-
Posts
208 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by SQx
-
-
Hello nicotela94,
Please let me know if you are still experiencing the mentioned issue?
Thanks. -
Greetings,
Could you please clarify if this started after installing Audodesk?Please do the following to run a FRST fix.
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system-
Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start:: CreateRestorePoint: ExportKey: HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate ExportKey: HKLM\SOFTWARE\Policies\Google Task: {AD739F7D-7724-4EE3-8710-822D5BE6325D} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe /checkin (No File) Task: {1A0ADBD1-0C64-469F-9500-464FFB9B61A7} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {407FF390-2B3D-4145-86D4-849FAB947DBB} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found] Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found] Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found] Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found] File: C:\WINDOWS\system32\drivers\dfx11_1x64.sys CMD: type C:\Users\Nicolás\AppData\Local\r18fpz9gq0 2017-12-16 00:54 - 2017-12-16 00:54 - 000000052 _____ () C:\Users\Nicolás\AppData\Local\r18fpz9gq0 AlternateDataStreams: C:\Users\Nicolás\Application Data:00e481b5e22dbe1f649fcddd505d3eb7 [394] AlternateDataStreams: C:\Users\Nicolás\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394] AlternateDataStreams: C:\Users\Public\AppData:CSM [472] FirewallRules: [{0A519432-22C6-4225-831C-6476B5DFB199}] => (Allow) D:\Games Location\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File FirewallRules: [{3C347766-F288-498E-BC88-97C45BC21810}] => (Allow) D:\Games Location\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File FirewallRules: [UDP Query User{976EE374-266B-482D-9E2C-B5717AC2CCD3}D:\games location\black mesa\bms.exe] => (Allow) D:\games location\black mesa\bms.exe => No File FirewallRules: [TCP Query User{9DCDDBF1-A0B7-48C2-B193-5BBE34C77756}D:\games location\black mesa\bms.exe] => (Allow) D:\games location\black mesa\bms.exe => No File FirewallRules: [UDP Query User{ABE97CF6-0557-4B8A-A24A-B79362D26E9D}D:\games location\subnautica.v58064\subnautica.exe] => (Allow) D:\games location\subnautica.v58064\subnautica.exe => No File FirewallRules: [TCP Query User{879BE949-3A80-4D87-95B7-CED5240BB572}D:\games location\subnautica.v58064\subnautica.exe] => (Allow) D:\games location\subnautica.v58064\subnautica.exe => No File FirewallRules: [UDP Query User{67E9AD75-12CC-4DD6-81CB-DDE5AD088B62}D:\games location\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\games location\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File FirewallRules: [TCP Query User{E617877B-E9EC-48CD-B660-6C8063DF46A7}D:\games location\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\games location\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File End::
- Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
- Press the Fix button once and wait.
- FRST will process fixlist.txt
- When finished, it will produce a log fixlog.txt on your Desktop.
-
Post the log in your next reply.
-
Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
-
Greetings,
Please do the following to run a FRST fix.
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system-
Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start:: CreateRestorePoint: Task: {56F3FA41-8407-47DE-A3E1-6EAD5E0C8063} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-643858719-1823263509-3636400489-1001 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File) Task: {E718D044-8F6E-48E7-953D-85D8F0FF19E2} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-643858719-1823263509-3636400489-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File) ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File File: C:\Users\Tim\AppData\Local\Temp\853C6CBF-E323-48B2-A9C0-7B874AC559D2\DismHost.exe File: C:\Windows\Temp\MUBSTemp\BCILauncher.exe Folder: C:\Users\Tim\appdata\local\OneLaunch ExportKey: HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate ExportKey: HKCU\Software\OneLaunch ExportKey: HKCU\SOFTWARE\Classes\OneLaunchHTML ExportKey: HKCU\SOFTWARE\RegisteredApplications ExportKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\TREE End::
- Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
- Press the Fix button once and wait.
- FRST will process fixlist.txt
- When finished, it will produce a log fixlog.txt on your Desktop.
- Post the log in your next reply.
-
Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
-
Perfect, thank you for the details.
