-
1 Attachment(s)
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
-
I couldn't do anything with it.
-
Nothing can up as I press the FIX button.
-
Make sure FRST and "fixlist.txt" are in the same location. On your Desktop for instance.
-
I can see, your FRST file is located here:
Running from C:\Users\BDSRe\AppData\Local\Temp\scoped_dir3916_964892910
Move it to your Desktop, as well as "fixlist.txt"
-
I cannot find it. I went from Local. I don't see Temp to find the file.
-
Download FRST one more time and make sure you can find it.
-
Okay. I finally got it to work.
I lost the file when I trying to paste it.
-
Fix result of Farbar Recovery Scan Tool (x64) Version: 24-11-2019
Ran by Branden (24-11-2019 16:42:52) Run:3
Running from C:\Users\BDSRe\Desktop
Loaded Profiles: Branden (Available Profiles: Branden)
Boot Mode: Normal
==============================================
fixlist content:
*****************
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
2018-12-27 07:49 - 2018-12-27 08:03 - 024568792 _____ (FrostWire LLC) C:\Users\BDSRe\AppData\Roaming\Frostwire_setup.exe
2016-01-11 22:05 - 2019-11-24 10:09 - 000000165 _____ () C:\Users\BDSRe\AppData\Roaming\sp_data.sys
2018-11-22 01:32 - 2018-11-22 01:32 - 000000045 _____ () C:\Users\BDSRe\AppData\Roaming\WB.CFG
2018-12-10 19:13 - 2018-12-14 14:43 - 000000000 _____ () C:\Users\BDSRe\AppData\Local\{2264F19C-51DD-4156-907C-1F138B3D5A25}
2017-12-25 00:20 - 2017-12-25 00:20 - 000000000 _____ () C:\Users\BDSRe\AppData\Local\{477D0F5B-574D-4213-AD82-061935BF1D79}
2017-10-06 10:09 - 2017-10-06 10:09 - 000000000 _____ () C:\Users\BDSRe\AppData\Local\{4A88FC1F-4A4C-4867-A33F-8322795E3275}
2018-07-22 07:30 - 2018-07-22 07:30 - 000000000 _____ () C:\Users\BDSRe\AppData\Local\{95D6B24E-5BCE-42FE-9FA9-1596006BA882}
2018-07-13 08:01 - 2018-07-13 08:01 - 000000000 _____ () C:\Users\BDSRe\AppData\Local\{A3527301-039F-4A12-825F-06FE61A588DB}
ContextMenuHandlers1: [BtSendToMenuEx] -> {CF24E6B8-F148-4BCB-9108-ADF313966E80} => -> No File
FirewallRules: [{08A1FB2D-0B5D-4AA2-BEF7-4AD3D9B41154}] => (Allow) C:\Program Files\FrostWire 6\FrostWire.exe No File
FirewallRules: [{B4521DA6-20A0-498B-8CAD-19FCE97CE56C}] => (Allow) C:\Program Files\FrostWire 6\FrostWire.exe No File
*****************
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
"C:\Users\BDSRe\AppData\Roaming\Frostwire_setup.exe" => not found
"C:\Users\BDSRe\AppData\Roaming\sp_data.sys" => not found
"C:\Users\BDSRe\AppData\Roaming\WB.CFG" => not found
"C:\Users\BDSRe\AppData\Local\{2264F19C-51DD-4156-907C-1F138B3D5A25}" => not found
"C:\Users\BDSRe\AppData\Local\{477D0F5B-574D-4213-AD82-061935BF1D79}" => not found
"C:\Users\BDSRe\AppData\Local\{4A88FC1F-4A4C-4867-A33F-8322795E3275}" => not found
"C:\Users\BDSRe\AppData\Local\{95D6B24E-5BCE-42FE-9FA9-1596006BA882}" => not found
"C:\Users\BDSRe\AppData\Local\{A3527301-039F-4A12-825F-06FE61A588DB}" => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BtSendToMenuEx => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{08A1FB2D-0B5D-4AA2-BEF7-4AD3D9B41154}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B4521DA6-20A0-498B-8CAD-19FCE97CE56C}" => not found
==== End of Fixlog 16:43:01 ====
-
Good :)
Last scans...
http://dev.discussions.virtualdr.com.../2020/01/2.gif Download Security Check from here or here and save it to your Desktop.
- Double-click SecurityCheck.exe
- Follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run
http://dev.discussions.virtualdr.com.../2020/01/2.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
- Other Services
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.
http://dev.discussions.virtualdr.com.../2020/01/2.gif Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
- Double click on TFC.exe to run the program.
- Click on Start button to begin cleaning process.
- TFC will close all running programs, and it may ask you to restart computer.
http://dev.discussions.virtualdr.com.../2020/01/2.gif Download Sophos Free Virus Removal Tool and save it to your desktop.
- Double click the icon and select Run
- Click Next
- Select I accept the terms in this license agreement, then click Next twice
- Click Install
- Click Finish to launch the program
- Once the virus database has been updated click Start Scanning
- If any threats are found click Details, then View log file... (bottom left hand corner)
- Copy and paste the results in your reply
- Close the Notepad document, close the Threat Details screen, then click Start cleanup
- Click Exit to close the program
-
Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
Total AV
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
-
Farbar Service Scanner Version: 27-01-2016
Ran by Branden (administrator) on 24-11-2019 at 18:07:58
Running from "C:\Users\BDSRe\AppData\Local\Temp\scoped_dir9148_1724111190"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
**** End of log ****
-
PUA remnants cleaned
Leftovers of applications that are not malicious but have potentially unwanted behavior, such as adware
Nosibay
HKU\S-1-5-21-3758581638-1056429801-1631095206-1001\Software\Classes\MIME\Database\Content Type\application∕x-bubbledock\
Sunday, November 24, 2019 7:06 PM
PUA remnants cleaned
Leftovers of applications that are not malicious but have potentially unwanted behavior, such as adware
PCProtect
HKU\S-1-5-21-3758581638-1056429801-1631095206-1001\Software\Classes\Wow6432Node\CLSID\{d79b57ed-727c-4ab8-ba67-e7c6fd30fac1}\
Sunday, November 24, 2019 7:06 PM
PUA remnants detected
Leftovers of applications that are not malicious but have potentially unwanted behavior, such as adware
Nosibay
HKU\S-1-5-21-3758581638-1056429801-1631095206-1001\Software\Classes\MIME\Database\Content Type\application∕x-bubbledock\+1
Sunday, November 24, 2019 7:04 PM
PUA remnants detected
Leftovers of applications that are not malicious but have potentially unwanted behavior, such as adware
PCProtect
HKU\S-1-5-21-3758581638-1056429801-1631095206-1001\Software\Classes\Wow6432Node\CLSID\{d79b57ed-727c-4ab8-ba67-e7c6fd30fac1}\+1
Sunday, November 24, 2019 7:04 PM
Potentially unwanted application cleaned
This application is not malicious but has potentially unwanted behavior and has been quarantined
Show Advanced Options
App/Generic-EN
C:\Users\BDSRe\Downloads\frostwire-6.8.3.windows.fusion (1).exe
Sunday, November 24, 2019 6:57 PM
Potentially unwanted application cleaned
This application is not malicious but has potentially unwanted behavior and has been quarantined
Show Advanced Options
App/Generic-EN
C:\Users\BDSRe\Downloads\frostwire-6.8.3.windows.fusion.exe
Sunday, November 24, 2019 6:57 PM
Potentially unwanted application cleaned
This application is not malicious but has potentially unwanted behavior and has been quarantined
Show Advanced Options
App/Generic-EN
C:\Users\BDSRe\.frostwire5\updates\frostwire-6.8.3.windows.fusion.exe
Sunday, November 24, 2019 6:53 PM
The End
© 2013-2019 Sophos Ltd. All Rights Reserved | Terms of Service | End User License Agreement | Privacy
-
Your computer is clean [img=https://www.bleepstatic.com/fhost/uploads/6/snag-0004.jpg]
1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download http://www.imgdumper.nl/uploads6/51a...3de-delfix.pngDelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.
Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
- Activate UAC (optional; some users prefer to keep it off)
- Remove disinfection tools
- Create registry backup
- Purge System Restore
- Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.
2. Make sure Windows Updates are current.
3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!
4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")
5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.
6. Run Temporary File Cleaner (TFC) and AdwCleaner weekly (you need to redownload these tools since they were removed by DelFix).
7. (optional) If you want to keep all your programs up to date, download and install FileHippo App Manager.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.
8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.
9. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tuto...r-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/foru.../#entry3187642
10. Please, let me know, how your computer is doing.
-
Thank you so much. Those annoying popups are gone. I will set a reminder to clean my computer from now on. Thanks again.