Tweet
here are FRST scans
-
-
I’ll look these over., and get back to you shortly. -
Copy the content of the code box below.
[COLOR=rgb(184, 49, 47)]Do not copy the word code:
Right Click FRST and run as Administrator.
Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
Attach it to your next post.
Code:Start:: CloseProcesses: SystemRestore: On CreateRestorePoint: GroupPolicy: Restriction ? <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION Task: {91267E87-863C-49A1-8753-B8B279039D05} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (No File) Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File) S3 AppShopDrv103; ??\C:\Windows\SysWOW64\Drivers\AppShopDrv103.sys S3 HWiNFO_191; ??\C:\Users\BGGAME~1\AppData\Local\Temp\HWiNFO64A_191.SYS <==== ATTENTION S3 HWiNFO_201; ??\C:\Users\BGGAME~1\AppData\Local\Temp\HWiNFO_x64_201.sys <==== ATTENTION Task: {E3B85D02-E982-482C-8A89-3E21B0500629} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => C:\Windows\System32\Wscript.exe [204800 2024-07-10] (Microsoft Windows → Microsoft Corporation) → C:\Program Files\Intel\SUR\QUEENCREEK\x64//B //NoLogo “C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs” Task: {3AAE6A5F-FE7C-441A-847E-F399AAEAA16B} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [4916640 2024-04-15] (Intel Corporation → Intel Corporation) Task: {44C8DB73-DCB7-430B-A8D8-D703A0EEF795} - System32\Tasks\WaterfoxLimited\Waterfox Default Browser Agent 6F940AC27A98DD61 => C:\Program Files\Waterfox\default-browser-agent.exe [678040 2024-07-08] (BrowserWorks Ltd → Mozilla Foundation) AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [3434] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ActivityWatch.lnk:FB9FE75D10 [3434] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [3434] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [3434] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FACEIT AC.lnk:550995E265 [3434] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk:159ADC9AA1 [3434] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server.lnk:A4E18C6AEC [3434] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waterfox Private Browsing.lnk:14F60F75DA [3434] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waterfox.lnk:9930A02307 [3434] FirewallRules: [TCP Query User{60A1A913-DDB6-43C7-B145-DB300E233F6A}D:\ww3\ww3gamelauncher\sglww3.exe] => (Allow) D:\ww3\ww3gamelauncher\sglww3.exe => No File FirewallRules: [UDP Query User{16C6BDC1-4F38-4DF9-A59F-26FDA516CB47}D:\ww3\ww3gamelauncher\sglww3.exe] => (Allow) D:\ww3\ww3gamelauncher\sglww3.exe => No File FirewallRules: [{5DBD91D9-4A98-458C-91FB-6A3D1333FD3D}] => (Allow) D:\BlackShot\BlackShot\System\blackshot.exe => No File FirewallRules: [{9AABA8E3-A321-46B0-ADF8-6CA2D24B2924}] => (Allow) D:\BlackShot\BlackShot\System\blackshot.exe => No File FirewallRules: [{97B0CBC8-B936-4879-9978-75BF0FA3D8D2}] => (Allow) D:\SteamLibrary\steamapps\common\Albion Online\launcher\AlbionLauncher.exe => No File FirewallRules: [{D3DB0E55-3343-44A9-A273-734415088197}] => (Allow) D:\SteamLibrary\steamapps\common\Albion Online\launcher\AlbionLauncher.exe => No File FirewallRules: [{44312121-5C3F-4C0B-ADEC-106FBE9EB283}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe => No File C:\Windows\system32\drivers\etc\hosts Hosts: HKU\S-1-5-21-3219355904-1382751206-166821852-1001...\StartupApproved\Run: => “OneDrive” CMD: del /s /q "%userprofile%\AppData\Local\temp*." CMD: ipconfig /flushdns C:\Windows\Temp*. C:\WINDOWS\system32*.tmp C:\WINDOWS\syswow64*.tmp emptytemp: ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions Reboot: End::
Download Malwarebytes v.4 . Install and run.
[ul]
[li]Once the MBAM dashboard opens, click on Settings (gear icon).[/li][li]Click on Security tab and make sure that all four Scan options are enabled.[/li][li]Close Settings and click on the Scan button on the dashboard.[/li][li]Once the scan is completed make sure you have it quarantine any detections it finds.[/li][li]If no detections were found click on the Save results drop-down, then the Export to TXT button and save the file as a Text file to your desktop.[/li][li]If there were detections then once the quarantine has completed click on the View report button, then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other __cpLocation you can find and attach that log on your next reply.[/li][li]If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other __cpLocation you can find and include that log on your next reply.[/li][/ul][/COLOR]Comment
-
trying to click malwarebytes v4 but this shows up [ATTACH type=“full” size=“1765x918”]14082[/ATTACH]Comment
-
Link fixed. Also, you can get it here.Comment
-
here is the malwarebytes scan,Comment
-
[COLOR=rgb(184, 49, 47)]Also the FRST fix log please.
Adware Cleaner
[ul]
[li]Download AdwCleaner and save it to your Desktop[/li][li]Right-click on AdwCleaner.exeand select, Run as Administrator[/li][li]Accept the EULA (I accept), then click on Scan Now[/li][li]Let the scan complete[/li][li]Once the scan completes, make sure that every item listed in the different tabs is checked and click on the Quarantine and delete.[/li][li]Once the cleaning process is complete, AdwCleaner will ask you to restart your computer[/li][li]Close all other open windows and allow it to restart[/li][li]After the restart, Notepad will open with the AdwCleaner cleaning log[/li][li]Please Attach the contents of that log into your next reply to me[/li][/ul]
Security Check Scan.
[ul]
[li]Download Security Check to your desktop.[/li][li]Right click it run as administrator.[/li][li]When the program completes, the tool will automatically open a log file.[/li][li]Please [COLOR=rgb(184, 49, 47)]Copy and paste that log here in your next post.[/li][li]There will be items listed in red when you post this log, those items need to be updated.[/li][/ul][/COLOR][/COLOR]Comment
-
SecurityCheck by glax24 & Severnyj v.1.4.0.57 [24.01.24]
WebSite: www.safezone.cc
DateLog: 07.08.2024 20:35:43
Path starting: C:\Users\BGGames420\AppData\Local\Temp\SecurityChe ck\SecurityCheck.exe
Log directory: C:\SecurityCheck
IsAdmin: True
User: BGGames420
VersionXML: 12.43is-30.07.2024
Windows 11(6.3.22631) (x64) Core Release: 23H2 Lang: English(0409)
Installation date OS: 17.06.2024 05:46:48
LicenseStatus: Windows(R), Core edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files\Waterfox\waterfox.exe
SystemDrive: C: FS: [NTFS] Capacity: [464.9 Gb] Used: [369 Gb] Free: [95.9 Gb]
------------------------------- [ Windows ] -------------------------------
User Account Control enabled (Level 3)
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service has stopped
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Malwarebytes (disabled and up to date)
Windows Defender (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Defender Firewall (mpssvc) - The service is running
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Malwarebytes version 5.1.7.121 v.5.1.7.121
--------------------------- [ OtherUtilities ] ----------------------------
Notepad++ (64-bit x64) v.8.6.8 Warning! Download Update
Python 3.12.4 (64-bit) v.3.12.4150.0
Microsoft Edge WebView2 Runtime v.126.0.2592.113 Warning! Download Update
Steam v.2.10.91.91
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.40.33810 v.14.40.33810.0
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.40.33810 v.14.40.33810.0
Intel® Driver & Support Assistant v.24.4.32.8
------------------------------- [ Backup ] --------------------------------
Microsoft OneDrive v.24.141.0714.0003
------------------------------ [ ArchAndFM ] ------------------------------
WinRAR 7.01 (64-bit) v.7.01.0
------------------------------- [ Imaging ] -------------------------------
GIMP 2.10.38 v.2.10.38
-------------------------- [ IMAndCollaborate ] ---------------------------
Zoom Workplace (64-bit) v.6.0.39959 Warning! Download Update
Discord v.1.0.9149 Warning! Download Update
--------------------------------- [ P2P ] ---------------------------------
qBittorrent v.4.6.5
------------------------------- [ Browser ] -------------------------------
Waterfox (x64 en-US) v.G6.0.17
Microsoft Edge v.127.0.2651.86
------------------ [ AntivirusFirewallProcessServices ] -------------------
Malwarebytes Service (MBAMService) - The service has stopped
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MsMpEng.exe v.4.18.24070.5
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\NisSrv.exe v.4.18.24070.5
Microsoft Defender Antivirus Service (WinDefend) - The service is running
Microsoft Defender Antivirus Network Inspection Service (WdNisSvc) - The service is running
---------------------------- [ UnwantedApps ] -----------------------------
Bonjour v.3.0.0.10 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
----------------------------- [ End of Log ] ------------------------------Comment
-
[COLOR=rgb(184, 49, 47)]I really see nothing of concern to be honest.
This was in defender exclusions, any idea what it is?
[ICODE] "C:\Users\*\Documents\Celemony\Separations"="0 "[/ICODE]
Update everything in red from the Security Check log when you can, uninstall malwarebytes.
If you do not use these:
Uninstall OneDrive.
Disable Bitlocker
Block Edge[/COLOR]Comment
-
[COLOR=rgb(184, 49, 47)]Originally posted by Malnutrition
i dont remember what that celemony was or is[/color]Comment
-
[COLOR=rgb(184, 49, 47)]Melodyne 5 (Version: 5.01.01003 - Celemony Software GmbH) [COLOR=rgb(184, 49, 47)]Seems you have this installed.
Things look good, post one last set of FRST and Additon.txt logs to make sure I did not miss anything, I may check them later tonight or tomorrow after work.[/COLOR][/COLOR]Comment
-
[COLOR=rgb(184, 49, 47)][COLOR=rgb(184, 49, 47)]Originally posted by Malnutrition
ohhhh i wanted to make music so i installed that plugin[/color][/color]Comment
-
also here this error im getting when installing update for Microsoft Edge WebView2 Runtime[ATTACH type=“full” size=“722x320”]14086[/ATTACH]Comment
-
Skip the edge update. If you do not really use it, if you do windows update will take care of it.Comment
-
hereComment
Comment