If all is well then we can proceed with cleanup of tools we used.1. To remove the FRST64.exe tool & its work files, do this. Go to your Downloads folder. Do a RIGHT-click on
FRST64.exe
& select
RENAME
& then change it to
UNINSTALL.exe
.
Then run that ( double click on it) to begin the cleanup process.
2. Any other download file I had you download, you may delete.
3. The following information will help you to keep your computer and data safer as well as improve your overall privacy-
Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.
https://www.howtogeek.com/780233/best-password-manager/ - Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/
- Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download https://patchmypc.com/about-us
- Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2
- Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/
- Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security
- Google Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee
- Microsoft Edge: https://support.malwarebytes.com/hc/en-us/articles/4413298736787-Install-Malwarebytes-Browser-Guard-on-Microsoft-Edge-browser
- Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/
- Google Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm
- Microsoft Edge: https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak
- Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin
Cybersecurity basics & protection
Everything you need to know about cybercrime
https://www.malwarebytes.com/cybersecurityFurther reading if you'd like to keep up on the malware threat scene: Malwarebytes Blog https://blog.malwarebytes.com/
Hopefully, we've been able to assist you with correcting your system issues.
Thank you for using Malwarebytes. Please tell your friends and family if they too need assistance with malware removal
-
Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.
-
Thank you for the log, all is well as you can see:
Total 95049 files (133898 objects) are clean There are no infected objects detected
Please let me know if you have any concerns or new alerts.
-
Perfect, thank you for the details.
If all is well then we can proceed with cleanup of tools we used.1. To remove the FRST64.exe tool & its work files, do this. Go to your Downloads folder. Do a RIGHT-click on
FRST64.exe
& select
RENAME
& then change it to
UNINSTALL.exe
.
Then run that ( double click on it) to begin the cleanup process.
2. Any other download file I had you download, you may delete.
3. The following information will help you to keep your computer and data safer as well as improve your overall privacy-
Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.
https://www.howtogeek.com/780233/best-password-manager/ - Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/
- Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download https://patchmypc.com/about-us
- Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2
- Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/
- Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security
- Google Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee
- Microsoft Edge: https://support.malwarebytes.com/hc/en-us/articles/4413298736787-Install-Malwarebytes-Browser-Guard-on-Microsoft-Edge-browser
- Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/
- Google Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm
- Microsoft Edge: https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak
- Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin
Cybersecurity basics & protection
Everything you need to know about cybercrime
https://www.malwarebytes.com/cybersecurityFurther reading if you'd like to keep up on the malware threat scene: Malwarebytes Blog https://blog.malwarebytes.com/
Hopefully, we've been able to assist you with correcting your system issues.
Thank you for using Malwarebytes. Please tell your friends and family if they too need assistance with malware removal
-
Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.
-
Looks like all went good.
Please run AV scanner just to be sure.Dr.Web CureIt!
Please download the Dr.Web CureIt! anti-virus utility
https://free.drweb.com/You will need to send them an email to obtain a link to download the scanner, please do so
- The downloaded file will normally have a unique name such as: q7a9tr4p.exe
- Close all open applications and locate the downloaded file and double-click to run it
- The program will take a moment to launch and bring up the License and Update screen
- Place a check mark to agree to the terms and then click on the Continue button
- Click the underlined link Select objects for scanning
- On the top left click the Scanning objects that should automatically check all objects
- Click the small wrench and make sure there is a check on Automatically apply actions to threats
- Then click the large button on bottom right Start scanning
- Once the scan has completed there will be a link named Open report click that and a log named cureit.log should open in Notepad
- The log is saved in the folder named Doctor Web in the top of your user profile folders
- Please attach that log on your next reply
-
Greetings,
Please do the following to run a FRST fix.
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system-
Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start:: CreateRestorePoint: ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions Task: {33a255f3-1fbb-4d1a-a27b-2f2ed52956a7} - no filepath. <==== ATTENTION Task: {96523e47-4e35-44b3-8149-f0aab7345091} - no filepath. <==== ATTENTION Task: {cd4012b0-26a2-4303-9b4f-957ae6e13c94} - no filepath. <==== ATTENTION Unlock: C:\Program Files\Google\Libs\WR64.sys File: C:\Program Files\Google\Libs\WR64.sys C:\Program Files\Google\Libs\WR64.sys StartBatch: DISM.exe /Online /Cleanup-image /Restorehealth sfc /scannow Endbatch: Folder: C:\PROGRAM FILES\WINDOWSMALWAREPROTECTION\CONFIG Folder: C:\Users\Logan Damme\AppData\Google\Libs FirewallRules: [{4E476F36-17F0-48DB-8E59-A517CF6460EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe => No File FirewallRules: [{6B29F115-262A-4961-BCAC-7918E54CD939}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe => No File FirewallRules: [TCP Query User{4EE74976-7779-4BD6-AECF-65B74B924E72}C:\program files\epic games\gtav\gta5.exe] => (Allow) C:\program files\epic games\gtav\gta5.exe => No File FirewallRules: [UDP Query User{4900FE1E-C40E-4C42-9320-D0FE97E0BF94}C:\program files\epic games\gtav\gta5.exe] => (Allow) C:\program files\epic games\gtav\gta5.exe => No File FirewallRules: [TCP Query User{C76BD27B-BD9A-4718-BF80-A8A7DA9D99D6}C:\program files (x86)\steam\steamapps\common\ready or not\readyornot\binaries\win64\readyornot-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\ready or not\readyornot\binaries\win64\readyornot-win64-shipping.exe => No File FirewallRules: [UDP Query User{5F9CC8CD-64C6-4220-8807-1B0FDEE802F4}C:\program files (x86)\steam\steamapps\common\ready or not\readyornot\binaries\win64\readyornot-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\ready or not\readyornot\binaries\win64\readyornot-win64-shipping.exe => No File FirewallRules: [TCP Query User{325BF6CC-4EB8-4E7A-A6A1-41CC32CF8E61}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe => No File FirewallRules: [UDP Query User{5BC14DFF-4C04-4F4D-911F-F7B01166A4EF}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe => No File FirewallRules: [{467278F5-7124-4906-AD8D-480FE6FE2A3F}] => (Allow) C:\Program Files\VMware\VMware Horizon View Client\vmware-remotemks.exe => No File FirewallRules: [{4688B6B5-AAB0-4515-8B9D-91869FE7550A}] => (Allow) C:\Program Files\VMware\VMware Horizon View Client\vmware-remotemks.exe => No File FirewallRules: [TCP Query User{0BAF186C-C7A9-4387-871D-68B080BCAF87}C:\users\logan damme\appdata\local\discord\app-1.0.9006\discord.exe] => (Allow) C:\users\logan damme\appdata\local\discord\app-1.0.9006\discord.exe => No File FirewallRules: [UDP Query User{8DD4C96B-A968-41C8-9D79-4289147C599E}C:\users\logan damme\appdata\local\discord\app-1.0.9006\discord.exe] => (Allow) C:\users\logan damme\appdata\local\discord\app-1.0.9006\discord.exe => No File FirewallRules: [{7C37C4DA-FFE3-4D22-B604-FE21AD722DAE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ready Or Not\Engine\Binaries\Win64\CrashReporter.exe => No File FirewallRules: [{C5B10CD6-01CB-4A41-9986-FEE56DE88AFB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ready Or Not\Engine\Binaries\Win64\CrashReporter.exe => No File FirewallRules: [TCP Query User{1585A8F1-D5FF-4974-B09D-78758E247886}D:\secondextinction\secondextinctioneos.exe] => (Allow) D:\secondextinction\secondextinctioneos.exe => No File FirewallRules: [UDP Query User{522D26A5-EB0B-4FA8-ADA7-28605463E5C7}D:\secondextinction\secondextinctioneos.exe] => (Allow) D:\secondextinction\secondextinctioneos.exe => No File End::
- Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
- Press the Fix button once and wait.
- FRST will process fixlist.txt
- When finished, it will produce a log fixlog.txt on your Desktop.
- Post the log in your next reply.
-
Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
-
No malware were found in the log; only one file was deleted due to suspicious entries:
C:\WINDOWS\system32\drivers\etc\hosts - infected with HOSTS:MALWARE.URL C:\WINDOWS\system32\drivers\etc\hosts - cured - 0ms, 0 bytes
Please let me know if you have any concerns or new alerts.
-
2 hours ago, Henri123 said:
My router is rented from my ISP and uses a coaxial cable. I haven't found secure options for a router that uses the cable yet.
Then it's better to work with your ISP to find the right solution. If bad actor gains access to your router and manipulates routes (like dns spoofing, cache poisoning, etc) the second (intermediate) router will not help in this case.
Please ensure that you follow the guidelines provided above.- 1
- 1
-
Hello _hv,
No malware was found, just leftovers.1. Please do the following to run a FRST fix.
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system-
Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start:: CreateRestorePoint: C:\WINDOWS\SYSTEM32\TASKS\Microsoft\Windows\Management\Provisioning\21MUdbtLYt C:\WINDOWS\SYSTEM32\TASKS\Microsoft\Windows\Management\Provisioning\jklKe C:\WINDOWS\SYSTEM32\TASKS\Microsoft\Windows\Management\Provisioning\kmPxbS C:\WINDOWS\SYSTEM32\TASKS\Microsoft\Windows\Management\Provisioning\zs2trQF69 C:\WINDOWS\system32\Drivers\etlhMkW04 C:\WINDOWS\system32\Drivers\bSjD0l C:\WINDOWS\system32\Drivers\VPfvJcrgRY C:\WINDOWS\system32\Drivers\btLYtVYV End::
- Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
- Press the Fix button once and wait.
- FRST will process fixlist.txt
- When finished, it will produce a log fixlog.txt on your Desktop.
- Post the log in your next reply.
2. please run AV scanner just to be sure.
Dr.Web CureIt!
Please download the Dr.Web CureIt! anti-virus utility
https://free.drweb.com/You will need to send them an email to obtain a link to download the scanner, please do so
- The downloaded file will normally have a unique name such as: q7a9tr4p.exe
- Close all open applications and locate the downloaded file and double-click to run it
- The program will take a moment to launch and bring up the License and Update screen
- Place a check mark to agree to the terms and then click on the Continue button
- Click the underlined link Select objects for scanning
- On the top left click the Scanning objects that should automatically check all objects
- Click the small wrench and make sure there is a check on Automatically apply actions to threats
- Then click the large button on bottom right Start scanning
- Once the scan has completed there will be a link named Open report click that and a log named cureit.log should open in Notepad
- The log is saved in the folder named Doctor Web in the top of your user profile folders
- Please attach that log on your next reply
-
Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
-
Greetings,
1. Malwarebytes forum does not support piracy, please remove all piracy software, otherwise our help will be useless. See example below:https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/crack&threatid=2147734096&enterprise=0 Name: HackTool:Win32/crack
2. I found torrent app in your logs. Please note, almost all of the Torrent Clients have multiple detections and should not be installed on your system. However, if you choose to do so, you're increasing your system's attack surface area, which can increase the risk of infection.
3. Please do the following to run a FRST fix.
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system-
Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start:: CreateRestorePoint: ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions File: C:\WINDOWS\System32\drivers\hanvonugeemfilter.sys Folder: C:\Windows\System32\Tasks_Migrated Folder: C:\WINDOWS\SYSTEM32\TASKS\Microsoft\Windows\Management\Provisioning Folder: C:\WINDOWS\system32\Drivers\etlhMkW04 Folder: C:\WINDOWS\system32\Drivers\bSjD0l Folder: C:\WINDOWS\system32\Drivers\VPfvJcrgRY Folder: C:\WINDOWS\system32\Drivers\btLYtVYV End::
- Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
- Press the Fix button once and wait.
- FRST will process fixlist.txt
- When finished, it will produce a log fixlog.txt on your Desktop.
- Post the log in your next reply.
-
Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
-
Perfect, thank you for the details.
