Solution PLITV Posted March 2 Solution ID:1557076 Share Posted March 2 Hello, When scanning with Malwarebytes, I find this registry entry: PUP.Optional.TorrentSearch HKU\S-1-5-21-1856582288-658762816-2305405537-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\DEFAULT\EXTENSIONS.SETTINGS|AFBPDHICLGGHNFFHKINJIKGLGMOLHPEE. After restarting the computer, the antivirus deAddition.txtShortcut.txtFRST.txttects it again despite the removal. I am posting my log files. Please help. Link to post Share on other sites More sharing options...
1PW Posted March 2 ID:1557077 Share Posted March 2 Hello @PLITV and : While you are waiting for the next qualified/approved malware removal expert helper to weigh in on your topic, and even though you may have run the following Malwarebytes utility, or its subsets, please carefully follow these instructions: Download the Malwarebytes Support Tool. In your Downloads folder, open the mb-support-x.x.x.xxx.exe file. In the User Account Control (UAC) pop-up window, click Yes to continue the installation. Run the MBST Support Tool. In the left navigation pane of the Malwarebytes Support Tool, click Advanced. In the Advanced Options, click only Gather Logs. A status diagram displays the tool is Getting logs from your computer. A zip file named mbst-grab-results.zip will be saved to the Public desktop, please attach that file in your next reply to this topic. Please do NOT copy and paste. For the short time between when you post the diagnostic logs, and when your helper weighs in, please take no further self-directed remedial actions that will invalidate the diagnostic logs you will have sent. Thank you. Link to post Share on other sites More sharing options...
PLITV Posted March 2 Author ID:1557080 Share Posted March 2 The diagnostic logs you requested:mbst-grab-results.zip Link to post Share on other sites More sharing options...
MKDB Posted March 2 ID:1557091 Share Posted March 2 Hello @PLITV and My name is MKDB and I will assist you. Let's keep these principles as we proceed. Make sure to read the entire post below first. Please follow the steps in the given order and post back the log files. Please copy and paste all log files into your post. Before we start, please make sure that you have an external backup, not connected to this system, of all private data. Only run the tools I guide you to. Please don't run any other scans, download, install or uninstall any programs while I'm working with you. As English is not my native language, please do not use slang or idioms. It may be hard for me to understand. If you do not respond within 4 days, your topic will be closed. Cracked or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also a big source of current trojan infections. If you are running any kin of illegal software on your system, please uninstall them now, before we start the cleaning procedure. Please give me some time to review your log files. Thank you! Link to post Share on other sites More sharing options...
MKDB Posted March 2 ID:1557097 Share Posted March 2 (edited) @PLITV Windows Enterprise is very untypical for private use... Quote Platform: Microsoft Windows 10 Enterprise Version 21H2 19044.2006 (X64) Language: Polski (Polska) ... in combination with some problems regarding activating the license... Quote Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0xC004F074 Argumenty wiersza polecenia: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=NetworkAvailable ... and in combinations with detections from MBAM... Quote "threatName": "RiskWare.IFEOHijack.KMS" ... suggest that Windows is being used illegally here It's up to @AdvancedSetup or @Maurice Naggar on how to proceed. My support ends here, sorry. Edited March 2 by MKDB Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 2 Root Admin ID:1557126 Share Posted March 2 Good day @PLITV Please run the following Please follow the directions from the following topic for a more extensive article on cleaning Google Chrome Resetting Google Chrome to clear unexpected issues Once that has been completed, please get me a new set of logs Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well. Thank you Link to post Share on other sites More sharing options...
PLITV Posted March 2 Author ID:1557139 Share Posted March 2 43 minutes ago, AdvancedSetup said: Good day @PLITV Please run the following Please follow the directions from the following topic for a more extensive article on cleaning Google Chrome Resetting Google Chrome to clear unexpected issues Once that has been completed, please get me a new set of logs Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well. Thank you It's fixed. Link to post Share on other sites More sharing options...
PLITV Posted March 2 Author ID:1557145 Share Posted March 2 51 minutes ago, AdvancedSetup said: Good day @PLITV Please run the following Please follow the directions from the following topic for a more extensive article on cleaning Google Chrome Resetting Google Chrome to clear unexpected issues Once that has been completed, please get me a new set of logs Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well. Thank you My friend's computer. He asked me to check. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 2 Root Admin ID:1557152 Share Posted March 2 Okay, if you're sure the system is cleaned now and no longer need help let me know and I'll go ahead and close the topic. Thank you again @PLITV Link to post Share on other sites More sharing options...
PLITV Posted March 2 Author ID:1557156 Share Posted March 2 Ok, thanks. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 2 Root Admin ID:1557162 Share Posted March 2 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following to help you better protect your computer and privacy Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts