Tweet
Sorry it was a long day at work. I will check over the logs tomorrow.
-
-
Last fix list for you, run this in safe mode.
Update your older programs with Patch My PC home Edition.
We will clean all the tools we used…
Download KpRM
Save to Desktop
Check Delete Tools’
Check Delete Restore points.
Create Restore point.
Click delete quarantines.
Then click run.
I suggest:
Ublock Origin
O&O Shutup Ten
O&O App Buster
[COLOR=rgb(184, 49, 47)]Any more issues to speak of??[/COLOR][COLOR=rgb(184, 49, 47)][/color]Comment
-
Aight, ill get to it as soon as I get homeComment
-
Ran the fixlist, heres the fixlog. The download site for Kprm doesnt work, and the program updater app only sows, that updates to Chrome, OBS and some other non essential app is needed, so I skipped it.Comment
-
Malwarebytes should install now.“C:\Program Files\Malwarebytes” => was unlocked
“C:\ProgramData\Malwarebytes” folder move:
C:\ProgramData\Malwarebytes => moved successfully
“C:\Program Files\Malwarebytes” folder move:
C:\Program Files\Malwarebytes => moved successfully
Here is the download for you. Also, check mark each highlighted box. Hit the run button and reboot.
[ATTACH type=“full”]12541[/ATTACH]
Download Autologger to your desktop.
Disable your Anitivirus/Defender prior to running.
[ul]
[li]Unzip it there. – If you are unsure how to unzip a program, then use ---- http://www.7-zip.org/ ----[/li][li]Right click Autologger and run as admin. (Xp user double click)[/li][li]AVZ4 will open and scan your machine, allow this to complete.[/li][li]Upload Collectionlog.zip to your next reply.[/li][/ul]Comment
-
[ATTACH type=“full”]12547[/ATTACH]
This is the message that appears when I try to run AutoLogger. Also, do you suggest I use Malwarebit? Cause I remember people in this forum saying, that Windows Defender is enough.Comment
-
Run autologger via RunX. And yes if you can install and run malwarebytes please do so.Comment
-
Heres the AutologgerComment
-
This is the Malwarebit result. It quarantened one item.Comment
-
OK, there is a lot of information for me to go over here. I will have a reply for you tomorrow. But it is good that we are able to get malwarebytes to run on the system we are seeing progress,.Comment
-
Download AV block remover .
Unzip it (but not to the Desktop or Download folder ), perhaps inside of documents folder or on the c programfiles folder …run it, and follow the instructions. If it doesn’t start, rename the file AVbr.exe in, for example, AV-br.exe (or any other name).
If it doesn’t start anyway, run it in safe mode with network .
Looking back everything loaded thru One drive. Can you disable that?
Everything is
C:\Users\domin\OneDrive\Desktop\Auto\AutoLogger\AV \av_z.exe
When it should be C:\Users\domin\Desktop\Auto\AutoLogger\AV\av_z.exe
Look in the Autologger folder and drag out the CheckBrowsersLNK file.
To your desktop.
AutoLogger\CheckBrowserLnk
Drag and drop onto the ClearLNK utility .
After saving ClearLNK to desktop.
[IMG alt=“move.gif”]https://dragokas.com/tools/move.gif
Run HijackThis! as admin! (located in the folder …Autologger\HijackThis)
Do a system scan, then check each item below, make sure and only check the items listed.
Then click Fix checked.
The computer will need to reboot, allow it to do so.
Code:O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\BatteryGauge (empty) O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents (empty) O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfeeTsk (empty) O22 - Tasks: (damaged) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (user missing) (sign: 'Microsoft') O22 - Tasks: (damaged) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun (user missing) (sign: 'Microsoft') O22 - Tasks: NahimicSvc32Run - C:\Windows\SysWOW64\NahimicSvc32.exe $(Arg0) $(Arg1) $(Arg2) $(Arg3) $(Arg4) $(Arg5) $(Arg6) $(Arg7) (sign: 'Microsoft') O22 - Tasks: NahimicSvc64Run - C:\Windows\system32\NahimicSvc64.exe $(Arg0) $(Arg1) $(Arg2) $(Arg3) $(Arg4) $(Arg5) $(Arg6) $(Arg7) (sign: 'Microsoft') O22 - Tasks: NahimicTask32 - C:\WINDOWS\system32\..\SysWOW64\NahimicSvc32.exe $(Arg0) $(Arg1) $(Arg2) $(Arg3) $(Arg4) $(Arg5) $(Arg6) $(Arg7) (sign: 'Microsoft') O22 - Tasks: NahimicTask64 - C:\WINDOWS\system32\.\NahimicSvc64.exe $(Arg0) $(Arg1) $(Arg2) $(Arg3) $(Arg4) $(Arg5) $(Arg6) $(Arg7) (sign: 'Microsoft') O22 - Tasks_Migrated: (telemetry) \Lenovo\Vantage\Schedule\DailyTelemetryTransmission - C:\Program Files (x86)\Lenovo\VantageService\3.8.23.0\ScheduleEventAction.exe DailyTelemetryTransmission (file missing) O22 - Tasks_Migrated: \Lenovo\BatteryGauge\BatteryGaugeMaintenance - C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe (file missing) O22 - Tasks_Migrated: \Lenovo\LenovoWelcomeLauncher - C:\ProgramData\Lenovo\ImController\Plugins\LenovoFirstRunExperiencePackage\x86\LenovoWelcome.exe /task (file missing) O22 - Tasks_Migrated: \Lenovo\LenovoWelcomeTask - C:\ProgramData\Lenovo\ImController\Plugins\LenovoFirstRunExperiencePackage\x86\LenovoWelcomeTask.exe $(EventData) (file missing) O22 - Tasks_Migrated: \Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask - C:\Program Files (x86)\Lenovo\VantageService\3.8.23.0\ScheduleEventAction.exe HeartbeatAddinDailyScheduleTask (file missing) O22 - Tasks_Migrated: \McAfeeTsk\OOBEUpgrader - C:\Program Files\McAfee\MSC\OOBE_Upgrader.exe /Run (file missing) O22 - Tasks_Migrated: OneDrive Reporting Task-S-1-5-21-4241844815-1059841684-711678986-1001 - C:\Users\domin\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (file missing) O22 - Tasks_Migrated: OneDrive Standalone Update Task-S-1-5-21-4241844815-1059841684-711678986-1001 - C:\Users\domin\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (file missing)
Disable your antivirus prior to running AVZ!
Run AVZ as admin! (located in the folder …Autologger\AVZ) click File => Customs Scripts.
Copy the content of the text file I uploaded. (AVZFix.txt)
Click edit select all copy.
Paste into AVZ window.
Make sure the word begin is in the absolute top left of the window as per picture below.
Hit Run Fix.Code:[IMG alt="1671241631764.png"]https://pchelpforum.net/attachments/1671241631764-png.11029/
The computer will reboot.
[/IMG]Code:begin ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true); CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip'); QuarantineFile('C:\ProgramData\princeton-produce',''); QuarantineFile('C:\WINDOWS\system32\rfxvmt.dll',''); DeleteFile('C:\WINDOWS\system32\rfxvmt.dll',''); DeleteFile('C:\ProgramData\princeton-produce',''); ExecuteSysClean; ExecuteWizard('SCU', 2, 3, true); ExecuteRepair(6); RebootWindows(true); end.Comment
-
Sooooo, I completed all the steps, but now my computer is stuck in a loop of rebooting, and goes into the launch menu, unable to turn on properly
(
Comment
-
Please do a restore point from the recovery console.
Comment
-
This is the message that pops up when I tried running any restore points (first the Windows Update one on the 23rd, then the SCPtoolkit uninstall one from the 20th)
"System Restore did not complete successfully. Your computer’s system files and settings were not changed.
Details:
System Restore failed to extract the original copy of the directory from the restore point.
Source: %ProgramFiles%\WindowsApps
Destination: AppxStaging
System Restore ran out of disk space while restoring your files.
You can try System Restore again and choose a different restore point. If you continue to see this error, you cab try an advanced recovery method."Comment
-
Ok, please run Frst from recovery console as before.post the logComment
Comment