We can proceed with cleanup of tools we used.1. To remove the FRSTENGLISH tool & its work files, do this. Go to your Downloads folder. Do a RIGHT-click on
FRSTENGLISH.exe
& select
RENAME
& then change it to
UNINSTALL.exe
.
Then run that ( double click on it) to begin the cleanup process.
2. Any other download file I had you download, you may delete.
3. The following information will help you to keep your computer and data safer as well as improve your overall privacy-
Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.
https://www.howtogeek.com/780233/best-password-manager/ - Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/
- Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download https://patchmypc.com/about-us
- Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2
- Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/
- Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security
- Google Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee
- Microsoft Edge: https://support.malwarebytes.com/hc/en-us/articles/4413298736787-Install-Malwarebytes-Browser-Guard-on-Microsoft-Edge-browser
- Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/
- Google Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm
- Microsoft Edge: https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak
- Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin
Cybersecurity basics & protection
Everything you need to know about cybercrime
https://www.malwarebytes.com/cybersecurityFurther reading if you'd like to keep up on the malware threat scene: Malwarebytes Blog https://blog.malwarebytes.com/
Hopefully, we've been able to assist you with correcting your system issues.
Thank you for using Malwarebytes. Please tell your friends and family if they too need assistance with malware removal
-
Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.
-
Please confirm that you don't have other devices and you have followed the following instructions?
1.Sign out & turn off sync.To delete synced info from your Google Account: On your Android device/computer, open Chrome Chrome. Go to chrome.google.com/sync. Scroll to Clear Data and click it.
Please note: that all sync data will be deleted from your Google Account.
2.Reset the Chrome setting and clean the data in Chrome if you don't need them, otherwise ignore this.
-
3 hours ago, b0xvera56 said:
would that interfere with the reason why even tho i am clearing synced data its always coming back?
Yes, if you are using the same account (email) and most likely because of this, sync restores data on the computer, so you could check this by temporarily disabling sync on your phone, clearing the sync data in google account and checking if the issue returns.
1. Please go to Control Panel, Programs, Programs and Features, Uninstall a programThen right-click and uninstall the following:
Driver Booster 11 (HKLM-x32\...\Driver Booster_is1) (Version: 11.3.0 - IObit)
2.Please do the following to run a FRST fix.
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system-
Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start:: CreateRestorePoint: Task: {FADBF632-2756-44CD-A9D6-C0721504FF02} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\11.3.0\AutoUpdate.exe [2525160 2024-02-27] (IObit CO., LTD -> IObit) File: C:\Windows\System32\drivers\BthA2dp.sys File: C:\Windows\System32\drivers\bthhfenum.sys 2024-03-08 15:03 - 2024-03-08 15:04 - 000002356 _____ C:\Users\Public\Desktop\Driver Booster 11.lnk 2024-03-08 15:03 - 2024-03-08 15:03 - 000003272 _____ C:\Windows\system32\Tasks\Driver Booster SkipUAC (SMD) 2024-03-08 15:03 - 2024-03-08 15:03 - 000003150 _____ C:\Windows\system32\Tasks\Driver Booster Update 2024-03-08 15:03 - 2024-03-08 15:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 11 2024-02-26 17:37 - 2024-03-15 04:04 - 000000000 ____D C:\Users\PCZONE.GE\AppData\Roaming\IObit 2024-02-26 17:37 - 2024-03-08 15:03 - 000000000 ____D C:\ProgramData\ProductData 2024-02-26 17:37 - 2024-02-26 20:20 - 000000000 ____D C:\ProgramData\IObit 2024-02-26 17:37 - 2024-02-26 20:20 - 000000000 ____D C:\Program Files (x86)\IObit 2024-02-26 17:37 - 2024-02-26 17:37 - 000000000 ____D C:\Users\PCZONE.GE\AppData\LocalLow\IObit End::
- Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
- Press the Fix button once and wait.
- FRST will process fixlist.txt
- When finished, it will produce a log fixlog.txt on your Desktop
- Post the log in your next reply.
-
Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
-
Thank you for the fixlog.txt log.
Please reply this:On 3/16/2024 at 9:05 AM, SQx said:Please let me know if you are using sync in your android smartphone as well?
On 3/16/2024 at 2:47 PM, b0xvera56 said:it's a PUP(potentially unwanted program), that may negatively affect to the computer's performance.
Could you please provide new FRST logs (frst.txt and addition.txt)? -
Greetings,
Please let me know if you are using sync in your android smartphone as well?
1. Malwarebytes forum does not support piracy, please remove all piracy software, otherwise our help will be useless. See example below:Name: HackTool:Win32/Keygen!MSR Severity: High Category: Tool Path: file:_C:\Program Files\EaseUS\EaseUS Data Recovery Wizard\EDRW v13 Activator v2.1 - De!.exe; process:_pid:28068,ProcessStart:133538071495232311 Detection Origin: Local machine Detection Type: Concrete Detection Source: System Process Name: C:\Program Files\EaseUS\EaseUS Data Recovery Wizard\EDRW v13 Activator v2.1 - De!.exe
2. Please go to Control Panel, Programs, Programs and Features, Uninstall a programThen right-click and uninstall the following:
IObit Uninstaller 13 (HKLM-x32\...\IObitUninstall) (Version: 13.3.0.2 - IObit)
3. Please check this article: Turn notifications on or off - Google Chrome
4. Please do the following to run a FRST fix.
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system-
Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start:: CreateRestorePoint: CloseProcesses: ExportKey: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Task: {2C958C1F-3B49-4402-AF03-C9E47B6A91E1} - System32\Tasks\GoogleUpdateTaskMachineCore{A530A92D-B741-45C3-B0B2-FD7BA8701B92} => "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c (No File) Task: {B949BF25-AA58-47AD-A793-55C858C103B7} - System32\Tasks\GoogleUpdateTaskMachineUA{6073D170-6BB9-42DF-A852-D169510A02DC} => "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ua /installsource scheduler (No File) S3 2BNO5Wpm; C:\Users\PCZONE.GE\AppData\Local\Temp\2BNO5Wpm [43216 2024-03-08] (PassMark Software Pty Ltd -> ) <==== ATTENTION S3 CXFl7xm2; C:\Users\PCZONE.GE\AppData\Local\Temp\CXFl7xm2 [43216 2024-03-08] (PassMark Software Pty Ltd -> ) <==== ATTENTION S3 MBK8elxp; C:\Users\PCZONE.GE\AppData\Local\Temp\MBK8elxp [43216 2024-03-08] (PassMark Software Pty Ltd -> ) <==== ATTENTION S3 xmIkHRNt; C:\Users\PCZONE.GE\AppData\Local\Temp\xmIkHRNt [43216 2024-03-08] (PassMark Software Pty Ltd -> ) <==== ATTENTION S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] End::
- Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
- Press the Fix button once and wait.
- FRST will process fixlist.txt
-
When finished, it will produce a log fixlog.txt on your Desktop
Please note: The computer will reboot after execution -
Post the log in your next reply.
-
Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
-
Hello Henry,
Please can you provide any examples to be sure that we have necessary guide/strategy that can help you.
Could you please provide the model and vendor name of your router if you are using one.
Have you contacted Consumer Support as was recommended before?
https://support.malwarebytes.com/hc/en-us/requests/new
Thank you.- 1
-
Greetings,
Let's go ahead and run a couple of scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process
Then follow each step in the order provided. Unless otherwise asked, please attach all logs
Please make the following system changes:
- If you have not done so already - Enable System Protection and create a NEW System Restore Point
- Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed
- Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the downloads are completed
- Disable-Fast-Startup
- Show-Hidden-Folders-Files-Extensions
Please run the following scans:
- Click the following link and run a Scan with AdwCleaner
-
Click the following link and run a Scan with Malwarebytes
RESTART the computer -
Click the following link and run a Scan with Farbar Recovery Scan Tool
Example image of where to click to attach files when posting your reply
Thank you
-
Greetings,
It is preferable to attach logs to the forum to get transparent assistance.
As you have been told before, the only private information would be if you used your real name for your profile name.You can send me the logs via Private Message if you like @Resssss
- 1
-
Greetings,
Yeah, according your log Windows Resource Protection found corrupt files and successfully repaired them.QuoteWindows Resource Protection found corrupt files and successfully repaired them.
For online repairs, details are included in the CBS log file located at
windir\Logs\CBS\CBS.log.So should be ok now. Please let me know otherwise.
The following information will help you to keep your computer and data safer as well as improve your overall privacy
-
Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.
https://www.howtogeek.com/780233/best-password-manager/ - Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/
- Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download https://patchmypc.com/about-us
- Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2
- Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/
- Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security
- Google Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee
- Microsoft Edge: https://support.malwarebytes.com/hc/en-us/articles/4413298736787-Install-Malwarebytes-Browser-Guard-on-Microsoft-Edge-browser
- Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/
- Google Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm
- Microsoft Edge: https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak
- Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin
Cybersecurity basics & protection
Everything you need to know about cybercrime
https://www.malwarebytes.com/cybersecurityFurther reading if you'd like to keep up on the malware threat scene: Malwarebytes Blog https://blog.malwarebytes.com/
Hopefully, we've been able to assist you with correcting your system issues.
Thank you for using Malwarebytes. Please tell your friends and family if they too need assistance with malware removal
-
Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.
-
Hello Toastedsnow,
Thank you for the info, please let's try the following.Please do the following to run a FRST fix.
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system-
Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start:: CreateRestorePoint: CloseProcesses: cmd: DISM.exe /Online /Cleanup-image /Restorehealth cmd: sfc /scannow cmd: del /s /q "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\*.*" cmd: del /s /q "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Detections.log" cmd: del /s /q "C:\ProgramData\Microsoft\Windows Defender\Scans\History\results\quick\*.*" cmd: del /s /q "C:\ProgramData\Microsoft\Windows Defender\Scans\History\results\resource\*.*" cmd: del /s /q "C:\ProgramData\Microsoft\Windows Defender\Scans\History\results\system\*.*" StartPowershell: Set-MpPreference -ScanPurgeItemsAfterDelay 1 Update-MpSignature Get-MpComputerStatus Get-MpPreference EndPowershell: ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions Folder: C:\Windows\System32\Tasks_Migrated End::
- Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
- Press the Fix button once and wait.
- FRST will process fixlist.txt
- When finished, it will produce a log fixlog.txt on your Desktop.
-
Post the log in your next reply.
Please note the computer will reboot.
-
Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
-
Please clarify if the Windows Defender is still showing detection?
-
Hello Toastedsnow,
It looks like the defender's history needs to be cleaned up.Please do the following to run a FRST fix.
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system-
Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start:: CreateRestorePoint: CloseProcesses: cmd: del /s /q "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\*.*" cmd: del /s /q "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Detections.log" End::
- Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
- Press the Fix button once and wait.
- FRST will process fixlist.txt
- When finished, it will produce a log fixlog.txt on your Desktop.
-
Post the log in your next reply.
Please note the computer will reboot.
-
Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
I suspect my Pc is infected: random cmd screen popping
in Resolved Malware Removal Logs
Posted
Also It looks like the schedule task that related to Autodesk is a part of the crack regarding the following discussion in the Autodesk forum: https://forums.autodesk.com/t5/installation-licensing/service-vbs-script-issue/td-p/10614551
Please read about Piracy on the forum.
We do not recommend installing or using any pirated programs (cracks, keygens, etc.).
Please remove the pirated programs (like Autodesk, and so on) otherwise our help will be useless.
I found this task which can pop-up cmd window that related to Autodesk (a part of crack) on your logs:
Task: {3E970D85-A300-48AB-84B6-A346ED80D134} - System32\Tasks\Microsoft\Windows\Autodesk\Autodesk => C:\Windows\system32\wscript.exe [170496 2021-09-16] (Microsoft Windows -> Microsoft Corporation) -> "%CommonProgramFiles(x86)%\Autodesk Shared\Network License Manager\Service.vbs" "%CommonProgramFiles(x86)%\Autodesk Shared\Network License Manager\Service.bat"
Please let me know if you need help removing the mentioned above schedule task?