SirPeter Posted August 13, 2020 ID:1400888 Share Posted August 13, 2020 Malwarebytes is flagging up the syncdata feature in google chrome as a PuP. Log file;false positive.txt Link to post Share on other sites More sharing options...
Porthos Posted August 13, 2020 ID:1400925 Share Posted August 13, 2020 11 hours ago, SirPeter said: Malwarebytes is flagging up the syncdata feature in google chrome as a PuP. Log file;false positive.txt Please follow the guide below. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 13, 2020 Root Admin ID:1401051 Share Posted August 13, 2020 Hello @SirPeter Following up to see if you still need further assistance Link to post Share on other sites More sharing options...
Porthos Posted August 14, 2020 ID:1401196 Share Posted August 14, 2020 @SirPeter It sounds like an issue with the push notifications feature in Chromium based browsers (which includes MS Edge). Please see if the instructions in this Malwarebytes Labs article help or not. Please let us know how it goes and if the issue still persists. Thanks Link to post Share on other sites More sharing options...
SirPeter Posted August 14, 2020 Author ID:1401197 Share Posted August 14, 2020 Issue seems to be all resolved with this specific issue with the chrome user data folder. I am now having another issue seperate to this which i have opened a new topic for Link to post Share on other sites More sharing options...
Porthos Posted August 14, 2020 ID:1401201 Share Posted August 14, 2020 Just now, SirPeter said: Issue seems to be all resolved with this specific issue with the chrome user data folder. I am now having another issue seperate to this which i have opened a new topic for Stay in this topic. And post a new set of logs. Link to post Share on other sites More sharing options...
SirPeter Posted August 14, 2020 Author ID:1401206 Share Posted August 14, 2020 I am now having this issue; When using google chrome, I keep getting this popup, I've run Malwarebytes Scan nothing found - I've run Malwarebytes Adware Cleaner, nothing found. Nothing in my allow list. MBAMSERVICE.LOG pup detection.txt Link to post Share on other sites More sharing options...
Porthos Posted August 14, 2020 ID:1401208 Share Posted August 14, 2020 Well @AdvancedSetup will return to assist. in the meantime please do the following. Please download the Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens, click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here each time Please attach the Additions.txt log to your reply as well. On your next reply, you should be attaching frst.txt and additions.txt to your post, every time. Link to post Share on other sites More sharing options...
SirPeter Posted August 14, 2020 Author ID:1401211 Share Posted August 14, 2020 Here are the scan files FRST.txt Addition.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 14, 2020 Root Admin ID:1401221 Share Posted August 14, 2020 Hello @SirPeter I see you have added a hosts block to that site but the reality is that it really would be best to clean the entry out of Google Chrome - it is listed as a PUP (Possibly Unwanted Program) Here is a link to a more extensive article on cleaning up Google Chrome - please review and clean up your installation of Chromehttps://forums.malwarebytes.com/topic/258938-resetting-google-chrome-to-clear-unexpected-issues/ Not related to an infection but your Event Logs show that you should review these issues and either fix or remove as needed. Error: (08/11/2020 05:04:45 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Ryujinx.exe, version: 1.0.1.0, time stamp: 0x5ec598f1 Faulting module name: KERNELBASE.dll, version: 10.0.19041.388, time stamp: 0x3cc24707 Exception code: 0xe0434352 Fault offset: 0x0000000000023e49 Faulting process ID: 0x1764 Faulting application start time: 0x01d66ff8d3bc12a7 Faulting application path: C:\Users\Peter\Desktop\Shahil-Ryujinx-Dirty-Build-Audio-v1.0.1\Ryujinx.