[SOLVED] fixtlist

Bones81 · Jul 30, 2022

Hi, I wondering if any could help me out, I need help creating a fixlist for Farbar recovery tool, thanks in advanced?

https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

x BlueRobot · Jul 31, 2022

What made you run a FRST scan to begin with?

Bones81 · Aug 1, 2022

I thought maybe it could fix a problem I've been getting with the recovery option in settings in windows 10 it keeps shutting down the window when I click on it, I tried repairing windows that didn't work.

Bones81 · Aug 1, 2022

This is the error that pops up

DR M · Aug 2, 2022

Hi, Bones81.

Welcome to Sysnative Forums.

It seems that your system has some corruptions.

Before reviewing your FRST logs, please do the following and let me know if you continue getting the above error.

Run Deployment Image Servicing and Management (DISM)

Click on the Start button and in the search box, type Command Prompt
When you see Command Prompt on the list, right-click on it and select Run as administrator
Enter the command below and press on Enter;

Code:

DISM /Online /Cleanup-Image /RestoreHealth

Let the scan run until the end (100%). Depending on your system, it can take some time.
Please post here the result you got (a screenshot).

When DISM finishes, you can then run SFC from the same command prompt window, but full instructions as if starting fresh:

Click on the Start button and in the search box, type Command Prompt
When you see Command Prompt on the list, right-click on it and select Run as administrator
Enter the command below and press on Enter

Code:

sfc /scannow

Let the scan finish.

You will normally get one of the following results:

Code:

Windows Resource Protection did not find any integrity violations
Windows Resource Protection found corrupt files and successfully repaired them
Windows Resource Protection found corrupt files but was unable to fix some of them
Windows Resource Protection could not perform the requested operation

Please post the result you got (a screenshot).

Bones81 · Aug 3, 2022

Didn't find anything

DR M · Aug 4, 2022

OK, I'll review your FRST logs and return with a set of instructions. I'll do that for you tomorrow.

DR M · Aug 5, 2022

Hi, Bones81.

Before we do anything else, I need to tell you this:

You actually need an antivirus and an anti-malware in your computer.

Currently, I see that you have the following security programs installed, in addition to the built-in Windows 10 antivirus, Microsoft Defender:

ESET Security
Malwarebytes version 4.5.12.204
Spybot - Search & Destroy
Spybot Anti-Beacon
SpywareBlaster 6.0
IObit Surfing Protection & Ads Removal

Have in mind that many antivirus in the system may cause:

False positives: When the anti virus software tells you that your PC has a virus when it actually doesn't.
Conflicts: Your system may lock up due to both products attempting to access the same file at the same time.
Low performance: More that one antivirus will cause your PC to become slow and it may even crash or blue screen.
Less protection: Two antivirus trying to scan the same file may interfere with the process and allow a malicious file onto the computer without notice to you.

What I suggest:

You can keep Malwarebytes as your anti-malware. If you have the free version, you can scan the computer once every now and then, depending on how often you use your computer. The difference from the premium version is that the latter has real-time protection. For antivirus, you have to choose which one you want for real time protection: Defender, Eset, Spybot. Defender disables itself when there is another antivirus present and that is fine. But you can't have enabled at the same time Eset and Spybot. If you keep Eset and want Spybot for a second opinion, then disable the live protection and use it as an on-demand scanner. You can enable it when you want to scan the computer with it, but then, you will have to disable Eset.

To uninstall any antivirus (except from Defender):

Download the Revo Uninstaller (Free Download) and save it on your Desktop.
Double click on the exe file created on your Desktop to run the installer, and follow the instructions to install the program.
Double click the program's icon to open it.
Write in the search area, on the top left, the name of the program you want to uninstall (see my list above).
Choose the Uninstall tab from the menu and let the program to create a Restore point.
Choose Scan, and then the Advanced mode scan.
Select all the Sophos Anti-Virus items found, Delete and Next.
Let the procedure be completed and click on Finish.
Restart the computer.

