Jump to content

Recommended Posts

  • Root Admin

Let me get a set of updated FRST logs please. I think this is due to a scope issue in IE

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Make sure you get both logs

Thanks

Ron

 

Link to post
Share on other sites
  • Replies 54
  • Created
  • Last Reply

Top Posters In This Topic

  • Root Admin

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Thanks

Ron

 

 

Link to post
Share on other sites
  • Root Admin

It's a very benign entry and odd that it would return. I would not expect that Kaspersky is putting it back. I suppose it's possible, but unlikely without alerting you or at least logging it. Please check your Kaspersky logs for anything though

 

 

Link to post
Share on other sites
  • Root Admin

Not seeing what is causing the entry to return. It could be AVG Tuneup doing it.

Please remove the entry again. You can use Malwarebytes or the FRST script I gave you before to remove it. Then use this tool below to monitor and see when that entry comes back.

https://docs.microsoft.com/en-us/sysinternals/downloads/procmon

 

Link to post
Share on other sites

I ran rkill, then adwcleaner_7.2.0 and then Malwabytes...removed those 2 entries...restarted the computer...ran everything again, now it is showing clean - as it happened before.

I opened ProcessMonitor as you recommend and now what? I leave it open all day until those bad entries reappears?

Edited by Al2017
Link to post
Share on other sites

I don't know if this has anything to do with those 2 things on my laptop, but I can not copy and paste text and when I try to copy something from the calculator, it crashes and simply closes the app. I tried resetting it to now use.

Link to post
Share on other sites
  • Root Admin

No, you cannot keep the process monitoring running as it consumes a lot of memory and disk space. Just run the other browsers and do a few things for a couple minutes. Then save the Process Monitor log and zip it and upload and I'll review the log.

Upload File(s) to WeTransfer:

  • Visit WeTransfer.com
  • Click on I Agree
    4ENbg3P.png
  • Click on the icon on the lower left indicated in the below image
    qKOjzXD.png
  • Select the Link option
    Cyzhcx1.png
  • Click on +Add Files
    CvZMyrC.png
  • Browse to the location of the file and double-click on it or click once on it and select Open
    S5Ty834.png
  • Click on Transfer
    8eYfZGi.png
  • Once the transfer completes, click on Copy link
    fkb0tkR.png
  • Once you receive the Copied! message as indicated below, paste the link into your next reply
    ndpEstA.png

 

Link to post
Share on other sites
  • Root Admin

Okay, what we need to do it delete them. Scan and make sure they're gone. You should be able to open REGEDIT and browse to that key or you can search for it.

0633EE93-D776-472f-A0FF-E1416B8B2E3A

Then you can even manually delete it and keep an eye on it and see when it gets put back and if possible, what put it back.

 

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.