Jump to content

Recommended Posts

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/31/24
Scan Time: 2:21 PM
Log File: 0362b3c2-c087-11ee-a750-c4651636b06a.json

-Software Information-
Version: 4.6.8.311
Components Version: 1.0.2249
Update Package Version: 1.0.80350
License: Trial

-System Information-
OS: Windows 11 (Build 22621.3007)
CPU: x64
File System: NTFS
User: ReginaL-HPEnvy19\Regin

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 293608
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 4 min, 9 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Addition.txt FRST.txt

Link to post
Share on other sites

  • Root Admin

Hello @rlee_la

 

[ 1 ]

Please go to Control Panel, Programs, Programs and Features, Uninstall a program

Then right-click and uninstall the following

  • Bonjour (this Apple discovery service is not needed on Windows except in very rare cases and often causes networking errors as seen below) 

 

Error: (01/26/2024 06:59:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname ReginaL-HPEnvy19.local already in use; will try ReginaL-HPEnvy19-2.local instead

Error: (01/26/2024 06:59:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister   16 ReginaL-HPEnvy19.local. AAAA 2603:8001:6700:7ACA:0000:0000:0000:1EC8

Error: (01/26/2024 06:59:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from FE80:0000:0000:0000:4225:6B45:75E4:1A33:5353   16 ReginaL-HPEnvy19.local. AAAA 2603:8001:6700:7ACA:32C4:605F:FE94:A704

Error: (01/26/2024 06:59:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:   16 ReginaL-HPEnvy19.local. AAAA FE80:0000:0000:0000:4225:6B45:75E4:1A33

Error: (01/26/2024 06:59:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from FE80:0000:0000:0000:4225:6B45:75E4:1A33:5353   16 ReginaL-HPEnvy19.local. AAAA 2603:8001:6700:7ACA:32C4:605F:FE94:A704

Error: (01/26/2024 06:59:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:   16 ReginaL-HPEnvy19.local. AAAA 2603:8001:6700:7ACA:0000:0000:0000:1EC8

 

[ 2 ]

Please run the following fix

 

NOTE: Please read all of the information below before running this fix.

  • NOTICE: This script was written specifically for this user, for use on this particular machine.
  • Running this on another machine may cause damage to your operating system that cannot be undone.

Once the fix has been completed, please attach the file FIXLOG.TXT to your next reply

Farbar program:   FRST64.exe

Save the attached file:  FIXLIST.TXT to this folder C:\Users\Regin\Desktop\

NOTE. It's important that both files, FRST64.exe, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it.

 

 

Run the Farbar program with Admin rights and press the Fix button just once and wait.

The fix may possibly take up to 60 minutes to complete

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log named Fixlog.txt in the same folder you ran the Farbar program from. Please attach that log on your next reply.

 

  1. NOTE:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity.
  2. NOTE: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications may be automatically closed.
                Also, make sure you know the passwords for all websites as cookies may possibly be removed in some cases, but not all cases.
  3. NOTE: As part of this fix, it will also reset the network to default settings including the firewall. If you have custom firewall rules you need to save please export or save them first before running this fix.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Discord cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

fixlist.txt

Thanks

 

Link to post
Share on other sites

Hello, thank you.  I have uninstalled Bonjour.  I ran the Farbar fix.  Following the Farbar fix, Now I am unable to access most sites on Chrome and Edge.  There must be a firewall blocking me.  I am presently posting from my iPhone because I cannot access malwarebytes forum from my laptop chrome.   I can access gmail on chrome on my laptop but that’s about all I can access.  How can I turn off the firewall or whatever is blocking me from accessing websites on chrome and edge.  Thank you.  

Link to post
Share on other sites

  • Root Admin

Nothing in the fix should have changed that.

Do you get an error about site not found?

Please post back the FIXLOG.TXT file

 

You can try changing your DNS entry

 

Please consider changing your default DNS server settings. Please choose one provider only

DNS is what lets users connect to websites using domain names instead of IP addresses

Pick just one of these 5 providers. And be aware that you need to modify 1 time for IPv4 & a 2nd pass for IPv6

  • Quad 9 Public DNS  IPv4  9.9.9.9 and 149.112.112.112  IPv6  2620:fe::fe  and  2620:fe::9  (one of the best for most users)
  • Google Public DNSIPv4   8.8.8.8 and 8.8.4.4   IPv6   2001:4860:4860::8888 and 2001:4860:4860::8844
  • CloudflareIPv4   1.1.1.1 and 1.0.0.1   IPv6   2606:4700:4700::1111 and 2606:4700:4700::1001
  • OpenDNSIPv4   208.67.222.222 and 208.67.220.220  IPv6  2620:119:35::35 and 2620:119:53::53
  • DNSWATCHIPv4   84.200.69.80 and 84.200.70.40   IPv6  2001:1608:10:25::1c04:b12f and 2001:1608:10:25::9249:d69b


The Ultimate Guide to Changing Your DNS Server
https://www.howtogeek.com/167533/the-ultimate-guide-to-changing-your-dns-server/

Here is a YouTube video on Changing DNS settings if needed

 

Link to post
Share on other sites

And sorry, I did not realize that that Farbar Fix would remove all Session Buddy files (Chrome extension).  Is there any way for me to restore my Session Buddy files?  Next time, I will know to back-up Session Buddy before Farbar Fix.

Link to post
Share on other sites

  • Root Admin

We did not remove Session Buddy - but we probably removed their files if they're stored anywhere in temp or cache locations.

I'm not sure how Session Buddy actually works. Perhaps you can contact their support and ask them. Again, we did clear cache and temp files and they cannot be restored, but we did not remove any extensions.

 

Are you still seeing or having an issue with the following?

R.srvtrck.com

 

Link to post
Share on other sites

  • Root Admin

Please run the following for me.

 

Let's go ahead and run a couple of scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process

Then follow each step in the order provided. Unless otherwise asked, please attach all logs

 

Please make the following system changes:

  • If you have not done so already - Enable System Protection and create a NEW System Restore Point
  • Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed
  • Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the downloads are completed
  • Disable-Fast-Startup
  • Show-Hidden-Folders-Files-Extensions

Please run the following scans:

  1. Click the following link and run a  Scan with AdwCleaner
  2. Click the following link and run a  Scan with Malwarebytes 
       RESTART the computer
  3. Click the following link and run a  Scan with Farbar Recovery Scan Tool 
     

Example image of where to click to attach files when posting your reply

image.thumb.png.e208c182ff570799c53bcf57

 

Thank you

 

Link to post
Share on other sites

Hi again,
I googled "R.srvtrck.com," and I saw a Reddit thread in which people said disabling the Foxified Chrome extension stopped the R.srvtrck redirects.  Foxified is a YouTube downloader in the form of a Chrome extension, and I did add this extension pretty recently.  I have now disabled the Foxified extension, and hopefully that will stop R.srvtrck.  I'm certainly no malware expert, but the logs are looking pretty clear, right?

 

Here's the Reddit info - 

https://www.reddit.com/r/techsupport/comments/8aa40w/whats_httprsrvtrckcom/

 

Quote

"Disabling Foxified fixed the r . srvtrck . com redirects for me (it was replacing Google Search results).
It appears to have some mechanism to wait before turning on redirects because it didn't start immediately and disabling/re-enabling then disabling and re-enabling only for "On Click" instead of All Sites.

Anyone using Foxified should probably limit the websites it can access in case its the problem."

 

 

 

Edited by AdvancedSetup
Corrected font issue
Link to post
Share on other sites

  • Root Admin

Thank you for the log @rlee_la

Please uninstall, Update, or otherwise address the following as appropriate for your system.

 


This version is old and may not have any real updates. If it's the paid version I'd ignore trying to update.
Adobe Acrobat  9 Standard - English, Français, Deutsch v.9.0.0 Warning! Download Update << Hidden | ^Please run Acrobat Reader DC and go Help - Check for updates...^

Apple no longer supports this browser on Windows. Probably best to uninstall it
Safari v.5.34.57.2 Warning! This software is no longer supported.

QuickTime 7 v.7.79.80.95 Warning! This software is no longer supported. Please uninstall it and use another software.

 

Please consider uninstalling the following

---------------------------- [ UnwantedApps ] -----------------------------
DriverFix 4.2021.8.30 Warning! Suspected demo version of anti-spyware, driver updater or optimizer.
Wondershare Helper Compact 2.6.0 v.2.6.0 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.

 

 


Then RESTART the computer and check for Windows Updates and install any Security updates found.

Let me know if there are any other issues or unresolved concerns

Thanks

 

Link to post
Share on other sites

Hello again,

I'm on the tail-end of these updates and un-installs.  Question - do I need Nvidia GeForce Game Ready driver if I'm not a gamer?  I guess it's possible that I will try a game at some point that needs the driver even though I am not a regular gamer.

Thanks so much.

Link to post
Share on other sites

  • Root Admin
8 hours ago, rlee_la said:

Thank you.  I have completed the updates/un-installs except for uninstalling Nvidia.

The Adobe Acrobat Standard is an old paid license that I own but it's handy for a few tasks.

Thank you.

Agreed. I still have and use my paid version of X1 Pro

Is there any other issues, or unresolved concerns at this time @rlee_la

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.