Jump to content

Removing SAntivirus - malware


Recommended Posts

Attached is the MB scan I ran a few minutes ago. My computer won't let me run the "Farbar Recovery Scan Tool ". I said it was ok to run but it still deleted it.  Now when I try to download it, it just won't.
Thanks, Da ve

Previous posts:
Your instructions do not work. When you enter safe mode the screen keeps blinking on an off and you can't do anything while in safe mode. Does SAntivirus cause this or could it be something else? Thanks, Dave
PS: I will try it again

I tried again. You can't use just safe mode or safe mode with networking as the screen keeps blinking on and off rapidly. But you can get into safe mode with the command prompt OK. Would screen logging tell you what is going on? Thanks, Dave

MBScan1020AM.txt

Link to post
Share on other sites

Hi,  @autotran     :welcome:

My name is Maurice. I will be helping and guiding you, going forward on this case.

Let me know what first name you prefer to go by.

 

Please follow my directions as we go along.  Please do not do any changes on your own without first checking with me.

If you will be away for more than 3 consecutive days,  do try to let me know ahead of time, as much as possible.

 

Please only just attach   all report files, etc  that I ask for as we go along.

There are a number of P U P tagged by Malwarebytes for Windows.   I will guide you later to doing a more focused new scan.

But let us start out and use a different tool to scan for and remove those P U P adwares.

 

I  would suggest to download, Save, and then run Malwarebytes ADWCLEANER.

Please close Chrome and all other open web browsers after you have saved the Adwcleaner and before you start Adwcleaner scan.

Adwcleaner  detects factory Preinstalled applications too!

 

Please download  Malwarebytes AdwCleaner  https://downloads.malwarebytes.com/file/adwcleaner
 

Be sure to Save the file first, to your system.  Saving to the Downloads folder should be the default on your system.

 

Go to the folder where you saved Adwcleaner. Double click Adwcleaner  to start it.

At the prompt for license agreement, review and then click on I agree.

 

You will then see a main screen for Adwcleaner. ( if you do not see it right away, minimized the other open windows, so you can see Adwcleaner).

Then click on Dashboard button.

Click the blue button "Scan Now".

 

allow it a few minutes to finish the Scan.   Let it remove what it finds.

NOTE:  When it comes to the section "

Pre-installed applications

 

You can skip that.

Please find and send the Adwcleaner "C" clean report.

In Adwcleaner, click the "Reports" button.  Look at the list of reports for the latest date & type "Clean".

Double Click that line & it will open in Notepad.   Save the file to your system and then Attach that with your reply.

 

That C clean report will be the one with the most recent Date and time at folder  C:\AdwCleaner\Logs

Thanks.  Keep me advised.

 

Link to post
Share on other sites

I go by Dave. Sorry for the delay in getting back to you as I also had a major problem with my computer. It wouldn't allow me to access any other devices, just the main hard drive C: plus my attached HD's and DVD drives. No CD, no Flash Drive, no way to get to safe mode, really pretty much nothing else. Many times it wouldn't even start correctly, giving me false error messages. I have/had 11 hard plus 3 CD/DVD drives running internally and I finally noticed one was missing, plugged in, but not showing up. I thought at first it might have been the cable, even the port, but no it was a defective hard drive. After removing this defective HD, 99% of my problems went away, 
But, about the SAntiVirus, I used my cloned hard drive back up from December which didn't have this virus. It wasn't a perfect solution as I had just changed my ASUS motherboard to a GigaByte MB about two weeks ago but after a hour or two or more of updating thinks everything seemed to be working OK. I then re-connected my SAntiVirus infected C: drive as drive Q: and accessed it and deleted the complete SAntiVirus directory and any info that I could. This was impossible to do while it was operating as the C: drive. I then re-installed this drive as the C: drive and used regedit to delete any references to SAntiVirus. I was able to delete all but 3, these could not be deleted no matter how hard I tried. So right now I would like to be able to delete these files/references and anything else that I might have missed.
Thanks, Dave

Link to post
Share on other sites

Hi Dave.

ok.  Long write-up.   I understand you to say that the C drive is back in place.   I will need the reports listed here in order to start helping you.

I would like to have you run a report tool known as FRST. This has no personal information. It is a well-known & widely used & safe.
FRST will help provide me with a list of installed programs and other information about your computer that will help me see if there are any other problems that are not being detected. Please follow the steps below to run FRST.


1: Please download FRST from the link below and save it to your desktop , OR  else to the Downloads folder:

"Download link for 64-Bit Version Windows"



Please wait and look toward the top or bottom of your browser for the option to Run or Save.
Click Save to save the file , first.
Then go to where you saved the FRST64

Run report with FRST64

Right-click on FRST64  and select Run as Administrator to start the tool , and reply YES to allow it to proceed and run.

_Windows 8 or 10 users will be prompted about Windows *SmartScreen protection* - click line More info information on that screen and click button Run anyway on next screen._

Click YES when prompted by Windows U A C prompt to allow it to run.
Note: If you are prompted by Windows SmartScreen, click More info & followup & choose Run anyway.


Approve the Windows UAC prompt on Windows Vista and newer operating systems by clicking on Continue or Yes. 

Click Yes when the* disclaimer* appears in FRST.
The tool may want to update itself - in that case you'll be prompted when the update is completed and ready to use.

Make sure that Addition options is *checked* - the configuration should look exactly like on the screen below (do not mark additional things unless asked).
Press Scan button and wait.

image.png.17de9bf78b899e51c882cf9fc391ad70.png

The tool will produce 2  logfiles on your desktop: FRST.txt , Addition.txt 
Click OK button when it shows up. Close the Notepad windows when they show on screen. The tool saves the files.

Please attach these 2 files to your next reply.

Thank you.

Link to post
Share on other sites

Postscript note about FRST report tool.  I read at the top that there were issues in trying to run FRST.

Be aware, that may be unintended interference by Windows Smartscreen protection.   But that you can over-ride.

Windows 10 users will be prompted about Windows *SmartScreen protection* - click line More info information on that screen

and click button Run anyway on next screen.

 

Secondly, before you run FRST64, go to where you saved the downloaded FRST64.exe

Right click on it with your mouse and choose "Rename"   & renamed it to ENGLISHFRST.exe

Then you are ready to run ENGLISHFRST  without a hitch

Keep me advised.

Thanks

Link to post
Share on other sites

After you have done the FRST64 report,  see this article

 

I had not realized that SAntivirus was another name for Segurazo

Your pc already has Malwarebytes for Windows so you don't need to re-install.   See about running Malwarebytes for Windows while in  Safe Mode with Networking

{   A  }

suggest that ( at your next best opportunity) enable the F8 function key use at machine boot  ( that way you have means to have advanced startup options

See Option One at this article

https://www.tenforums.com/tutorials/22455-enable-disable-f8-advanced-boot-options-windows-10-a.html


{ B }

 

Restart your pc. And right away, tap & retap the F8 Function-key on your keyboard. 
You should see Windows Advanced Options menu.
Select Safe Mode with Networking

NOTE: if the F8 function key-method did not prove usable, some systems may use F5 instead. 

 

{  C  }   Do a scan with Malwarebytes for Windows like describe in the cited article.

Edited by Maurice Naggar
Link to post
Share on other sites

Good morning.   I have posted 3 other replies prior to this one.  Please do not let this rattle or upset you.   I do wish that you do as much as possible of all 3 replies sent before.

Just keep doing down the list and Do as much as you can.  If you hit a issue, write it down & let me know later.

So, we want to do all that you can of those 3.

Then next, please do this custom cleanup.  Its intent is to remove & clean out any major or minor parts of the pest "SAntivirus"  a.k.a.  Segurazo.

I would like you to do this irregardless of prior steps.   and as an additional measure.

 

I am attaching a ZIP file named REMOVESA.zip

Save that to either the Downloads folder, or else, to the Desktop.

Next, extract 1 file from it.   The name of this file is REMOVESA.txt

Once extracted, go to where it is extracted-to.

Using the mouse, do a RIGHT-click on Removesa.txt  and Rename it to Removesa.bat

 

Next,  Using the mouse, do a RIGHT-click on Removesa.bat  and select RUN AS Administrator

Reply YES to allow Windows to let it run.

This command-script should run rather quickly.  When done, it will create a file named Output.txt  on the Desktop.

Please attach a copy of Output.txt  with your next reply.

Thank you in advance.   I rarely do this sort of stacked replies.  But I feel it is important for this case.

Let me know how things are after this.  Let me know if at that point, you notice any trace of the SAntivirus /Segurazo

Cheers.

REMOVESA.zip

Link to post
Share on other sites

Maurice,
This is much worst than I expected. I am attaching a copy of output.txt which doesn't look like it will help you..
To get into safe mode on my computer, neither F5 or F8 work. You must use the shift-restart method and you eventually get there. Once you get into safe mode you again get the on and off flashing screen which allows you to do nothing. You can't run MalwareBytes or anything else. Just Cntl-Alt-Delete to get out of it.
This morning I ran regedit again looking for instances of SAntivirus and Segurazo. Yesterday I had only 3 instances of SAntivirus left, today I have 38, some are of my own references. All the ones I deleted are back. Segurazo has 17 instances showing up and unknown how long they might have been there.
I did notice that Program Files (x86)\Digital Communications\Santivirus along with Program Files (x86)\Sagurazo are not shown in the C drive directory yet they are listed as being there in the registry. They must have hid them somehow? Did you get a copy of my registry in any of the files I sent you?
Thanks, Dave
 

output.txt

Link to post
Share on other sites

Thanks for the reports.  Please have faith and patience.  I think we are closer to getting this pest gone.  It is just going to take a bit more work.

 

Please Close and Save any open work you may have open.

Please close as many un-needed app-windows that you yourself may have open at this point.   So you can have a clear field of view.

 

This custom script is for  autotran    only / for this machine only.

Close and save any open work files before starting this procedure. 

 

Please Close and save any open work files before you start this next step.  It will involve a Windows Restart at the end of it.

I am sending a   custom Fix script which is going to be used by the ENGLISHFRSTtool. They will both work together as a pair.

Please RIGHT-click the (attached file named) FIXLIST and select SAVE  link AS and save it directly ( as is) to the  D:\Downloads_Opera  folder

The tool named ENGLISHFRST.exe   tool    is already on the Downloads folder

Start the Windows Explorer and then, to the D:\Downloads_Opera folder.


RIGHT click on  ENGLISHFRST    and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.

  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.

IF Windows prompts you about running this, select YES to allow it to proceed.

 

IF you get a block message from Windows about this tool......

click line More info information on that screen

and click button Run anyway on next screen.

 

on the FRST window:
Click the Fix button just once, and wait.

image.png.ce31d87117e69d78267923a02168532b.png

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity   

Thanks for your continued patience in advance.

 

[    2    ]

Please read all of these lines first so that it is all clear to you about our plan. I need a one time run of MBAR like listed here, please.

Please download Malwarebytes Anti-Rootkit (MBAR) from this link here

and save it to your desktop.

 

Doubleclick on the MBAR file and allow it to run.

•Click OK on the next screen, to allow the package to extract the contents of the file to its own folder named mbar.

•mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.

•After reading the Introduction, click 'Next' if you agree.

•On the Update Database screen, click on the 'Update' button.

•Once you see 'Success: Database was successfully updated' click on 'Next', then click the Scan button.

With some infections, you may see two messages boxes:

1.'Could not load protection driver'. Click 'OK'.
2.'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.

•If malware is found, press the Cleanup button when the scan completes. .

Please attach the log it produces, you'll find the log in that mbar folder as MBAR-log-<date and time>***.txt . Please attach that to your next reply.
 

 

Fixlist.txt

Link to post
Share on other sites

Hi Dave.   I'll go ahead and relay these next steps.   But first, be sure to not go into the registry on your own, please.

This is to be done after you have completed the ENGLISHFRST FIX  and the MBAR tool run.

 

Let’s  please try to get and run a special  report  tool from Microsoft. 

It does not make changes. It will be just a report.

 

  • Please download Sysinternals Autoruns from here and save it to your desktop.
  • Note: you also need to do the following:
  • Right-click on Autoruns.exe and select Properties
  • Click on the Compatibility tab
  • Under Privilege Level check the box next to Run this program as an administrator
  • Click on Apply then click OK


Double-click Autoruns.exe to run it.
Once it starts, please press the Esc key on your keyboard.
Now that scanning is stopped, click on the Options button at the top of the program and select Filter Options...

In the Autoruns Filter Options dialogue, verify that the following are unchecked, if they are checked, uncheck them:

  • Include empty locations
  • Hide Microsoft entries
  • Hide Windows entries


Verify that the following is checked, if it is unchecked, check it:

  • Verify code signatures


Once that's done press the F5 key on your keyboard, this will start the scan again, this time let it finish.
When it's finished and says Ready. on the lower left of the program window, please click on the File button at the top of the program and select Save and save the Autoruns.arn file to your desktop and close Autoruns.


Right click on the Autoruns.arn file on your desktop and hover your mouse over Send To and select Compressed (zipped) Folder
Attach the Autoruns.zip folder you just created to your next reply

 

Thank you.

 

Link to post
Share on other sites

Maurice,
ENGLISHFRST64.exe stopped responding at c:\users\users\AppData\Local\Microsoft\History.IE5\MSHistory012020031820200319\container  ??
ran again, stopped at the same place. log attached

Running MBAR right now for over 1 hour and looks like it is going to take forever. It's  found 1 Malware so far, now it's 3, it's scanning C:\Windows right now.  I don't know if it has to scan every drive on my computer which is a total of over 31TB's
I'll send the MBAR log in a few minutes as it just finished at 1:45 PM. Will attach the log later.
Thanks,
Dave
 

Fixlog.txt

Link to post
Share on other sites

The MBAR report result is good.  Just 3 adwares, 2 of which were in the Recycle bin.

By the way, per the report,  we need to have you do one Windows >  Restart so that the deletions are made permanent.

I look forward to seeing the report from Autoruns.

Link to post
Share on other sites

Thank you for the Autoruns report.

I notice the system also is running SuperAntiSpyware & WinPatrol & CCleaner & Iobit Unlocker 7 Iobit DriverBooster

The good news is that SAntivirus is not showing in the list of processes & services.   That is great to know that.

There are a couple of items I would suggest that you disable  ( turn off )

Start Autoruns one more time  ( unless you have it on screen at this point).

and look on the main tab named Everything.   For the following items un-tick the check box ( for each )  on the far left-side

in the section C:\ProgramData\Microsoft\Windows\StartMenu\Programs\Startup    look for runit.lex  and un-tick its check box

& while the focus is on that line, press & hold CTRL key & tap D key to delete

 

in the section HKLM\System\CurrentControlSet\Services    look for Partizan   and un-tick its check box

& while the focus is on that line, press & hold CTRL key & tap D key to delete

 

now, scroll down to ZAM Guard  & un-tick its check box   ( this item is a leftover from Zemana  tool ).   Your pc does not need it,

& while the focus is on that line, press & hold CTRL key & tap D key to delete

 

Next, click the Drivers tab.   Look down the list for look for Partizan   ( if found there )  and un-tick its check box

& while the focus is on that line, press & hold CTRL key & tap D key to delete

now, scroll down to ZAM Guard  ( & if found )  & un-tick its check box 

& while the focus is on that line, press & hold CTRL key & tap D key to delete

Then pick File  ( from main menu) & select Exit.

.

NEXT

Please download RogueKiller (x64) using the link below.
→ http://download.adlice.com/api?action=download&app=roguekiller&type=x64

  •  
  • Save the file first,
  • Close any running programs that you started on your own ( if any).

 

 

 

Double-click  RogueKillerx64.exe to run the program.

Follow the prompts. If a browser window opens, close the window.

 

In the HOME tab, click Start Scan.

Upon completion, a browser window may open. Close this window.

 Important: Please do not have RogueKiller remove any detected items.

Click the HISTORY tab followed by Scan Reports.

Double-click the scan log. Click Export TXT, enter a filename and save the file to your Desktop.

Please attach the file in your next reply.

 

Link to post
Share on other sites

Maurice,
I use runit.lex and I didn't un-tick and delete, do I really have to?
C:\ProgramData\Microsoft\Windows\StartMenu\Programs\Startup , look for runit.lex  and un-tick its check box

in the section HKLM\System\CurrentControlSet\Services    look for Partizan   and un-tick its check box
hold CTRL key & tap D key to delete  - it wouldn't delete

un-ticked and deleted  ZAM OK

Drivers tab.   Look down the list for look for Partizan   ( if found there )  and un-tick its check box
also couldn't delete

no ZAM Guard to delete in drivers

Attached the roguekiller txt file

RogueKiller.txt

Link to post
Share on other sites

Hi, Dave.

What does runit.lex do ?

Thanks for the RogueKiller report.  That report also has no presence or trace of SAntivirus  as a process or service.  This means it has been quashed.

There is a bit of cleanup to do for a few P U P & potential malicious items shown by Roguekiller.

What follows is a 2 part set of steps.

[  1  ]

Please Close and Save any open work you may have open.

Please close as many un-needed app-windows that you yourself may have open at this point.   So you can have a clear field of view.

Please first Delete the file named FIXLIST.txt  that I had you save before on D:\Downloads_Opera  folder

 

This custom script is for  autotran    only / for this machine only.

Close and save any open work files before starting this procedure. 

 

Please Close and save any open work files before you start this next step.  It will involve a Windows Restart at the end of it.

I am sending a   custom Fix script which is going to be used by the ENGLISHFRSTtool. They will both work together as a pair.

Please RIGHT-click the (attached file named) FIXLIST and select SAVE  link AS and save it directly ( as is) to the  D:\Downloads_Opera  folder

The tool named ENGLISHFRST.exe   tool    is already on the Downloads folder

Start the Windows Explorer and then, to the D:\Downloads_Opera folder.


RIGHT click on  ENGLISHFRST    and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.

  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.

IF Windows prompts you about running this, select YES to allow it to proceed.

 

IF you get a block message from Windows about this tool......

click line More info information on that screen

and click button Run anyway on next screen.

 

on the FRST window:
Click the Fix button just once, and wait.

image.png.ce31d87117e69d78267923a02168532b.png

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity   

[   2   ]

Next I would like you to do a new scan with Malwarebytes for Windows.  One of the major goals here is to have it remove all that it detects.  If it finds anything that is.

Start Malwarebytes from the Windows  Start menu.

Click Settings ( gear icon)   at the top right of Malwarebytes window.   We want to see the SETTINGS window.

Then click the Security tab.   Look for the section "Automatic Quarantine".   Be sure it is clicked On   ( to the far right side)

 

Then scroll down to the section Potentially Unwanted items.   We need the next 2 lines   ( for P U P  & for P U  M)  to be set to "Always ( Recommended) ".

You can make the change by clicking on the down-arrow selection list-control.   We want all P U P  &  P U M to be marked for removal.

 

Next, click the small x on the Settings line   to go to the main Malwarebytes Window.

Next click the blue button marked Scan.

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

Then click on Quarantine selected.

Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.

See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

Thanks for your continued patience in advance.

 

Link to post
Share on other sites

Hi Dave,

Thank you for the reports.   The FRST fix run did complete, that is the main thing.  Any perceived delay for that run is just a normal thing,

I am glad to see that Malwarebytes for Windows completed the scan.  It did find & remove a number of P U P.

There are no malware.    Do let me know how things are, the next time you reply.

 

Let me suggest a scan with the Microsoft Windows Defender.

Click the Windows Start menu button on the Taskbar, select Settings icon. Then choose Update and Security.
 

In Windows Settings  >>> click on Windows Security from the left side list.

Next, In Windows Security section:  Click on the grey button Open Windows Security

next click on the blue Scan options

Look down the options list.  Tick on Windows Defender Offline scan.   Then click the grey "Scan now" button.

                                            
and let it scan the system.

When it reboots the system, please just login with your regular login-account.

Have patience during the scan run.



Keep in mind that the design and what is scanned by Windows Defender is a whole different design from Malwarebytes. But do let me know how this scan goes and what the result is.

 

The Segurazo / SAntivirus pest is gone.   Indications are that there is no malware.

Let me know the overall status at that time.   I believe we can plan to wrap up this case.

Link to post
Share on other sites

Maurice,
I am running the very latest ver of WIN 10 and Windows Defender can't be found where you say and I couldn't fine it no matter how hard I looked. But while I was looking for it I came across a place that said a scan was just run a minute or two ago. ??

Since I still have a major problem trying to run safe mode I don't think we can wrap it up. Over half the time I go into safe mode the screen is flashing on and off, when this is occurring you can't do anything. When entering SM you sometimes get different results. Most of the time the main screen just flashes on and off. Sometimes it opens with a help screen and not flashing and then it might start flashing on and off, but not always,  If it is not flashing you can do anything you want.

