Jump to content

kompot

Members
  • Content Count

    22
  • Joined

  • Last visited

About kompot

  • Rank
    New Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. The issue went away! Thank you very much! I did notice a few entries for SW I no longer have, can or should I delete those? E.g. Maxthon web browser, controversially I think it was spying it's users back in the days or other entires highlighted in yellow in autoruns.
  2. Hi Maurice. Many thanks for your help again. I've adjusted MB settings as per your instructions. I attach the Autoruns.zip file. One thing to note - my autorun.exe settings were a bit different to yours, see below the setting I've run it in. I've tried to replicate what you said, let me know if I need to re-run it again with another setup. Best regards. Autoruns.zip
  3. No problem. I did switch it back on, but thanks for the reminder!
  4. I need to read about all these analysis softwares one day! Thanks Maurice, I did disable ESET protection for this scan, two files are attached. Best regards dds.txt attach.txt
  5. Thanks Maurice. On every Windows startup I have this prompt to select a program to open the file with. I've opened it with Notepad, here's what I see (I've blanked some of that but not sure if it's required, I can show it of it's not harmful) The file is stored in C:\Users and has a file name same as my user account, it has no extension. I wonder what the characters at the bottom are... Quick translate from polish: >Interface list ><list> >IPv4 route table >active routes: >none >persistent routes: >none >IPv6 route table >active routes: >none >persistent routes: >none >Asian characters... Google translate isn't really helpful. Thank you.
  6. I could not find these partical menus, but I went to user accounts in control panel and it only lits my and guest accound so I guess it's OK? I also have done two MB scans, 1st with sync still off, then I switched it on, waited a few minutes and tun scan again. Both found 0 problems. I guess we're OK here? Huge thanks for your help Maurice!
  7. I found this https://support.microsoft.com/en-us/help/243330/well-known-security-identifiers-in-windows-operating-systems Perhaps it's a leftover from this being an SSD clone from my system of the HDD?
  8. Thank you Maurice. Bizzare user accounts are visible when I go to: C:\Users\Public -> Right Click -> Properties -> Security -> Group or user names If I do that on another folder or on a local drive 'folder' I get something more like this (screenshot off the Internet, but I get 'equivalent' content)
  9. Shall I turn the Chrome sync on and run these scripts? I've run the FRST, logs are attached. Thank you Addition.txt FRST.txt
  10. No problems with Chrome in general Maurice. I've run the scripts. First one worked, the other two did not. Second - name of folder incorrect, I also can't find this folder manually. Third one - 'can't find C:\...', same I can't find this folder manually. What do you think about the user account and also the Windows prompt asking which program to use, when trying to 'Run...' a folder path? Regards
  11. OK, so here's what's happening. My cmd line or 'Run' won't run this folder C:\Users\Patryk H\ or subfolders of it. When I do try it, it opens Windows Prompt "To open this file, Windows needs to know what program you want to use?"... I've tried selecting explorer.exe but it just comes back with the same prompt. I can run any other random path outside this, for example this works fine: C:\Users\Public Other folders on other drives also work OK. I suspect this is the reason for fix not working in the first place. Another worrying bit is I've discovered a new user, when going to Properties>Security user list What is that one in the bottom with a red question mark? Name is "account unknown" It has no rights set or blocked: Apart from the bottom one, "special rights" I've chedked in "User accounts" it only lists my account and "guest". Many thanks...
  12. I've struggled with some Windows Updates. After googling it my Temp variable was set incorrectly, I've managed to fix it. No change with this script though. Do you want me to delete the contents of folders from the script manually? Thank you
  13. I don't see any problems eith my machine. I've just tried to run the ENGLISHFRST64 script again, with Chrome sync off and Chrome closed, log attached. Fixlog.txt
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.