Tweet
Start autoruns as admin uncheck the items with a blue mark next to them and reboot the computer.
[ATTACH alt=“1721278984422.png”]13972[/ATTACH]
[ATTACH alt=“1721279056442.png”]13973[/ATTACH]
[ATTACH alt=“1721279212898.png”]13974[/ATTACH]
For now disable windows updte, you can update later when we are done here.
Copy the content of the code box below.
[COLOR=rgb(184, 49, 47)]Do not copy the word code!!!
Right Click FRST and run as Administrator.
Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
Attach it to your next message.
Security Check Scan.
[ul]
[li]Download Security Check to your desktop.[/li][li]Right click it run as administrator.[/li][li]When the program completes, the tool will automatically open a log file.[/li][li]Please [COLOR=rgb(184, 49, 47)]Copy and paste that log here in your next post.[/li][li]There will be items listed in red when you post this log, those items need to be updated.[/li][/ul]
[/COLOR][/COLOR]
[ATTACH alt=“1721278984422.png”]13972[/ATTACH]
[ATTACH alt=“1721279056442.png”]13973[/ATTACH]
[ATTACH alt=“1721279212898.png”]13974[/ATTACH]
For now disable windows updte, you can update later when we are done here.
Copy the content of the code box below.
[COLOR=rgb(184, 49, 47)]Do not copy the word code!!!
Right Click FRST and run as Administrator.
Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
Attach it to your next message.
Code:
start:: CreateRestorePoint: EmptyTemp: CloseProcesses: EmptyEventLogs: S3 SbieDrv; \??\d:\Program Files\Sandboxie\SbieDrv.sys [X] C:\Users\Ripple\AppData\Roaming\obs-virtualcam.txt AlternateDataStreams: C:\ProgramData\autoclickconfig.ini:07021500A6 [5162] AlternateDataStreams: C:\ProgramData\empty.ico:8C1C1B484F [5162] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [5162] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk:A1B76439FE [5162] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks 5.lnk:088221F38A [5162] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks Multi-Instance Manager.lnk:FE00AE19CB [5162] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [5162] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk:B96E9B8455 [5162] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk:C5112377E0 [5162] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk:980850BA8A [5162] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk:8096E45125 [5162] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk:C5D586BE93 [5162] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk:E77773B271 [5162] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk:60EC9648C0 [5162] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk:5465085A2F [5162] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk:1DC1525F34 [5162] Folder: C:\Windows\System32\Tasks StartBatch: WMIC SERVICE WHERE Name="dcomlaunch" set startmode="auto" WMIC SERVICE WHERE Name="nsi" set startmode="auto" WMIC SERVICE WHERE Name="dhcp" set startmode="auto" WMIC SERVICE WHERE Name="rpcss" set startmode="auto" WMIC SERVICE WHERE Name="rpceptmapper" set startmode="auto" WMIC SERVICE WHERE Name="winmgmt" set startmode="auto" WMIC SERVICE WHERE Name="sdrsvc" set startmode="manual" WMIC SERVICE WHERE Name="vss" set startmode="manual" WMIC SERVICE WHERE Name="eventlog" set startmode="auto" WMIC SERVICE WHERE Name="bfe" set startmode="auto" WMIC SERVICE WHERE Name="eventsystem" set startmode="auto" WMIC SERVICE WHERE Name="msiserver" set startmode="manual" WMIC SERVICE WHERE Name="sstpsvc" set startmode="manual" WMIC SERVICE WHERE Name="rasman" set startmode="manual" WMIC SERVICE WHERE Name="trustedinstaller" set startmode="auto" net start sdrsvc net start vss net start rpcss net start eventsystem net start winmgmt net start msiserver net start bfe net start trustedinstaller "%WINDIR%\SYSTEM32\lodctr.exe" /R "%WINDIR%\SysWOW64\lodctr.exe" /R "%WINDIR%\SYSTEM32\lodctr.exe" /R "%WINDIR%\SysWOW64\lodctr.exe" /R NETSH winsock reset catalog NETSH int ipv4 reset reset.log NETSH int ipv6 reset reset.log ipconfig /release ipconfig /renew ipconfig /flushdns ipconfig /registerdns netsh winhttp reset proxy bitsadmin /list /allusers bitsadmin /reset /allusers Winmgmt /salvagerepository Winmgmt /resetrepository Winmgmt /resyncperf netsh advfirewall reset netsh advfirewall set allprofiles state on del /f /s /q %windir%\prefetch\*.* sc stop sysmain sc config sysmain start= disabled sc stop DiagTrack sc config DiagTrack start= disabled sc stop dmwappushservice sc config dmwappushservice start= disabled sc stop WSearch sc config WSearch start= disabled sc stop lfsvc sc config lfsvc start= disabled Endbatch: CMD: del /s /q "%userprofile%\AppData\Local\temp\*.*" ExportKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\TurnOffAnonymousBlock ExportKey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ExportKey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce ExportKey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run ExportKey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 ExportKey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions emptytemp: Reboot: End::
Security Check Scan.
[ul]
[li]Download Security Check to your desktop.[/li][li]Right click it run as administrator.[/li][li]When the program completes, the tool will automatically open a log file.[/li][li]Please [COLOR=rgb(184, 49, 47)]Copy and paste that log here in your next post.[/li][li]There will be items listed in red when you post this log, those items need to be updated.[/li][/ul]
[/COLOR][/COLOR]
Comment