Solution Maurice Naggar Posted January 23, 2023 Solution ID:1551150 Share Posted January 23, 2023 Be real sure that the account you are logged into Windows has Administrator-level rights. That is a must. I would like you to run this next quick custom run with Farbar. This is a quick run to remove a un-needed/un-wanted account “defaultuser0”. This run DOES involve a reboot/restart. Please Close all open work. Farbar program location: C:\Users\Vartotojas\Downloads\FRSTEnglish.exe Please download the attached fixlist.txt file and save it to C:\Users\Vartotojas\Downloads Fixlist.txt NOTE. It's important that both files, FRSTENGLISH, and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Right-click on FRSTENGLISH and select Run as Administrator and reply YES to allow to go forward and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply. Note: If the tool warned you about an outdated version please download and run the updated version. Link to post Share on other sites More sharing options...
Destro Posted February 5, 2023 Author ID:1553045 Share Posted February 5, 2023 I have managed to do a clean boot as well as run the fixlist, the log is posted below. Fixlog.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted February 5, 2023 ID:1553053 Share Posted February 5, 2023 (edited) Thank you for the log. Take a few minutes to do this new scan. Do a new scan with Malwarebytes for Windows. Do a Check for Update using the Malwarebytes Settings >> General tab. See this Support Guide https://support.malwarebytes.com/hc/en-us/articles/360042187934-Check-for-updates-in-Malwarebytes-for-Windows When it shows a new version available, Accept it and let it proceed forward. Be sure it succeeds. If prompted to do a Restart, just please follow all directions. Let me know how that goes. Next, the Malwarebytes scan. Next click the blue button marked Scan. When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical. >>>>>> 👉 You can actually click the topmost left check-box on the very top line to get ALL lines ticked ( all selected). <<<< 💢 Please double verify you have that TOP check-box tick marked. and that then, all lines have a tick-mark Then click on Quarantine button. Then, locate the Scan run report; export out a copy; & then attach in with your reply. See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4 ( 2 ) Temporarily disable Microsoft SmartScreen to download the next software below I would recommend getting a readout report as to update status of some key apps. Download SecurityCheck by glax24 from here and save the tool on the desktop. If Windows's SmartScreen block that with a message-window, then Click on the MORE INFO spot and over-ride that and allow it to proceed. This tool is safe. Smartscreen is overly sensitive. Right-click with your mouse on the Securitycheck.exe and select "Run as administrator" and reply YES to allow to run & go forward Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file. Attach it with your next reply. You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt ( 3 ) I also would appreciate this report: Download Farbar's Service Scanner utility and Save to your Desktop. Right-Click on fss.exe and select Run As Administrator. Answer Yes to ok when prompted. If your firewall then puts out a prompt, again, allow it to run. Once FSS is on-screen, be sure the following items are check-marked: Internet Services Windows Firewall System Restore Security Center/Action Center Windows Update Windows Defender Other services Click on "Scan". It will create a log (FSS.txt) in the same directory the tool is run. Please attach that file. Edited February 5, 2023 by Maurice Naggar modified to add 2 other reports Link to post Share on other sites More sharing options...
Destro Posted February 7, 2023 Author ID:1553288 Share Posted February 7, 2023 Malwarebytes was successfully updated, and the scans ran without any issues Malwarebytes report.txt FSS.txt SecurityCheck.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted February 7, 2023 ID:1553316 Share Posted February 7, 2023 Thank you for these reports. There are 2 applications that need your attention. WinRAR 6.02 (64-bit) v.6.02.0 Warning! Download Update Discord v.1.0.9008 Warning! Download Update Link to post Share on other sites More sharing options...
Destro Posted February 8, 2023 Author ID:1553474 Share Posted February 8, 2023 I have updated both applications Link to post Share on other sites More sharing options...
Maurice Naggar Posted February 8, 2023 ID:1553518 Share Posted February 8, 2023 (edited) Thank you. Now a suggestion: Your current DNS Servers: 192.168.1.254 Please consider changing your default DNS server settings. Please choose one provider only DNS is what lets users connect to websites using domain names instead of IP addresses Pick just one of these 4 providers. And be aware that you need to modify 1 time for IPv4 & a 2nd pass for IPv6 Google Public DNS: IPv4 8.8.8.8 and 8.8.4.4 IPv6 2001:4860:4860::8888 and 2001:4860:4860::8844 Cloudflare: IPv4 1.1.1.1 and 1.0.0.1 IPv6 2606:4700:4700::1111 and 2606:4700:4700::1001 OpenDNS: IPv4 208.67.222.222 and 208.67.220.220 IPv6 2620:119:35::35 and 2620:119:53::53 DNSWATCH: IPv4 84.200.69.80 and 84.200.70.40 IPv6 2001:1608:10:25::1c04:b12f and 2001:1608:10:25::9249:d69b The Ultimate Guide to Changing Your DNS Serverhttps://www.howtogeek.com/167533/the-ultimate-guide-to-changing-your-dns-server/ Here is a YouTube video on Changing DNS settings if needed Edited February 8, 2023 by AdvancedSetup Corrected font issue Link to post Share on other sites More sharing options...
Destro Posted February 9, 2023 Author ID:1553685 Share Posted February 9, 2023 I have previously done all of those steps, and going back to it shows that my IPv4 and IPv6 are still the ones provided by Cloudflare and that everything is in order. Link to post Share on other sites More sharing options...
Maurice Naggar Posted February 9, 2023 ID:1553710 Share Posted February 9, 2023 Hi. Thanks. I believe your system is all good-to-go. This here is to cleanup tools I had you use. Temporarily disable Microsoft SmartScreen to download the next software below Let's go ahead and do some clean-up work and remove the tools and logs we've run. Please download KpRm by kernel-panik and save it to your desktop. right-click kprm_(version).exe and select Run as Administrator. Read and accept the disclaimer. When the tool opens, ensure all boxes under Actions are checked. Under Delete Quarantines select Delete Now, then click Run. Once complete, click OK. A log will open in Notepad titled kprm-(date).txt. You may attach that file to your next reply. (not compulsory) When all done, you may go back to turn ON the EDGE Smartscreen protection. Let me know if you need other help. Sincerely. Link to post Share on other sites More sharing options...
Destro Posted February 9, 2023 Author ID:1553726 Share Posted February 9, 2023 After downloading and putting the application to the desktop and running as administrator, the KpRm application does not seem to open or run at all Link to post Share on other sites More sharing options...
Maurice Naggar Posted February 9, 2023 ID:1553727 Share Posted February 9, 2023 Temporarily disable Microsoft SmartScreen Be sure you have done that. Then give it another try to run KPRM Link to post Share on other sites More sharing options...
Destro Posted February 9, 2023 Author ID:1553734 Share Posted February 9, 2023 I downloaded it whilst having SmartScreen disabled, it still does not work, even when I try to re-download the application from another browser. Link to post Share on other sites More sharing options...
Maurice Naggar Posted February 9, 2023 ID:1553738 Share Posted February 9, 2023 I am sorry for your trouble. Delete the kprm exe file. We can proceed with cleanup of tools we used. To remove the FRSTENGLISH tool & its work files, do this. Go to your Downloads folder. Do a RIGHT-click on FRSTENGLISH.exe & select RENAME & then change it to UNINSTALL.exe . Then run that ( double click on it) to begin the cleanup process. Delete mb-support-1.8.7.918.exe Delete mbst-grab-results.zip on the Desktop. Delete FSS.exe Delete Securitycheck.exe Delete MSERT.exe Delete KVRT.exe Delete Esetonlinescanner.exe Adwcleaner you may keep and use as needed. Any other download file I had you download, you may delete. Consider using PatchMyPC, keep all your software up-to-date - https://patchmypc.com/home-updater#download Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware. I am marking this case for closure. I am glad to have worked with you. I wish you all the best. Stay safe. Sincerely. Maurice Link to post Share on other sites More sharing options...
Maurice Naggar Posted February 9, 2023 ID:1553739 Share Posted February 9, 2023 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following to help you better protect your computer and privacy Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts