Jump to content

RPMcMurphy

Experts
  • Posts

    1,250
  • Joined

Everything posted by RPMcMurphy

  1. I was actually hoping to see a log that had the PUP detection that keeps coming back. If you can find one of those, please post it. Please do this now: Download and save the attached fixlist.txt file in the same location as FRST. Now run FRST again. When the tool opens click Yes to disclaimer. Press the Fix button just once and wait. The tool will make a log (Fixlog.txt) please post it to your reply. Please include the following in your next post: The fixlog.txt Report fixlist.txt
  2. In that case, you should be all set. I just have a little cleanup for you: Uninstall FRST Right click on the FRST icon and select Rename Change the name to Uninstall After renaming it, right click and select Run as Administrator Uninstall any other tools or logs from our work that you don't need. Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!
  3. Hello and welcome. I'm reviewing your logs and I'll be back with you soon. In the meantime, can you post one of the AdwCleaner logs so I can see exactly what is being detected? Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean! Please do not run any scans or install/uninstall any applications without being directed to do so. Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
  4. Your copy of Chrome has probably been compromised. At this point it's probably best if you just uninstall/reinstall. It's important that you follow these instructions, in the order they are listed: If enabled, delete Your Google Chrome Browser Sync Data by following the steps in this post: https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/ If you wish, you can backup your bookmarks before uninstalling. Follow these instructions: http://ccm.net/faq/31791-how-to-backup-your-google-chrome-bookmarks If you save passwords in Chrome, you may export them as well. Follow these instructions to do that: https://betanews.com/2018/03/09/export-chrome-passwords/ Clear your Chrome cache and cookies https://support.google.com/chromebook/answer/183083?hl=en Remove Chrome using the the instructions on this page. https://support.google.com/chrome/answer/95319?hl=en Re-install Chrome and, if applicable, restore your bookmarks and passwords.
  5. Do you have Chrome set up to sync with Chrome installs on other devices? To check click on the 3 dots in the upper right hand corner of Chrome, select Settings, then look under the People section near the top.
  6. Thanks. Do this next: Open Chrome and type chrome://extensions in the address bar and press Enter. Click the Remove button by that extension (Chrome Media Router) and follow any confirmation dialog that appears. Once you've done that, reboot and let me know how it's running
  7. Do you recognize this Chrome Extension as something you installed yesterday and use? CHR Extension: (Chrome Media Router)
  8. Please follow this steps in this link. If your issues persist, please run another scan with FRST and post the fresh log for me. https://support.google.com/chrome/answer/2765944?co=GENIE.Platform%3DDesktop&hl=en
  9. Sorry, my last FRST script had a typo. Please do this: - - - Right click on the FRST icon and select Run as administrator Highlight the below information (in the code box) then hit the Ctrl + C keys at the same time The information will be copied invisibly and will be 'pasted' into FRST automatically when you click Fix as instructed below C:\Users\Lucap\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Click Fix When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply. How the computer is running now?
  10. In that case, you should be all set. I just have a little cleanup for you: Uninstall FRST Right click on the FRST icon and select Rename Change the name to Uninstall After renaming it, right click and select Run as Administrator Uninstall any other tools or logs from our work that you don't need.
  11. Run this, then follow the instructions in the link below to completely reset Internet Explorer https://support.microsoft.com/en-us/help/17441/windows-internet-explorer-change-reset-settings - - - Right click on the FRST icon and select Run as administrator Highlight the below information (in the code box) then hit the Ctrl + C keys at the same time The information will be copied invisibly and will be 'pasted' into FRST automatically when you click Fix as instructed below SearchScopes: HKU\S-1-5-21-2530422714-4099723196-3748319213-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04SearchScopes: HKU\S-1-5-21-2530422714-4099723196-3748319213-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04SearchScopes: HKU\S-1-5-21-2530422714-4099723196-3748319213-1002 -> {B675E96E-2FB8-4512-8697-EB63E162017D} URL = BHO: IEBrowserAssistant -> {2421CBA2-89B7-4734-8438-49E0D7EB8A75} -> C:\Users\Lucap\AppData\Roaming\IEBrowserAssistant\adxloader64.dll [2018-11-13] (Default Company) [File not signed] SearchScopes: HKU\S-1-5-21-2530422714-4099723196-3748319213-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04 SearchScopes: HKU\S-1-5-21-2530422714-4099723196-3748319213-1002 -> {B675E96E-2FB8-4512-8697-EB63E162017D} URL = BHO: IEBrowserAssistant -> {2421CBA2-89B7-4734-8438-49E0D7EB8A75} -> C:\Users\Lucap\AppData\Roaming\IEBrowserAssistant\adxloader64.dll [2018-11-13] (Default Company) [File not signed] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx CHR Extension: (Chrome Media Router) - C:\Users\Lucap\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-23] NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Click Fix When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  12. Thanks, that helps. Please run another scan with FRST and post the log for me. I don't need the addition.txt report this time though.
  13. Those look good. Do you have any unresolved issues with the computer?
  14. Good. Since it's working, run a Threat Scan with Malwarebytes, then do this: Download AdwCleaner and move it to your Desktop. Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users). Accept the EULA (I accept), then click on Scan. Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. Once the cleaning process is complete, AdwCleaner will ask to restart your computer, please do so. After the restart, a log will open when logging in. Please copy and paste the contents of that log into your next reply. Please include the following in your next post: Malwarebytes log adwCleaner log
  15. You can stop that scan for now. Your logs indicate that you are using cracks and/or keygens. We don't support software piracy on this forum so, my continued assistance will require that you leave such software off your system. Also, please refrain from using your P2P software during our cleanup. - - - Right click on the FRST icon and select Run as administrator Highlight the below information (in the code box) then hit the Ctrl + C keys at the same time The information will be copied invisibly and will be 'pasted' into FRST automatically when you click Fix as instructed below CreateRestorePoint: CloseProcesses: C:\Windows\Temp\g2055.tmp.exe HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ATTENTION HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ATTENTION HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== ATTENTION HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== ATTENTION HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ATTENTION HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== ATTENTION HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ATTENTION HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ATTENTION HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ATTENTION HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ATTENTION HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ATTENTION HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== ATTENTION HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ATTENTION HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ATTENTION HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ATTENTION HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== ATTENTION HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ATTENTION HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ATTENTION HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ATTENTION HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ATTENTION HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ATTENTION HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== ATTENTION HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== ATTENTION HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ATTENTION HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ATTENTION HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ATTENTION HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ATTENTION HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== ATTENTION HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ATTENTION HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ATTENTION HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== ATTENTION HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== ATTENTION HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ATTENTION HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== ATTENTION HKU\S-1-5-21-1198311626-194739685-4191647409-1001\...\Run: [AdobeBridge] => [X] 2019-02-10 18:30 - 2019-02-13 09:34 - 000000000 ____D C:\Windows\AutoKMS 2019-02-03 22:34 - 2019-02-08 12:00 - 000000000 ____D C:\Windows\KMSServerService ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File Task: {6E7688C6-CB08-4024-99D4-CFCFBCF9E34E} - System32\Tasks\Erocketing Disk Software => C:\Windows\system32\rundll32.exe "C:\Program Files\Erocketing Disk Software\Erocketing Disk Software.dll",yCieHAfJDmzQ <==== ATTENTION FirewallRules: [{C6F308F2-AEAC-47B5-B8A1-C073414728FD}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File FirewallRules: [{EB6DAE8A-7B7A-4ABB-922A-B3C87E92CB0B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File FirewallRules: [TCP Query User{B16E3881-6D70-4652-A538-252A6A4EC3AE}D:\games\the long dark redux\tld.exe] => (Allow) D:\games\the long dark redux\tld.exe No File FirewallRules: [UDP Query User{50160A43-7256-4983-A1F0-6C2E2BCE08CC}D:\games\the long dark redux\tld.exe] => (Allow) D:\games\the long dark redux\tld.exe No File FirewallRules: [{A668DC20-4088-4D1C-BB32-B16C1D5EE2F6}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe No File FirewallRules: [{A95F9724-2430-47B0-AC0B-97DE5B13016C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe No File FirewallRules: [{962C02FD-6062-403A-83DB-5EA358B98B4A}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe No File FirewallRules: [{D0D8BC37-2E9E-4C09-A513-6FE166D28FEA}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe No File FirewallRules: [TCP Query User{695D6363-0382-47BC-8B24-9FD3AD1DA3A0}D:\games\kingdom come deliverance band of bastards\bin\win64\kingdomcome.exe] => (Block) D:\games\kingdom come deliverance band of bastards\bin\win64\kingdomcome.exe No File FirewallRules: [UDP Query User{2EECC22A-D09A-45CC-B710-0B45D31BC3C6}D:\games\kingdom come deliverance band of bastards\bin\win64\kingdomcome.exe] => (Block) D:\games\kingdom come deliverance band of bastards\bin\win64\kingdomcome.exe No File Hosts: EmptyTemp: NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Click Fix When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  16. Hello and welcome. I'm reviewing your logs and I'll be back with you soon. In the meantime: Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean! Please do not run any scans or install/uninstall any applications without being directed to do so. Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
  17. Thanks for those. How is your computer running now? Please describe any remaining issues.
  18. Download AdwCleaner and move it to your Desktop. Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users). Accept the EULA (I accept), then click on Scan. Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. Once the cleaning process is complete, AdwCleaner will ask to restart your computer, please do so. After the restart, a log will open when logging in. Please copy and paste the contents of that log into your next reply.
  19. Please do this next: Right click on the FRST icon and select Run as administrator Highlight the below information (in the code box) then hit the Ctrl + C keys at the same time The information will be copied invisibly and will be 'pasted' into FRST automatically when you click Fix as instructed below CreateRestorePoint: CloseProcesses: SearchScopes: HKLM -> DefaultScope value is missing C:\Users\Lucap\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm CHR Profile: C:\Users\Lucap\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-02-22] CHR Profile: C:\Users\Lucap\AppData\Local\Google\Chrome\User Data\System Profile [2019-02-22] S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [X] S3 GalaxyClientService; "C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe" [X] S4 NvStreamSvc; "C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" [X] S3 BlueStacksDrv; \??\C:\Program Files\BlueStacks\BstkDrv.sys [X] S3 EasyAntiCheatSys; \??\C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.sys [X] S3 ETDSMBus; \SystemRoot\System32\drivers\ETDSMBus.sys [X] S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X] ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File Task: {13887160-B366-430F-B527-42A7FC69D3FA} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION FirewallRules: [{733DB6BB-3EC3-40C5-8765-7DEC46F6CD4B}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\rtmpsrv.exe No File FirewallRules: [{8981407E-0A25-4FD1-8570-E12D6BFD6050}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\rtmpsrv.exe No File FirewallRules: [{2CEA84D7-8C59-4B6D-B0ED-2710F5976CC0}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe No File FirewallRules: [{9C54FBDB-7AD8-4766-8CCE-87258AB0B03A}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe No File FirewallRules: [UDP Query User{67093BF6-5FEA-411E-8563-EBD972C18E40}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Block) C:\program files\blackmagic design\davinci resolve\resolve.exe No File FirewallRules: [TCP Query User{72B0F161-C4E3-4C53-96AB-C3393E4C8C05}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Block) C:\program files\blackmagic design\davinci resolve\resolve.exe No File FirewallRules: [{D73624F3-CB5D-4F11-958D-C307157D8533}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe No File FirewallRules: [{52088505-9A7D-4B07-B1C6-308A516DE9ED}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe No File FirewallRules: [{4BBDA54B-FA3B-4C63-9ED0-917B03D3529E}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\OxygenPanelDaemon.exe No File FirewallRules: [{90B3E549-7F0F-4484-BEF4-935C3BC6CF2B}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe No File FirewallRules: [{373020CB-4079-4B51-B3E7-68E3F46D23A2}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe No File FirewallRules: [{912E23CF-BCE4-4D79-8EB5-A63C337AD182}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe No File FirewallRules: [{BF292259-66F4-4B67-A4B3-0761DFC9F296}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe No File FirewallRules: [{17E7451E-E1CA-451E-ABCB-0C300B828E4E}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DaVinciPanelDaemon.exe No File FirewallRules: [{CF3B21F4-DEE5-4A8C-9B65-D78EA7947734}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe No File FirewallRules: [{EF2CB9DE-C0F3-401B-A352-6721DADAEEBB}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe No File FirewallRules: [UDP Query User{34EF6DEA-7075-4527-8D33-955BCBCE1CCE}C:\program files\jetbrains\pycharm community edition 2018.1\bin\pycharm64.exe] => (Allow) C:\program files\jetbrains\pycharm community edition 2018.1\bin\pycharm64.exe No File FirewallRules: [TCP Query User{1FAAC4C1-A01C-47E6-B185-025BBA7C75C5}C:\program files\jetbrains\pycharm community edition 2018.1\bin\pycharm64.exe] => (Allow) C:\program files\jetbrains\pycharm community edition 2018.1\bin\pycharm64.exe No File FirewallRules: [UDP Query User{82E3A8BD-39F4-4E92-BE1E-D9A0508A538E}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File FirewallRules: [TCP Query User{3457D3B1-9659-4D5C-8F30-6339D6FC3AD9}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File FirewallRules: [UDP Query User{7AF8F42E-02B2-48F0-90D3-EB56F1478CD6}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe No File FirewallRules: [TCP Query User{39A4082C-8271-4664-B49D-06C2BA7985E7}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe No File FirewallRules: [{B01D3A2E-56BC-42F8-9D4A-176267A571DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe No File FirewallRules: [{8CD74C6E-86F0-4924-8DAD-6CBAA9665FB9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe No File FirewallRules: [UDP Query User{8556CD3F-B73A-4C2D-B155-598F999EE87B}C:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe] => (Block) C:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe No File FirewallRules: [TCP Query User{7877B7CC-1583-44BE-8187-567CF1CC8AB9}C:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe] => (Block) C:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe No File FirewallRules: [{CE4C79F6-811E-45DF-A924-7312C6FE0BC7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trine 2\trine2_launcher.exe No File FirewallRules: [{A087D5CB-7623-496B-8938-065743C1C935}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trine 2\trine2_launcher.exe No File FirewallRules: [{68CE57A3-01AD-47AF-A848-E5B2325223E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Broforce\Broforce_beta.exe No File FirewallRules: [{BE14E650-61B6-46FB-9A85-8E0E105C3D74}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Broforce\Broforce_beta.exe No File FirewallRules: [UDP Query User{1B9BD218-2BDE-4818-B1DE-488239BFA98A}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File FirewallRules: [TCP Query User{2A1D0CD5-791A-4351-B5AB-DCB6095D7B93}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File FirewallRules: [{DD8110B5-803A-4069-B1D8-36BDA2742AF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Empires of the Undergrowth\EotU.exe No File FirewallRules: [{CC427482-EDA0-4929-9B2F-C64925E3673F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Empires of the Undergrowth\EotU.exe No File FirewallRules: [{B21DD54A-7992-4C56-B902-59B9D4C40797}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File FirewallRules: [{AA87F973-E3CD-44ED-AB2F-754D865F0F7D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File FirewallRules: [{5EA4056D-B5B9-4245-9BFF-465E16B55790}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\American Truck Simulator Demo\bin\win_x64\amtrucks.exe No File FirewallRules: [{386197B6-BEDF-4B52-A973-41BC6395C715}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\American Truck Simulator Demo\bin\win_x64\amtrucks.exe No File FirewallRules: [{A06FAA5A-634B-48E2-B1ED-415950184CBA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe No File FirewallRules: [{0F4CE67E-78B0-4BD4-9155-AE939378ADF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe No File FirewallRules: [{1E5B58FC-CFFD-4E1C-A2B4-6CA9498D8DC0}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe No File FirewallRules: [TCP Query User{54457A72-EBC1-4A23-8E10-AB63FF3AEAE2}C:\creative destruction\client.exe] => (Allow) C:\creative destruction\client.exe No File FirewallRules: [UDP Query User{CCE6E0D7-E824-4DE3-8372-43B8B9624CEF}C:\creative destruction\client.exe] => (Allow) C:\creative destruction\client.exe No File FirewallRules: [{BEA2BFC8-AB7B-4089-B07C-023B2D668585}] => (Block) C:\creative destruction\client.exe No File FirewallRules: [{60CFB417-6CA9-4412-A1F5-C1B9EE8C98FB}] => (Block) C:\creative destruction\client.exe No File FirewallRules: [TCP Query User{0FB2CE7D-D90E-4479-B3FC-E3E8C4DDA791}C:\creative destruction\ccmini\ccmini.exe] => (Allow) C:\creative destruction\ccmini\ccmini.exe No File FirewallRules: [UDP Query User{C8DEEC2C-1716-4A54-9F14-C9BC5794A520}C:\creative destruction\ccmini\ccmini.exe] => (Allow) C:\creative destruction\ccmini\ccmini.exe No File FirewallRules: [TCP Query User{19424FA7-6AEC-47DD-B537-0CAE08BA90C3}C:\users\lucap\appdata\local\cuisine royale\slauncher.exe] => (Allow) C:\users\lucap\appdata\local\cuisine royale\slauncher.exe No File FirewallRules: [UDP Query User{A66E392D-1849-43E7-871C-6AB0AFAA3DB2}C:\users\lucap\appdata\local\cuisine royale\slauncher.exe] => (Allow) C:\users\lucap\appdata\local\cuisine royale\slauncher.exe No File FirewallRules: [{116309D8-071D-47EE-837E-9EB95823721A}] => (Allow) C:\users\lucap\appdata\local\cuisine royale\slauncher.exe No File FirewallRules: [{9CF07138-9E2A-47DA-97CA-7B9D8944FD82}] => (Allow) C:\users\lucap\appdata\local\cuisine royale\slauncher.exe No File FirewallRules: [TCP Query User{7454DCB8-BB36-450A-9ED7-6A8F1687CC37}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File FirewallRules: [UDP Query User{2E8F86AB-A0A3-41AE-B29A-18D9D3E76E80}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File FirewallRules: [{3227B3C2-6ECD-444E-9129-279FF8D9ECE3}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe No File FirewallRules: [{CBEC5AAC-7441-4B0D-8732-AE2F3C63068A}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe No File FirewallRules: [{62A521D2-08DC-4FFB-8443-1BCE220D69B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe No File FirewallRules: [{940475DB-F114-4000-9668-70F823B75061}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe No File FirewallRules: [TCP Query User{C2CAE26B-C582-4986-85A2-FCFA77296AC4}C:\program files (x86)\gog galaxy\games\hello neighbor demo\helloneighbour\binaries\win64\helloneighbour-win64-shipping.exe] => (Allow) C:\program files (x86)\gog galaxy\games\hello neighbor demo\helloneighbour\binaries\win64\helloneighbour-win64-shipping.exe No File FirewallRules: [UDP Query User{E2EE2E2A-4389-47F8-A502-4887D77B7190}C:\program files (x86)\gog galaxy\games\hello neighbor demo\helloneighbour\binaries\win64\helloneighbour-win64-shipping.exe] => (Allow) C:\program files (x86)\gog galaxy\games\hello neighbor demo\helloneighbour\binaries\win64\helloneighbour-win64-shipping.exe No File EmptyTemp: NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Click Fix When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  20. You have Hola installed on your system and Hola is know to be malicious. Please uninstall it now to ensure a better clean-up: Go to Start > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista / Windows 7/8/10 and remove: Hola™ 1.123.976 - Better Internet Once you've done that, please run another scan with FRST and post that log for me.
  21. OK, good. I'm not seeing much of anything in your last logs - mostly just some housekeeping. Please do this: - - - Right click on the FRST icon and select Run as administrator Highlight the below information (in the code box) then hit the Ctrl + C keys at the same time The information will be copied invisibly and will be 'pasted' into FRST automatically when you click Fix as instructed below CreateRestorePoint: CloseProcesses: ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = C:\Users\victor.avdias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm EmptyTemp: Click Fix When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  22. Welcome back. While I go through those, please let me know which issues you are still having with your computer.
  23. Hello and welcome. Please follow these guidelines while we work on your PC: Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I have given you the "All clear" Absence of symptoms does not mean your machine is clean! Please do not run any scans or install/uninstall any applications without being directed to do so. Please note that if I don't hear from you within five days this thread will be closed. Please update Malwarebytes and run a Threat Scan, then post that log for me.
  24. Please run another FRST scan for me and post those results.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.