0x80071a91 WU & Defender Error 1053

Status
Not open for further replies.
deleted2908202301

deleted2908202301

Active member
Joined
Nov 10, 2022
Posts
42
Hi, my Windows version is 22H2 (19045.2130).

I am attaching FRST.txt & Addition.txt files.

I hope that you guys can help me, so I can update my Windows.

Thanks in advance.
 

Attachments

Hello, and welcome to Sysnative Forums.

I guess, you are receiving a kind of error when you are trying to apply the updates? You said nothing about the issues you are dealing with. Can you please be more specific?

In any case, the logs you posted shows several issues regarding your computer. I suggest we first clean it and then, if there are still issues with updates, deal with them.
 
DR M said:
Hello, and welcome to Sysnative Forums.

I guess, you are receiving a kind of error when you are trying to apply the updates? You said nothing about the issues you are dealing with. Can you please be more specific?

In any case, the logs you posted shows several issues regarding your computer. I suggest we first clean it and then, if there are still issues with updates, deal with them.
Click to expand...
Thanks for replying to my thread. I'm getting error 0x80073701 when trying to update.

Could you please help me solving errors with FRST?

Regards.
 
Yes, I can help you solve the errors/issues appeared in the FRST logs. If, the updates issue continues after that, someone else, from the Update team, will continue.

Since we are starting a specific cleaning procedure...

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.


=====================

Letting you know that my time is CEST + 1. As you understand, it's late for me now. I'll be back to you tomorrow morning, my time.
 
DR M said:
Yes, I can help you solve the errors/issues appeared in the FRST logs. If, the updates issue continues after that, someone else, from the Update team, will continue.

Since we are starting a specific cleaning procedure...

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.


=====================

Letting you know that my time is CEST + 1. As you understand, it's late for me now. I'll be back to you tomorrow morning, my time.
Click to expand...
Thank you very much. I'll be following your steps tomorrow.

Good night.
 
Hello.

Too many modifications in the system. Most of the times, this leads to malfunctioning.

My first comments/instructions regarding your logs follow. First, please move FRST tool from your Downloads folder on to your Desktop.


1. P2P program

You have qBittorrent installed in your computer. This is a P2P program. P2P programs form a direct conduit on to a computer. They have always been a target of malware writers and are increasingly so of late. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program. If you don't uninstall it, your computer will probably get infected again, as soon as you use it again. But it is your computer and of course your decision.
  • If you decide to keep it, DON'T use it during the cleaning procedure.
  • If you decide to uninstall it, uninstall it now.

2. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code: 
Start::
CreateRestorePoint:
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-1064529097-1779933881-3706515019-500_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll => Ningún archivo
CustomCLSID: HKU\S-1-5-21-1064529097-1779933881-3706515019-500_Classes\CLSID\{20894375-46AE-46E2-BAFD-CB38975CDCE6}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll => Ningún archivo
CustomCLSID: HKU\S-1-5-21-1064529097-1779933881-3706515019-500_Classes\CLSID\{32696747-d167-38ad-6e20-2fec78940514}\localserver32 -> "C:\Program Files\Microsoft PC Manager\MSPCManager.exe" -ToastActivated => Ningún archivo
CustomCLSID: HKU\S-1-5-21-1064529097-1779933881-3706515019-500_Classes\CLSID\{47E6DCAF-41F8-441C-BD0E-A50D5FE6C4D1}\localserver32 -> "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Microsoft.SharePoint.exe" => Ningún archivo
CustomCLSID: HKU\S-1-5-21-1064529097-1779933881-3706515019-500_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll => Ningún archivo
CustomCLSID: HKU\S-1-5-21-1064529097-1779933881-3706515019-500_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll => Ningún archivo
CustomCLSID: HKU\S-1-5-21-1064529097-1779933881-3706515019-500_Classes\CLSID\{917E8742-AA3B-7318-FA12-10485FB322A2}\localserver32 -> "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Microsoft.SharePoint.exe" => Ningún archivo
CustomCLSID: HKU\S-1-5-21-1064529097-1779933881-3706515019-500_Classes\CLSID\{d936918b-9c4b-555e-074a-c79314be04e1}\localserver32 -> "C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe" -ToastActivated => Ningún archivo
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} =>  -> Ningún archivo
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} =>  -> Ningún archivo
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} =>  -> Ningún archivo
AlternateDataStreams: C:\ProgramData\alsoft.ini:E7034C2E8C [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller.lnk:93337121EE [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk:8096E45125 [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk:A70524090E [3434]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [8578]
FirewallRules: [TCP Query User{F7DDD094-A3F0-488B-80E4-EFDFAC99EE9B}C:\users\administrator\downloads\sdio_1.12.8.748\sdio_1.12.8.748\sdio_x64_r748.exe] => (Allow) C:\users\administrator\downloads\sdio_1.12.8.748\sdio_1.12.8.748\sdio_x64_r748.exe => Ningún archivo
FirewallRules: [UDP Query User{C37BA3C7-37F0-4689-9FF5-657B8F63A06F}C:\users\administrator\downloads\sdio_1.12.8.748\sdio_1.12.8.748\sdio_x64_r748.exe] => (Allow) C:\users\administrator\downloads\sdio_1.12.8.748\sdio_1.12.8.748\sdio_x64_r748.exe => Ningún archivo
FirewallRules: [{480C6602-A8F0-4CD4-AA2D-AB8069EA5E9D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Ningún archivo
FirewallRules: [{9E6EFAB9-EFA3-4B1E-B67D-E4ECCBA59176}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Ningún archivo
FirewallRules: [{01DF0815-250E-4BEF-A399-C43432F6D46B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Ningún archivo
FirewallRules: [{C9B70DF6-3CB5-42AC-9DE3-6A0E1C192420}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Ningún archivo
FirewallRules: [TCP Query User{8609AFC3-FC43-4439-99B9-006FEB856AAB}D:\call of duty\_retail_\cod.exe] => (Allow) D:\call of duty\_retail_\cod.exe => Ningún archivo
FirewallRules: [UDP Query User{C3832B92-19EA-4CCD-B1B8-99A06C6E8085}D:\call of duty\_retail_\cod.exe] => (Allow) D:\call of duty\_retail_\cod.exe => Ningún archivo
FirewallRules: [TCP Query User{9EBCA16A-D35B-4EE0-989E-7F73111FD769}C:\users\administrator\downloads\sdio_1.12.9.749\sdio_x64_r749.exe] => (Allow) C:\users\administrator\downloads\sdio_1.12.9.749\sdio_x64_r749.exe => Ningún archivo
FirewallRules: [UDP Query User{98B239DC-2D26-42C2-BA05-7B910E445750}C:\users\administrator\downloads\sdio_1.12.9.749\sdio_x64_r749.exe] => (Allow) C:\users\administrator\downloads\sdio_1.12.9.749\sdio_x64_r749.exe => Ningún archivo
FirewallRules: [TCP Query User{BCD7B019-E67D-459F-AFC9-35FCE6473193}D:\cod 4\iw4x.exe] => (Allow) D:\cod 4\iw4x.exe => Ningún archivo
FirewallRules: [UDP Query User{A765890D-875A-47E7-976F-2CD82E1C9F7C}D:\cod 4\iw4x.exe] => (Allow) D:\cod 4\iw4x.exe => Ningún archivo
FirewallRules: [TCP Query User{3E7C6E61-A1F9-4418-95AD-D2FFDA86E2C8}D:\steamlibrary\steamapps\common\world war 3\sglauncherww3\sglww3.exe] => (Allow) D:\steamlibrary\steamapps\common\world war 3\sglauncherww3\sglww3.exe => Ningún archivo
FirewallRules: [UDP Query User{D657A7F7-C682-4A20-AA34-EE956B03820A}D:\steamlibrary\steamapps\common\world war 3\sglauncherww3\sglww3.exe] => (Allow) D:\steamlibrary\steamapps\common\world war 3\sglauncherww3\sglww3.exe => Ningún archivo
HKLM\...\Winlogon: [Userinit]  <==== ATENCIÓN
HKLM-x32\...\Winlogon: [Shell]  <=== ATENCIÓN
HKLM\...\Policies\Explorer: [NoInstrumentation] 1
HKLM\...\Policies\Explorer: [NoStartMenuMorePrograms] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restricción <==== ATENCIÓN
HKU\S-1-5-21-1064529097-1779933881-3706515019-500\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1064529097-1779933881-3706515019-500\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-1064529097-1779933881-3706515019-500\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-1064529097-1779933881-3706515019-500\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-1064529097-1779933881-3706515019-500\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-1064529097-1779933881-3706515019-500\...\Policies\Explorer: [HideSCAMeetNow] 1
HKU\S-1-5-21-1064529097-1779933881-3706515019-500\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-1064529097-1779933881-3706515019-500\...\Policies\Explorer: [NoWinkeys] 0
HKU\S-1-5-21-1064529097-1779933881-3706515019-500\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-1064529097-1779933881-3706515019-500\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-1064529097-1779933881-3706515019-500\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-1064529097-1779933881-3706515019-500\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoInstrumentation] 1
IFEO\CompatTelRunner.exe: [Debugger] C:\Windows\System32\taskkill.exe
IFEO\DeviceCensus.exe: [Debugger] C:\Windows\System32\taskkill.exe
IFEO\SecHealthUI.exe: [Debugger] C:\Windows\System32\taskkill.exe
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2022-11-21]
BootExecute: 
AlternateShell: 
GroupPolicy: Restricción ? <==== ATENCIÓN
Policies: C:\ProgramData\NTUSER.pol: Restricción <==== ATENCIÓN
Task: {8207367D-FE4C-4133-BD18-32238C924715} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [220816 2019-09-30] (Tweaking LLC -> Tweaking.com)
HKLM\System\...\Parameters\PersistentRoutes: []
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restricción <==== ATENCIÓN
CHR Notifications: Default -> hxxps://www29.davisonbarker.pro
S3 Browser; %SystemRoot%\System32\browser.dll [X]
S4 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [X]
S4 STR; "C:\Hone\Resources\SetTimerResolutionService.exe" [X]
S4 TimerBenchHookService32; C:\Users\Administrator\Downloads\HookSystemService32.exe [X]
S4 TimerBenchHookService64; C:\Users\Administrator\Downloads\HookSystemService64.exe [X]
S4 uhssvc; "C:\Program Files\Microsoft Update Health Tools\uhssvc.exe" [X]
U3 amdlog; no ImagePath
U4 DcpSvc; no ImagePath
U4 diagnosticshub.standardcollector.service; no ImagePath
U4 diagsvc; no ImagePath
U4 DiagTrack; no ImagePath
U4 dmwappushservice; no ImagePath
U4 dmwappushsvc; no ImagePath
U4 GpuEnergyDr; no ImagePath
U4 HomeGroupListener; no ImagePath
U4 HomeGroupProvider; no ImagePath
U4 Intel(R) SUR QC SAM; no ImagePath
U4 lfsvc; no ImagePath
U4 MapsBroker; no ImagePath
U4 MessagingService; no ImagePath
U4 NvTelemetryContainer; no ImagePath
U2 OneSyncSvc; no ImagePath
U4 OneSyncSvc_402ac; no ImagePath
U2 PcaSvc; no ImagePath
U4 PushToInstall; no ImagePath
U4 SessionEnv; no ImagePath
U4 shpamsvc; no ImagePath
U4 SystemUsageReportSvc_QUEENCREEK; no ImagePath
U4 TimeBroker; no ImagePath
U4 TroubleshootingSvc; no ImagePath
U4 wercplsupport; no ImagePath
U4 WerSvc; no ImagePath
U3 wisvc; no ImagePath
Folder: C:\Users\Administrator\AppData\Roaming\alt app installer
Folder: C:\Program Files (x86)\Temp
VirusTotal: C:\Users\Administrator\AppData\Local\Temp\HWiNFO64A.SYS
cmd: netsh winsock reset
hosts:
RemoveProxy:
EmptyTemp:
End::
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.


