Jump to content

kexas

Members
  • Content Count

    38
  • Joined

  • Last visited

Community Reputation

0 Neutral

About kexas

  • Rank
    New Member

Recent Profile Visitors

1,460 profile views
  1. In the end did a fresh install of Win. Will also replace DVDW with SSD.
  2. Well I guess not if all the scans are clean. Although some MBAM services are terminated on startup.
  3. Hello, Kevin No threats detected. Nevertheless attached the report (weirdly enough it's Date Modified is in the future). However, startup is still arduous. Some notices: after startup a few MBAM services have very high response time. WindowsSearchProtocolHost.exe had a very long command line which included Mozilla4.0 and accessing some temp folder/file, but it self terminated. Don't know if it's normal. report_2021.01.30_14.56.16.klr.enc1.zip
  4. Thanks, I'll attempt it tomorrow morning since I won't find a USB now. Just to clear one thing: I should disconnect from the internet just after running update from My Update Center, correct?
  5. Compressed to .zip and attached. But Autoruns seem fine. for_mbf.zip
  6. Attached Autoruns saved file. Process Explorer also shows Spooler Sub's process as 1/75 for VT. Other observations during bad startup: Resource Monitor showed that a lot of things had very high response time (incl. files in System32 and SysWOW64). Event viewer naturally had a lot of errors (it's a huge mess) and a lot of them were due to time-outs. Also, WerFault.exe, which I disabled (mentioned in previous comment), was still reading, despite not being displayed in Task Manager (only visible in Resource Monitor). High Page File write. wlanext.exe had 959213309280 in command line (Run
  7. So Sophos scan was clean. However, startup is wonky again. Yesterday startup was bad and I noticed Windows Error Reporting running, so I disabled it and after then startup seemed fine (attempted several times). My guess that it was trying to access temp folders some of which aren't readable (FRST fix probably wasn't able to delete all Temp files either). But today startup is messed up again. Wallpaper and taskbar load (but it's not usable), but the only thing I can open is Task Manager. One of the potentially dangerous things I noticed (after opening Recourse Monitor) is that MBAM pro
  8. Yeah, I just found it weird that the processes close as soon as I open Task Manager. As for svchost it sometimes shows as a blank process (no name). What about .tmp files getting detected by RK? Can they be created by undetected malware?
  9. Is NTUSER.pol non-malicious either? Also, COM Surrogate instances (2 or 3 at a time) running from time to time, but whenever I open Task Manager the end themselves after 1 second. I'll see how everything is tomorrow.
  10. Attached logs. I see a lot of scan errors in msert. Are those normal? And no path to were the removed item was. Did it use some tricky hiding mechanism since it didn't get detected previously? FRST still detects NTUSER.pol. Should I try deleting it? msert.log FRST.txt Addition.txt
  11. I'm running it right now. It FRST fix took a long time (due to I/O errors likely) and PC took a long way to start-up – it was stuck on desktop with just wallpaper loaded for a while.
  12. Yes, that was my intention to confirm it wasn't altered. Attaching fixlog now. Fixlog.txt
  13. I'll attempt FRST fix. I take it it's normal for Chrome to block it as dangerous? Just in case I'll attach the one I got. Could you confirm it's correct? Regarding .tmp files. I was wrong about the file being the same one. Seems like RK detects different file one at a time. That's the weird part. If it was due to I/O error, then a lot more files would be detected instead of just one. fixlist.txt
  14. No (not entirely sure what they are). I'll check for RK logs. Edit: attached RK logs. rk_log1.txt rk_log1_rem.txt rk_log2.txt rk_log2_rem.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.