Jump to content

Javier3D

Members
  • Posts

    13
  • Joined

  • Last visited

Everything posted by Javier3D

  1. Ok, I did everything and I have being using the web browser for a while without noting anything issue, I haven't install any extension yet, so I will install them to check if maybe one generate the problem (I have used same extensions for years without issues before and I will add the one recommended as Ublock and WOT). About Autoruns is working fine now but I haven't been able to get MSConfig back to Normal; I change it to 'Normal startup' but after restart is back to 'Selective startup', even after closing and opening right away it does not stay in Normal Once again thank you for you help
  2. Thank you for your answer, I have not remember messing up with MSconfig in months or years, I do remmember I disabled some things for quick starts, good to understand more about MSConfig. I do not remmember disabled System restore, it does not seems like a smart move to disabled it. Is activated now About uTorrent I barely used, last time I remmemebr was when I needed a software, my internet connection was vey slow and the author had the option to use torrent, so I chose that in order to obtain the file. FixLog: Fix result of Farbar Recovery Scan Tool (x64) Version: 19-09-2017 Ran by Usuario (20-09-2017 11:04:25) Run:1 Running from C:\Users\Usuario\Desktop Loaded Profiles: Usuario (Available Profiles: Usuario) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: RemoveProxy: Task: {3B44665B-21DF-498C-8F66-EC8A074DEA6C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-29] (Google Inc.) Task: {56BEFCED-92C1-4C5A-BF0F-0027B1EE600D} - \AMD Updater -> No File <==== ATTENTION Task: {5D1EDEAF-895A-4646-B309-DAB4657A85A5} - \AutoPico Daily Restart -> No File <==== ATTENTION Task: {9537E251-48D7-4E32-855F-4C4151C75F6D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-29] (Google Inc.) AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0] AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0] GroupPolicyScripts: Restriction <==== ATTENTION CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R CMD: netsh int ip reset CMD: ipconfig /flushDNS EmptyTemp: Reboot: ***************** Processes closed successfully. Restore point was successfully created. ========= RemoveProxy: ========= HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully HKU\S-1-5-21-2496004940-1952003200-3465144155-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\S-1-5-21-2496004940-1952003200-3465144155-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully ========= End of RemoveProxy: ========= HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3B44665B-21DF-498C-8F66-EC8A074DEA6C} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B44665B-21DF-498C-8F66-EC8A074DEA6C} => key removed successfully C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{56BEFCED-92C1-4C5A-BF0F-0027B1EE600D} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56BEFCED-92C1-4C5A-BF0F-0027B1EE600D} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AMD Updater => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5D1EDEAF-895A-4646-B309-DAB4657A85A5} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D1EDEAF-895A-4646-B309-DAB4657A85A5} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9537E251-48D7-4E32-855F-4C4151C75F6D} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9537E251-48D7-4E32-855F-4C4151C75F6D} => key removed successfully C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => key removed successfully C:\ProgramData\Reprise => ":wupeogjxlctlfudivq`qsp`28hfm" ADS removed successfully. C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`27hfm" ADS removed successfully. C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully ========= "%WINDIR%\SYSTEM32\lodctr.exe" /R ========= Error: Unable to rebuild performance counter setting from system backup store, error code is 2 ========= End of CMD: ========= ========= "%WINDIR%\SysWOW64\lodctr.exe" /R ========= Info: Successfully rebuilt performance counter setting from system backup store ========= End of CMD: ========= ========= netsh int ip reset ========= Resetting Global, OK! Resetting Interface, OK! Resetting Unicast Address, OK! Resetting Neighbor, OK! Resetting Path, OK! Resetting , failed. Access is denied. Resetting , OK! Restart the computer to complete this action. ========= End of CMD: ========= ========= ipconfig /flushDNS ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 32768 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 121391012 B Java, Flash, Steam htmlcache => 1135 B Windows/system/drivers => 7418024 B Edge => 181553735 B Chrome => 280363834 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 6656 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 128 B systemprofile32 => 700 B LocalService => 107494 B NetworkService => 13663408 B Usuario => 6091556614 B RecycleBin => 7105035 B EmptyTemp: => 6.2 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 11:09:58 ==== Thank you Ron Fixlog.txt EDIT: As you advice in the other thread, I change MSConfig backup to Normal but I can not use Autoruns for Windows, since it starts but then close after few seconds. Do you recommend another software to stop some services autorun when Windows initiate?
