise ignore this.
  13. Yes, if you are using the same account (email) and most likely because of this, sync restores data on the computer, so you could check this by temporarily disabling sync on your phone, clearing the sync data in google account and checking if the issue returns. 1. Please go to Control Panel, Programs, Programs and Features, Uninstall a program Then right-click and uninstall the following: Driver Booster 11 (HKLM-x32\...\Driver Booster_is1) (Version: 11.3.0 - IObit) 2.Please do the following to run a FRST fix. NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere. Start:: CreateRestorePoint: Task: {FADBF632-2756-44CD-A9D6-C0721504FF02} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\11.3.0\AutoUpdate.exe [2525160 2024-02-27] (IObit CO., LTD -> IObit) File: C:\Windows\System32\drivers\BthA2dp.sys File: C:\Windows\System32\drivers\bthhfenum.sys 2024-03-08 15:03 - 2024-03-08 15:04 - 000002356 _____ C:\Users\Public\Desktop\Driver Booster 11.lnk 2024-03-08 15:03 - 2024-03-08 15:03 - 000003272 _____ C:\Windows\system32\Tasks\Driver Booster SkipUAC (SMD) 2024-03-08 15:03 - 2024-03-08 15:03 - 000003150 _____ C:\Windows\system32\Tasks\Driver Booster Update 2024-03-08 15:03 - 2024-03-08 15:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 11 2024-02-26 17:37 - 2024-03-15 04:04 - 000000000 ____D C:\Users\PCZONE.GE\AppData\Roaming\IObit 2024-02-26 17:37 - 2024-03-08 15:03 - 000000000 ____D C:\ProgramData\ProductData 2024-02-26 17:37 - 2024-02-26 20:20 - 000000000 ____D C:\ProgramData\IObit 2024-02-26 17:37 - 2024-02-26 20:20 - 000000000 ____D C:\Program Files (x86)\IObit 2024-02-26 17:37 - 2024-02-26 17:37 - 000000000 ____D C:\Users\PCZONE.GE\AppData\LocalLow\IObit End:: Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer. Press the Fix button once and wait. FRST will process fixlist.txt When finished, it will produce a log fixlog.txt on your Desktop Post the log in your next reply.
  14. Thank you for the fixlog.txt log. Please reply this: it's a PUP(potentially unwanted program), that may negatively affect to the computer's performance. Could you please provide new FRST logs (frst.txt and addition.txt)?
  15. Greetings, Please let me know if you are using sync in your android smartphone as well? 1. Malwarebytes forum does not support piracy, please remove all piracy software, otherwise our help will be useless. See example below: Name: HackTool:Win32/Keygen!MSR Severity: High Category: Tool Path: file:_C:\Program Files\EaseUS\EaseUS Data Recovery Wizard\EDRW v13 Activator v2.1 - De!.exe; process:_pid:28068,ProcessStart:133538071495232311 Detection Origin: Local machine Detection Type: Concrete Detection Source: System Process Name: C:\Program Files\EaseUS\EaseUS Data Recovery Wizard\EDRW v13 Activator v2.1 - De!.exe 2. Please go to Control Panel, Programs, Programs and Features, Uninstall a program Then right-click and uninstall the following: IObit Uninstaller 13 (HKLM-x32\...\IObitUninstall) (Version: 13.3.0.2 - IObit) 3. Please check this article: Turn notifications on or off - Google Chrome 4. Please do the following to run a FRST fix. NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere. Start:: CreateRestorePoint: CloseProcesses: ExportKey: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Task: {2C958C1F-3B49-4402-AF03-C9E47B6A91E1} - System32\Tasks\GoogleUpdateTaskMachineCore{A530A92D-B741-45C3-B0B2-FD7BA8701B92} => "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c (No File) Task: {B949BF25-AA58-47AD-A793-55C858C103B7} - System32\Tasks\GoogleUpdateTaskMachineUA{6073D170-6BB9-42DF-A852-D169510A02DC} => "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ua /installsource scheduler (No File) S3 2BNO5Wpm; C:\Users\PCZONE.GE\AppData\Local\Temp\2BNO5Wpm [43216 2024-03-08] (PassMark Software Pty Ltd -> ) <==== ATTENTION S3 CXFl7xm2; C:\Users\PCZONE.GE\AppData\Local\Temp\CXFl7xm2 [43216 2024-03-08] (PassMark Software Pty Ltd -> ) <==== ATTENTION S3 MBK8elxp; C:\Users\PCZONE.GE\AppData\Local\Temp\MBK8elxp [43216 2024-03-08] (PassMark Software Pty Ltd -> ) <==== ATTENTION S3 xmIkHRNt; C:\Users\PCZONE.GE\AppData\Local\Temp\xmIkHRNt [43216 2024-03-08] (PassMark Software Pty Ltd -> ) <==== ATTENTION S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] End:: Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer. Press the Fix button once and wait. FRST will process fixlist.txt When finished, it will produce a log fixlog.txt on your Desktop Please note: The computer will reboot after execution Post the log in your next reply.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.