Jump to content

jeffbindel

Members
  • Content Count

    10
  • Joined

  • Last visited

Posts posted by jeffbindel

  1. I followed the steps for setting up PIA to not use random files the last time, but I didn't delete the old files. I double checked to make sure I went through the steps correctly and then I deleted the old temp files that it created, which now seems kind of redundant because I ran the temp file cleaner immediately after that, lol. Steps 2 and 3 also complete, and results posted below.

    SystemLook.txt

    Fixlog.txt

  2. Okay, all the above has been done. I also attached the log from ADWCleaner that shows the registry key that keeps getting changed. Running ADW cleaner doesn't solve the issue though. After telling it to fix the registry key and reset the PC, if you scan again it will still show up as if it wasn't fixed. I also attached the Malwarebytes scan log from when it detected malware. It was on the regular scheduled overnight scan that ran the morning of the 3rd. Not sure why it showed up then but not other times. The images are just screenshots of what else chrome has been doing since I started having problems with it. When staring chrome, it repeatedly runs out of memory and will flash black. sometimes it will stay "black" and Ill have to restart chrome in order to be able to do anything with it. Clearing the cache seems to help for a second but it starts acting up again after a bit.

    FRST.txt

    Addition.txt

    Malwarebytes scan log.txt

    AdwCleaner[S14].txt

    Chrome error 1.PNG

    chrome error 2.PNG

  3. 13 hours ago, AdvancedSetup said:

    Hello @jeffbindel and :welcome:

    More than likely just an entry for Chrome. Unfortunately a typical uninstall of Chrome leaves plenty of files and registry entries. Also, if you have a signed on account that syncs it will put it back when you log back on after a reinstall.

    I notice you're using PIA which uses random files. I'd suggest looking at these articles on how to control that or look at using a different VPN.

    Run rubyw.exe from Fixed Location with Personal Firewall

    Private Internet Access rubyw.exe connections explained

     

    From the logs.

    What is this scheduled task and what is it doing?

    Task: {2DF40855-18BA-472D-8815-19D1971BDBDB} - System32\Tasks\63225-45253-41608 => Rundll32.exe "C:\ProgramData\63225.45253.41608\63225.45253.41608.dll",QueryActiveSession

    Task: {B05F8934-5804-45FE-8D4A-B642A484FD96} - System32\Tasks\7463-65067-27146 => Rundll32.exe "C:\ProgramData\7463.65067.27146\7463.65067.27146.dll",QueryActiveSession

    There is also a hack on the computer designed to Steal or Pirate Windows or Office and should be removed.

    Task: {B114CC50-F76E-4300-B14B-120E13C6A8BD} - System32\Tasks\AutoKMS => E:\AutoKMS\AutoKMS.exe

    Really don't see why anyone would try to steal Windows 10 when it was offered for free for over a year.

    That said, unless the DLL query task somehow put back the google custom search (highly doubt that) then I don't see any malware of other threats that would cause that behavior. A good, proper clean removal of Chrome and then monitor to ensure all was removed should correct this.

     

     

    Thank you for your input. Removed AutoKMS. I don't know what those two tasks are. Also, other than just "uninstalling" Chrome what steps to I take to ensure it was completely and cleanly removed before attempting reinstall? And is there a way to be able to log back in to Chrome without it putting it all back? Thanks again for the assistance.

  4. I have some sort of malware affecting google chrome. It is very buggy when it runs, it sometimes crashes, and when you use the omnibar to search for anything, it redirects to a google custom search cse.google.com. Malwarebytes premium wont detect anything. I've uninstalled/reinstalled chrome multiple times, followed the instructions on a couple different you tube videos that offer a solution to this issue, all to no avail. I have already run farbar and the appropriate files are attached. Not sure what to do at this point so here we are.

    FRST.txt

    Addition.txt

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.