In your next reply please post:
  1. What did you decide about qBitTorrent
  2. The fixlog.txt
 
Do not try to update yet. I'll tell you when to do that.

For now:


1. Run AdwCleaner (scan only)

Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Filestab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

2. Run Malwarebytes (scan only)
  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Code: 
    Under the title Scan Options, all the options are checked.
Under the title Windows Security Center (Premium only) the option is NOT checked.
Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.
If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.


In your next reply, please post:
  1. The AdwCleaner[S0*].txt
  2. The Malwarebytes report
 
DR M said:
Do not try to update yet. I'll tell you when to do that.

For now:


1. Run AdwCleaner (scan only)

Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Filestab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

2. Run Malwarebytes (scan only)
  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Code: 
    Under the title Scan Options, all the options are checked.
Under the title Windows Security Center (Premium only) the option is NOT checked.
Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.
If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.


In your next reply, please post:
  1. The AdwCleaner[S0*].txt
  2. The Malwarebytes report
Click to expand...
# ------------------------------- # Malwarebytes AdwCleaner 8.4.0.0 # ------------------------------- # Build: 08-30-2022 # Database: 2022-10-10.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 01-22-2023 # Duration: 00:00:09 # OS: Windows 10 (Build 19045.2130) # Scanned: 32091 # Detected: 0 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** No malicious Chromium URLs found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. ***** [ Hosts File Entries ] ***** No malicious hosts file entries found. ***** [ Preinstalled Software ] ***** No Preinstalled Software found. ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 1/22/23 Scan Time: 4:26 PM Log File: 169c2581-9a69-11ed-821c-e03f49446b4f.json -Software Information- Version: 4.5.20.230 Components Version: 1.0.1868 Update Package Version: 1.0.64885 License: Free -System Information- OS: Windows 10 (Build 19045.2130) CPU: x64 File System: NTFS User: Internet\dani -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 316152 Threats Detected: 4 Threats Quarantined: 0 Time Elapsed: 7 min, 6 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 4 PUM.Optional.DisableMRT, HKLM\SOFTWARE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION, No Action By User, 6385, 676881, 1.0.64885, , ame, , , PUM.Optional.DisableMRT, HKLM\SOFTWARE\POLICIES\MICROSOFT\MRT|DONTOFFERTHROUGHWUAU, No Action By User, 6385, 676880, 1.0.64885, , ame, , , PUM.Optional.DisableMRT, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION, No Action By User, 6385, 676881, 1.0.64885, , ame, , , PUM.Optional.DisableMRT, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\MRT|DONTOFFERTHROUGHWUAU, No Action By User, 6385, 676880, 1.0.64885, , ame, , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)
 
Which message? You wrote another one, other than what is shown right now?
 
Can you take a screenshot of what you get?
 
Thanks, Maxstar. (y)

ItzGame, it's not wise to be getting help from 2 (or more) sites at the same time. This makes things complicated for both, you and the helpers.

Please, let me know where do you want to continue.
 
DR M said:
Thanks, Maxstar. (y)

ItzGame, it's not wise to be getting help from 2 (or more) sites at the same time. This makes things complicated for both, you and the helpers.

Please, let me know where do you want to continue.
Click to expand...
Please, continue in here. And, sorry for double threads for the same matter.
 
OK. It would be good to inform the other site that you are getting help elsewhere, so they can close the topic there.

Moving on.


1. Run Malwarebytes (Clean mode)

A software restriction policy was set to Disable the Microsoft once per month On Demand anti malware scanner known as MRT ( Malicious Software Removal Tool ).

MBAM is flagging the Potentially Unwanted Modification ( PUM ). You should allow the once per month release and subsequent scan by the MRT. To do that, please do the following:
  • Double click the program's icon on your Desktop, as you did before.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Code: 
    Under the title Scan Options, all the options are checked.
Under the title Windows Security Center (Premium only) the option is unchecked.
Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Thread Scan Summary window open.
  • If threats are not found, click View Report and proceed to the two last steps below.
  • If threats are found, make sure that all threats are selected, and click on Quarantine/Remove selected.
  • You may need to restart the computer.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.


2. Eset Online Scan

Just to ensure that everything is clean:

Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.


In your next reply, please post:
  1. The Malwarebytes report
  2. The eset.txt
 
Status
Not open for further replies.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top