I then wanted to see what, if anything was left in the registry, so I ran regedit, 
As of right now there are 10 instances of SAntivirus in it, several are ****(86)\Digital Communications\SAntivirus\Santivirus.exe, I did notice one was dated 3/18 in the morning. I then looked for Segurazo, I now have 17 instances of it where I just had a few before. Are we going backwards?

I am shortly going to have to put my cloned back up drive back in just to see what happens in safe mode with it as I can't keep going like this.

Let me know your thoughts.
Thanks,
Dave

Link to post
Share on other sites

Please, I URGE you to not physically move the drive !!!   That is not helpful.

The Windows system in C drive has NO active nor actual traces of the infection.   Plus also, the physical files of the pest are NO longer on the drive !!

What you are seeing in the registry is history of all your searches.  Each time you do a search, it makes history.

Do NOT move this drive.

do NOT make changes on your own, any more !

We can do a seacrh using FRST  to see just what is in the registry.

 

Start ENGLISHFRST  .
Type the following ( better yet, use COPY  then Paste)   into the search box exactly as show then press the Search Files button

SearchAll: Santivirus;segurazo;santi

Please wait while the program searches for all entries relating to this program, when done a search.txt log will be saved to the desktop. Please attach this log to your next reply.

 

as to Windows Defender Offline,  you just are not looking close enough.   we can cover that another time.

Link to post
Share on other sites

Maurice,
Thanks for the quick response.
I haven't actually made any changes on my own, I am just getting aggravated about the SM and the blinking and un-useabilty of it. Before I contacted you I had physically tried to delete all instances of Santivirus on my computer, I couldn't do them all but the blinking on and off did go away, then it eventually came back as Santi came back. So that is why I think Santivirus is still affecting my computer. It could be something else, but what?
I ran and have attached the log for you to read.

About Windows Defender, you say it is in one place, other web sites say different places depending on the month/year published , searching my computer doesn't turn it up. Actually nothing turns it up, it just seems to be not there anymore. I am running WIN home, not Pro, maybe there is a difference now between them?
Thanks,
Dave

Search.txt

Link to post
Share on other sites

Dave,

The blinking can be something entirely different and separate from the original infection !

As long as you have Windows 10  and there is no third-party antivirus like BitDefender or McAfee or TrendMicro or any other non-Microsoft antivirus, then windows Defender is there.

I know you ran Windows Defender before.   So hold on and please stay calm.

Make no hurried movements in relation to the hardware   ( ie, positively do not move this drive ).

As to Windows, I can tip you later on doing a Windows repair.   Again, let us please stay calm.

.

This last search listed a LOT of files that are NOT the infection.  And a quick look-over does NOT show the actual executable files for the pest.  AND there is NOT the service registry entries that would even cause the pest to run.

NO pest files are here.   Have patience and my next reply will have  the next thing to do.

and meantime,  let us have you run a fresh FRST report.    D:\Downloads_Opera folder.  is where the  ENGLISHFRST  is

Run report with ENGLISHFRST

Right-click on ENGLISHFRST icon and select Run as Administrator to start the tool , and reply YES to allow it to proceed and run.
 

_Windows 8 or 10 users will be prompted about Windows *SmartScreen protection* - click line More info information on that screen and click button Run anyway on next screen._

Click YES when prompted by Windows U A C prompt to allow it to run.
Note: If you are prompted by Windows SmartScreen, click More info & followup & choose Run anyway.


Approve the Windows UAC prompt on Windows Vista and newer operating systems by clicking on Continue or Yes. 

Click Yes when the* disclaimer* appears in FRST.
The tool may want to update itself - in that case you'll be prompted when the update is completed and ready to use.

Make sure that Addition options is *checked* - the configuration should look exactly like on the screen below (do not mark additional things unless asked).
Press Scan button and wait.

 

image.png.1023d48500865d710464936c6839840e.png


The tool will produce 2  logfiles on your desktop: FRST.txt , Addition.txt 
Click OK button when it shows up. Close the Notepad windows when they show on screen. The tool saves the files.

Please attach these 2 files to your next reply.

Thank you.

 

 

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.