Other programs to uninstall:

IObit Surfing Protection & Ads Removal
IObit Software Updater
YaCy
IPFilter

In your next reply please post:

Which programs did you uninstall
Fresh FRST logs, FRST and Addition, after all the uninstalls.

Bones81 · Aug 5, 2022

I uninstalled all the other programs you mentioned and turned off web protection in Malewarebytes, turned off scan service in Spybot internet protection off doesn`t really have live protection it`s the free version.

DR M · Aug 6, 2022

Hi.

I still see this in the logs:

AS: Spybot - Search and Destroy (Enabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}

Make sure to update the program and then disable its real protection. See here if it helps: How do I disable Live Protection? - Spybot Anti-Malware and Antivirus

Question:

Are you aware of these proxies' and DNS modification's existence?

ProxyEnable: [S-1-5-21-3542886376-2180238887-3484759331-1000] => Proxy is enabled.
ProxyServer: [S-1-5-21-3542886376-2180238887-3484759331-1000] => localhost:8080
ManualProxies: 1localhost:8080 <==== ATTENTION
DnsPolicyConfig: [DNS_RESILIENCY_fe3cr.delivery.mp.microsoft.com] => GenericDNSServers=162.159.36.2
FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\of0hceep.default -> type", 4

===========================================

Since we are going to start the cleaning procedure now, please read the following guidelines and keep them in mind during the whole process:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.

Bones81 · Aug 6, 2022

I decided to just delete Spybot search and destroy I don`t think it was doing much of anything anyways.
I didn`t change my proxy possibly could have been something I installed I set it off in windows anyways, I do have Adguard installed which changes my DNS.

Thanks for the help I appreciate it a lot!

DR M · Aug 7, 2022

Hi.

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.

Code:

Start::
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [            IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [IOTransferMenu] -> {96C86AD1-055D-457D-9C00-0D4A91ECF1B5} =>  -> No File
ContextMenuHandlers1: [WinArchiver] -> {A6630968-27DC-8DB8-9BCE-E12B3198A9B1} =>  -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
Shortcut: C:\Users\Jbones\Desktop\Shortcuts\YaCy.lnk -> C:\Users\Jbones\YaCy\startYACY.bat (No File)
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [152]
AlternateDataStreams: C:\ProgramData\TEMP:25335DFA [140]
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 [135]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [136]
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
URLSearchHook: [S-1-5-21-3542886376-2180238887-3484759331-500] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\S-1-5-21-3542886376-2180238887-3484759331-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
HKLM\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-3542886376-2180238887-3484759331-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-3542886376-2180238887-3484759331-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
GroupPolicy: Restriction - Chrome <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Task: {0D348E60-3E23-4293-BE97-AB7A082C8BBA} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {0E8135DA-3A24-4580-A2C2-C2358743649A} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (No File)
Task: {32C34768-83DE-4917-B646-A12395CBC665} - System32\Tasks\OpenDNS online update program => C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe /autostart (No File)
Task: {365C8511-6872-4C1A-8E28-65A37F88405D} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe /DoActivateWindowsSearch (No File)
Task: {40FB81B1-8322-4B7C-ABE1-135D7705F9AF} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -SqlLiteRecoveryTask (No File)
Task: {47F73F86-7327-488F-8705-658F53101E56} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (No File)
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {48CF7339-3A36-4E2F-9445-91E3C5BD6830} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /PBDADiscovery (No File)
Task: {4F689894-092E-4FBB-81CC-8C086E89375D} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (No File)
Task: {52788AF7-6145-49D3-AE11-43123D440C56} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {5AAF1A1E-6D5A-4059-9817-0AF850625DFB} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe /DRMInit (No File)
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {5CBF37F6-7615-45B9-8B87-4DD4B8A7D44F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe -crl -hms -pscn 15 (No File)
Task: {5F47991E-CC78-4D4E-ACA2-541BBB15F368} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {60DF78C9-DF02-4EDC-AD3E-16E2324A889E} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -ObjectStoreRecoveryTask (No File)
Task: {6A129252-062D-446D-B7F9-231F6A85BF22} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -MediaCenterRecoveryTask (No File)
Task: {71F45773-ACF2-4CE7-985B-231B0B748C7C} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe /OCURActivate (No File)
Task: {80E21286-DC04-481E-89F0-1C994465BD40} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe /DoReindexSearchRoot (No File)
Task: {82D0B7B5-F5E3-4A05-9A0C-DB2BE82C9CF0} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (No File)
Task: {88E08699-6760-469B-9542-4DC4152BA5E8} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {8A020D78-8C65-4E7C-9BC2-916AD12386F7} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe $(Arg0) (No File)
Task: {8AD24CD3-DFC2-4C29-8170-FDC70456409C} - System32\Tasks\{A86B2CB0-EF21-41A5-9F3E-F49FB39A3BBD} => C:\Windows\system32\pcalua.exe -a H:\Setup.exe -d H:\
Task: {8C9D294A-AF66-4F54-924D-57655B3518F3} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3542886376-2180238887-3484759331-500 => C:\Users\Jbones\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)
Task: {9489F646-8738-4106-8AD3-1A962F951775} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {99237257-CDAE-42AA-8349-9145DF427563} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe -PvrSchedule (No File)
Task: {9CB3B44E-5E52-49DC-84CF-C0074F4B8923} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe /RestartRecording (No File)
Task: {A1190D22-FCF1-47E1-9EE4-B786B09D1D90} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (No File)
Task: {A75E1C60-8D7A-4015-BD07-954487BDBD41} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {B218274A-5E6C-44C7-810F-73A44539A5DC} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (No File)
Task: {B789AFFB-23B6-40ED-9A92-26382EF5214E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (No File)
Task: {C15CA318-BFEE-44E8-9401-A03B8C2E1AF8} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe -pscn 0 (No File)
Task: {DE75E7B0-907F-42EF-BB90-F9E51465242F} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (No File)
Task: {DFBDA574-8222-4A18-B867-18CCF5B170D1} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {F68B81BC-D66F-4140-B80B-6A381B8B17CE} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
FF Extension: (No Name) - C:\Users\Jbones\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\idabarff@westbyte.com.xpi [not found]
CHR HKLM\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\eagleget_cext@eagleget.com.crx <not found>
CHR HKU\S-1-5-21-3542886376-2180238887-3484759331-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hdkdmoacnkphoadmfidlhfdobieblphn] - C:\Program Files (x86)\EagleGet\addon\eagleget_newtab.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [hdkdmoacnkphoadmfidlhfdobieblphn] - C:\Program Files (x86)\EagleGet\addon\eagleget_newtab.crx <not found>
VIV Extension: (Webtor.io - Watch torrents online) - C:\Users\Jbones\AppData\Local\Vivaldi\User Data\Default\Extensions\ngkpdaefpmokglfnmienfiaioffjodam [2022-01-03]
S3 keycrypt; C:\WINDOWS\System32\DRIVERS\KeyCrypt64.sys [161408 2017-03-22] (Zemana Ltd. -> Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-03-13] (Zemana Ltd. -> Zemana Ltd.)
U3 idsvc; no ImagePath
2022-08-05 02:05 - 2022-08-05 22:43 - 000358190 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2022-07-22 00:57 - 2022-07-22 00:57 - 000000000 _____ C:\Users\Jbones\Desktop\Unconfirmed 449999.crdownload
2022-07-22 00:33 - 2022-07-28 00:00 - 000000000 ____D C:\ProgramData\RogueKiller
C:\WINDOWS\System32\DRIVERS\KeyCrypt64.sys 
C:\WINDOWS\System32\drivers\zamguard64.sys
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ATTENTION (Restriction - Zones)
HKU\S-1-5-21-3542886376-2180238887-3484759331-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\of0hceep.default -> type", 4
RemoveProxy:
EmptyTemp:
End::

Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
Press the Fix button once and wait.
FRST will process fixlist.txt
When finished, it will produce a log fixlog.txt on your Desktop.
Post the log in your next reply.

2. Run AdwCleaner (scan only)

Download AdwCleaner and save it to your desktop.

Double click AdwCleaner.exe to run it.
Click Scan Now.
- When the scan has finished, a Scan Results window will open.
- Click Cancel (at this point do not attempt to Quarantine anything that is found)
Now click the Log Filestab.
- Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
- A Notepad file will open containing the results of the scan.
- Please post the contents of the file in your next reply.

3. Run Malwarebytes (scan only)

Open Malwarebytes.

Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:

Code:

Under the title Scan Options, all the options are checked.
Under the title Windows Security Center (Premium only) the option is NOT checked.
Under the title Potentially unwanted items all options are set to Always.

Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
When finished, you will see the Threat Scan Summary window open.

If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.

Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
Find the report with the most recent date and double click on it.
Click on Export and then Copy to Clipboard.
Paste its content here, in your next reply.

In your next reply, please post:

The fixlog.txt
The AdwCleaner[S0*].txt
The Malwarebytes report

Bones81_ · Aug 8, 2022

Reports

DR M · Aug 11, 2022

Please accept my apologies. I had to be away from my computer for a few days. I'll do my best to catch up.

DR M · Aug 12, 2022

Hi, Bones81.

Again, accept my apologies for the delay.

The fix ran fine and the other 2 logs are clean.

To ensure that everything is fine, let me check fresh FRST logs, Addition and FRST.

Also, let me know if you are still having issues with the computer.

Bones81_ · Aug 12, 2022

No need to apologize. I ran it again here it is the logs and yes it's working now. Thanks so much for all the help really really appreciate it!

DR M · Aug 13, 2022

Hi, Bones81.

Glad to hear that the computer works fine now.

We have to do some more things.

1. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.

Code:

Start::
CreateRestorePoint:
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-3542886376-2180238887-3484759331-1000_Classes\CLSID\{BCA9D37C-CA60-4160-9115-97A00F24702D}\localserver32 -> "C:\Users\Jbones\AppData\Local\Vivaldi\Application\5.3.2679.70\notification_helper.exe" => No File
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} =>  -> No File
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} =>  -> No File
ContextMenuHandlers2: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} =>  -> No File
ContextMenuHandlers2: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} =>  -> No File
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} =>  -> No File
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} =>  -> No File
HKU\S-1-5-21-3542886376-2180238887-3484759331-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe" (No File)
EmptyTemp:
End::

Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
Press the Fix button once and wait.
FRST will process fixlist.txt
When finished, it will produce a log fixlog.txt on your Desktop.
Post the log in your next reply.

2. Check disk

Click on the Start button and in the search box, type Command Prompt.
When you see Command Prompt on the list, right-click on it and select Run as administrator.
Enter the command below and press on Enter and wait for it to finish (~15 minutes).
Code:
```
   chkdsk C: /r
```
You will receive a message that the operation cannot be performed while the system is in use and ask if you want to check when you restart your computer. Choose Yes, and then restart the computer, allowing disk check to run at startup.
The process will take some time, depending on the disk condition.
Download ListChkdskResult by SleepyDude and save it on your Desktop.
Double click on the created icon.
A notepad file will open. Copy its content and paste it in your next reply.

DR M · Aug 15, 2022

Hey, are you still with me?

Bones81_ · Aug 15, 2022

I'm still here just going to do it right now thanks

Bones81__ · Aug 16, 2022

[SOLVED] fixtlist

Member

https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/​

Attachments

Administrator

Member

Member

Attachments

Sysnative Staff, Security Analyst, Windows Update Trainee

Member

Attachments

Sysnative Staff, Security Analyst, Windows Update Trainee

Sysnative Staff, Security Analyst, Windows Update Trainee

Member

Attachments

Sysnative Staff, Security Analyst, Windows Update Trainee

Member

Sysnative Staff, Security Analyst, Windows Update Trainee

New member

Attachments

Sysnative Staff, Security Analyst, Windows Update Trainee

Sysnative Staff, Security Analyst, Windows Update Trainee

New member

Attachments

Sysnative Staff, Security Analyst, Windows Update Trainee

Sysnative Staff, Security Analyst, Windows Update Trainee

New member

New member

Attachments

https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/