  3. Ok I have not AVG installed, I use Panda as my main antivirus. Before I read the reply, Malwarebytes showed me an alert that some problem were found and fixes, I saved that log and start following your procedure, I run Malwarebytes scan again after restart, that analysis shows zero problems. I attach both log reports AdwCleaner Log after restart: # AdwCleaner 7.0.2.1 - Logfile created on Wed Sep 20 07:55:18 2017 # Updated on 2017/29/08 by Malwarebytes # Running on Windows 10 Pro (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services deleted. ***** [ Folders ] ***** Deleted: C:\Users\Usuario\AppData\Local\Assistant ***** [ Files ] ***** No malicious files deleted. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks deleted. ***** [ Registry ] ***** Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\solvusoft.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.solvusoft.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\solvusoft.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.solvusoft.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\tridnet.softonic.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.softonic.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\tridnet.softonic.com Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.softonic.com ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries deleted. ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [3302 B] - [2017/9/20 7:54:32] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ########## Is the system safe now? Not sure if the software solve the issues Thank you once again Log-0218.txt Log-0242.txt FRST.txt Addition.txt
  4. I also have installed Microsoft Edge which I barely use, I opened before (when starting the solution of the thread) and no pop-up issues there. However, now I open Edge, went to Google and I see 'secure search' on top of the page, so maybe is something someplace else. When I try to search in Google box, the words start appearing in that 'secure search' box.
  5. Thank you so much for the link, very useful tips and information. Do you recommend me to follow the procedure before continue installing and configuring web extension? I am getting a redirect when I google search, it convert the page to a yahoo search, this not happen always but often, it is very anoying and I guess the ad blocker can not do much after the malware is active
  6. Hi Ron, sorry to bother again. I think I still got one issue, the malwarebytes had poped-up saying had blocked one tab about onclkds.com :/ not sure what happened but to be sure please let the forum open to see how the issue evolve. Thank you
  7. Thank you so much for your time and great assistance with this issue, I am happy to see people offering this kind of help for free. Just to finish, is there some other recommendation to maintain the health of the pc? I've never use an ad blocker before and I can remember I had any virus/malware issues for a long time, but I will investigate for one You can mark it as completed
  8. Hi Ron, I edited while you where answering. I got the bookmarks back, was a silly stuff. I will add the Chrome extensions again. Thanks for the help with this issue
  9. Hi Ron, I repeat the process and I am sure I kept the bookmarks but now the bookmarks and extensions are missing, I guess it did not restore it correctly, since when Chrome try to sync I clicked 'learn more' (or something like that) and it opens a tab with options for choosing what to sync, I made no changes but it does not recover anything. In the sync tab it states Chrome has sync recently The bookmarks are shown when I open a tab (but without website icon, just blank icon), but as soon as open a website the bookmars disappear . The good new is it resolve the issue since I have not seen another redirect, but I really want to recover the bookmarks and extensions. Is there any solution? Thanks for the help EDIT: Appereantly I dissabled the 'show bookmarks tab', so I got the bookmarks back (thanks Universe). Is there a possibily to recover the extensions without installing all back? Last time Chrome added automatically
  10. Hello, thank you for your answer, I followed the procedure for Google Chrome which is my main browser (I only use Edge in rare cases the website has issues with Chrome), I do not have Firefox and Iexplorer can not be uninstall. After the 'reset sync' I have noted less tabs appears, it only happens when I try to search something, and it shows 'Secure-surf.com' search (I found in Google this is some browser hijacker), other time the tabs created shows 'putrr18.com' before showing some website ad, this putrr18 is another malware. There are some google options to eliminate this issues but I follow none as you recommend is some posts. Hope you can help, I am kind of worry since I use my pc for some bank/financial transactions.
  11. Hello, thanks for the help you offer. I have this problem that some malware or virus keeps opening Chrome tabs to random websites, Malwarebytes do not find anything, I upload the logs. I had a problem with usb which corrupted the files renaming folder with large weird names, after error check it with Windows 10 option it recover some but most file were lost converting folder into file type. So, I am guessing it is the same malware from the usb that infected my pc. I hope you the info is complete and someone get with the issue. Thanks a lot for the help Addition.txt FRST.txt Log_Malwarebytes_3.2.2.txt Log2_Malwarebytes_3.2.2.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.