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report ID: 1d6bf1d6-f291-4dcb-9509-ff2e1279cf5d Faulting package full name: Faulting package-relative application ID: Error: (08/11/2020 05:04:44 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: Ryujinx.exe CoreCLR Version: 4.700.20.26901 .NET Core Version: 3.1.5 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentOutOfRangeException: Specified argument was out of the range of valid values. at Ryujinx.Memory.MemoryBlock.ThrowArgumentOutOfRange() in C:\projects\ryujinx-l69cs\Ryujinx.Memory\MemoryBlock.cs:line 274 at Ryujinx.Cpu.MemoryManager.GetPhysicalAddressInternal(UInt64 va) in C:\projects\ryujinx-l69cs\Ryujinx.Cpu\MemoryManager.cs:line 423 at Ryujinx.Cpu.MemoryManager.ReadImpl(UInt64 va, Span`1 data) in C:\projects\ryujinx-l69cs\Ryujinx.Cpu\MemoryManager.cs:line 268 at Ryujinx.Cpu.MemoryManager.GetSpan(UInt64 va, Int32 size) in C:\projects\ryujinx-l69cs\Ryujinx.Cpu\MemoryManager.cs:line 177 at Ryujinx.Graphics.Gpu.Memory.MemoryAccessor.Read[T](UInt64 gpuVa) in C:\projects\ryujinx-l69cs\Ryujinx.Graphics.Gpu\Memory\MemoryAccessor.cs:line 56 at Ryujinx.Graphics.Gpu.Engine.Methods.Semaphore(GpuState state, Int32 argument) in C:\projects\ryujinx-l69cs\Ryujinx.Graphics.Gpu\Engine\MethodFifo.cs:line 33 at Ryujinx.Graphics.Gpu.State.GpuState.CallMethod(MethodParams meth, ShadowRamControl shadowCtrl) in C:\projects\ryujinx-l69cs\Ryujinx.Graphics.Gpu\State\GpuState.cs:line 78 at Ryujinx.Graphics.Gpu.NvGpuFifo.CallMethod(MethodParams meth) in C:\projects\ryujinx-l69cs\Ryujinx.Graphics.Gpu\NvGpuFifo.cs:line 180 at Ryujinx.Graphics.Gpu.DmaPusher.CallMethod(Int32 argument) in C:\projects\ryujinx-l69cs\Ryujinx.Graphics.Gpu\DmaPusher.cs:line 314 at Ryujinx.Graphics.Gpu.DmaPusher.Step() in C:\projects\ryujinx-l69cs\Ryujinx.Graphics.Gpu\DmaPusher.cs:line 206 at Ryujinx.Ui.GlRenderer.Render() in C:\projects\ryujinx-l69cs\Ryujinx\Ui\GLRenderer.cs:line 327 at System.Threading.ThreadHelper.ThreadStart_Context(Object state) at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state) --- End of stack trace from previous location where exception was thrown --- at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Threading.ThreadHelper.ThreadStart() Error: (08/11/2020 05:01:44 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Ryujinx.exe, version: 1.0.1.0, time stamp: 0x5ec598f1 Faulting module name: KERNELBASE.dll, version: 10.0.19041.388, time stamp: 0x3cc24707 Exception code: 0xe0434352 Fault offset: 0x0000000000023e49 Faulting process ID: 0x1c34 Faulting application start time: 0x01d66ff836d939ba Faulting application path: C:\Users\Peter\Desktop\Shahil-Ryujinx-Dirty-Build-Audio-v1.0.1\Ryujinx.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report ID: 61a855f7-bbe3-4ab2-bf33-3cf479c74ab7 Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (08/14/2020 05:30:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The ASUS Update Service (asus) service failed to start due to the following error: The system cannot find the file specified. Error: (08/14/2020 05:27:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Audiosrv service failed to start due to the following error: The service did not start due to a logon failure. Error: (08/14/2020 05:27:53 PM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: The Audiosrv service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. You should open your Scheduled Tasks and look for these tasks. They do not have a path which often means they're potentially broken or invalid tasks Task: {1e0ca9a3-57fc-4f69-9c07-61b7616efdc5} - no filepath Task: {39b87e90-c8fa-4482-8e7b-1d486547094f} - no filepath Task: {66b3cfaa-0336-4efd-85b7-9bbc50197ad6} - no filepath Task: {71842a14-5697-4560-994d-ee6c263c2c68} - no filepath Task: {92bf9b4b-ff10-417c-a33a-3f198b05bfb6} - no filepath Task: {9a86f10c-517d-40a8-82e1-38b29e280905} - no filepath Task: {a33ac70e-be87-4caa-97d1-17f5e4682a3b} - no filepath Task: {d92cdcee-5f35-4c93-86dd-ed5e3531916d} - no filepath I would recommend that you also uninstall Bonjour What exactly is mDNSResponder.exe? https://www.groovypost.com/howto/howto/what-is-mdnsresponder-exe-and-why-is-it-running/ MDNSResponder, also known as Bonjour, is Apple’s native zero-configuration networking process for Mac that was ported over to Windows and associated with MDNSNSP.DLL. On a Mac or iOS device, this program is used for networking nearly everything. On Windows, this process is only necessary for sharing libraries via iTunes and other Mac applications like the Apple TV that were ported to Windows. Bonjour allows different computers running iTunes to communicate with each other regardless of network configuration, this is because it enables automatic network discovery. What Is mDNSResponder.exe / Bonjour and How Can I Uninstall or Remove It?https://www.howtogeek.com/howto/6456/what-is-mdnsresponder.exe-bonjour-and-how-can-i-uninstall-or-remove-it/ Link to post Share on other sites More sharing options...
SirPeter Posted August 14, 2020 Author ID:1401231 Share Posted August 14, 2020 17 minutes ago, AdvancedSetup said: Hello @SirPeter I see you have added a hosts block to that site but the reality is that it really would be best to clean the entry out of Google Chrome - it is listed as a PUP (Possibly Unwanted Program) Here is a link to a more extensive article on cleaning up Google Chrome - please review and clean up your installation of Chromehttps://forums.malwarebytes.com/topic/258938-resetting-google-chrome-to-clear-unexpected-issues/ Not related to an infection but your Event Logs show that you should review these issues and either fix or remove as needed. Error: (08/11/2020 05:04:45 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Ryujinx.exe, version: 1.0.1.0, time stamp: 0x5ec598f1 Faulting module name: KERNELBASE.dll, version: 10.0.19041.388, time stamp: 0x3cc24707 Exception code: 0xe0434352 Fault offset: 0x0000000000023e49 Faulting process ID: 0x1764 Faulting application start time: 0x01d66ff8d3bc12a7 Faulting application path: C:\Users\Peter\Desktop\Shahil-Ryujinx-Dirty-Build-Audio-v1.0.1\Ryujinx.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report ID: 1d6bf1d6-f291-4dcb-9509-ff2e1279cf5d Faulting package full name: Faulting package-relative application ID: Error: (08/11/2020 05:04:44 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: Ryujinx.exe CoreCLR Version: 4.700.20.26901 .NET Core Version: 3.1.5 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentOutOfRangeException: Specified argument was out of the range of valid values. at Ryujinx.Memory.MemoryBlock.ThrowArgumentOutOfRange() in C:\projects\ryujinx-l69cs\Ryujinx.Memory\MemoryBlock.cs:line 274 at Ryujinx.Cpu.MemoryManager.GetPhysicalAddressInternal(UInt64 va) in C:\projects\ryujinx-l69cs\Ryujinx.Cpu\MemoryManager.cs:line 423 at Ryujinx.Cpu.MemoryManager.ReadImpl(UInt64 va, Span`1 data) in C:\projects\ryujinx-l69cs\Ryujinx.Cpu\MemoryManager.cs:line 268 at Ryujinx.Cpu.MemoryManager.GetSpan(UInt64 va, Int32 size) in C:\projects\ryujinx-l69cs\Ryujinx.Cpu\MemoryManager.cs:line 177 at Ryujinx.Graphics.Gpu.Memory.MemoryAccessor.Read[T](UInt64 gpuVa) in C:\projects\ryujinx-l69cs\Ryujinx.Graphics.Gpu\Memory\MemoryAccessor.cs:line 56 at Ryujinx.Graphics.Gpu.Engine.Methods.Semaphore(GpuState state, Int32 argument) in C:\projects\ryujinx-l69cs\Ryujinx.Graphics.Gpu\Engine\MethodFifo.cs:line 33 at Ryujinx.Graphics.Gpu.State.GpuState.CallMethod(MethodParams meth, ShadowRamControl shadowCtrl) in C:\projects\ryujinx-l69cs\Ryujinx.Graphics.Gpu\State\GpuState.cs:line 78 at Ryujinx.Graphics.Gpu.NvGpuFifo.CallMethod(MethodParams meth) in C:\projects\ryujinx-l69cs\Ryujinx.Graphics.Gpu\NvGpuFifo.cs:line 180 at Ryujinx.Graphics.Gpu.DmaPusher.CallMethod(Int32 argument) in C:\projects\ryujinx-l69cs\Ryujinx.Graphics.Gpu\DmaPusher.cs:line 314 at Ryujinx.Graphics.Gpu.DmaPusher.Step() in C:\projects\ryujinx-l69cs\Ryujinx.Graphics.Gpu\DmaPusher.cs:line 206 at Ryujinx.Ui.GlRenderer.Render() in C:\projects\ryujinx-l69cs\Ryujinx\Ui\GLRenderer.cs:line 327 at System.Threading.ThreadHelper.ThreadStart_Context(Object state) at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state) --- End of stack trace from previous location where exception was thrown --- at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Threading.ThreadHelper.ThreadStart() Error: (08/11/2020 05:01:44 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Ryujinx.exe, version: 1.0.1.0, time stamp: 0x5ec598f1 Faulting module name: KERNELBASE.dll, version: 10.0.19041.388, time stamp: 0x3cc24707 Exception code: 0xe0434352 Fault offset: 0x0000000000023e49 Faulting process ID: 0x1c34 Faulting application start time: 0x01d66ff836d939ba Faulting application path: C:\Users\Peter\Desktop\Shahil-Ryujinx-Dirty-Build-Audio-v1.0.1\Ryujinx.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report ID: 61a855f7-bbe3-4ab2-bf33-3cf479c74ab7 Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (08/14/2020 05:30:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The ASUS Update Service (asus) service failed to start due to the following error: The system cannot find the file specified. Error: (08/14/2020 05:27:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Audiosrv service failed to start due to the following error: The service did not start due to a logon failure. Error: (08/14/2020 05:27:53 PM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: The Audiosrv service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. You should open your Scheduled Tasks and look for these tasks. They do not have a path which often means they're potentially broken or invalid tasks Task: {1e0ca9a3-57fc-4f69-9c07-61b7616efdc5} - no filepath Task: {39b87e90-c8fa-4482-8e7b-1d486547094f} - no filepath Task: {66b3cfaa-0336-4efd-85b7-9bbc50197ad6} - no filepath Task: {71842a14-5697-4560-994d-ee6c263c2c68} - no filepath Task: {92bf9b4b-ff10-417c-a33a-3f198b05bfb6} - no filepath Task: {9a86f10c-517d-40a8-82e1-38b29e280905} - no filepath Task: {a33ac70e-be87-4caa-97d1-17f5e4682a3b} - no filepath Task: {d92cdcee-5f35-4c93-86dd-ed5e3531916d} - no filepath I would recommend that you also uninstall Bonjour What exactly is mDNSResponder.exe? https://www.groovypost.com/howto/howto/what-is-mdnsresponder-exe-and-why-is-it-running/ MDNSResponder, also known as Bonjour, is Apple’s native zero-configuration networking process for Mac that was ported over to Windows and associated with MDNSNSP.DLL. On a Mac or iOS device, this program is used for networking nearly everything. On Windows, this process is only necessary for sharing libraries via iTunes and other Mac applications like the Apple TV that were ported to Windows. Bonjour allows different computers running iTunes to communicate with each other regardless of network configuration, this is because it enables automatic network discovery. What Is mDNSResponder.exe / Bonjour and How Can I Uninstall or Remove It?https://www.howtogeek.com/howto/6456/what-is-mdnsresponder.exe-bonjour-and-how-can-i-uninstall-or-remove-it/ I've Removed Bonjour, and Removed the tasks you mentioned. As for Ryujinx it's notorious for cranking out some sketch errors as is emulator. As for the Host file block I added that in temporarily while you replied - I have now removed the host block would you like me to run the log tool again? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 14, 2020 Root Admin ID:1401259 Share Posted August 14, 2020 If you've cleaned up Google Chrome then the detection should hopefully be gone now. Go ahead and restart the computer. Then open Google Chrome and visit a couple of your normal sites. Then close Google Chrome and open Malwarebytes and run a new Threat Scan and post back the new log Thanks Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 31, 2020 Root Admin ID:1404685 Share Posted August 31, 2020 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts