Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92816 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Found some infected files on my laptop [Solved]


  • This topic is locked This topic is locked
25 replies to this topic

#1 CMD4649

CMD4649

    Authentic Member

  • Authentic Member
  • PipPip
  • 68 posts

Posted 22 April 2020 - 12:54 PM

Hello. My Windows 7 32 but laptop is infected. I received a suspicious email and decided to check. The PC is behaving properly, no slowness or redirecting, etc, but I want to be sure. I've attached the logs for  aswMBR and the FarBar recover scan tools. I noticed that aswMBR found some infected files and while i was running the scan, Windows 7 said that it found some malicious software and asked me to remove it, so I did. However, aswMBR found additonal stuff. Please have a look at them if there is anything else you want me to do.

 

Thanks,

Charlie

 

 

Attached Files


    Advertisements

Register to Remove


#2 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,775 posts
  • Interests:LFC, music, more LFC, more music

Posted 22 April 2020 - 03:38 PM

Hello CMD4649 and welcome to WTT.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Antivirus

You have no active antivirus on your computer. You are already using an out-of-date, vulnerable operating system which is probably the major reason for so many infections.

We’ll deal with that when your computer is in better shape but meanwhile, please don’t use the Internet except to deal with this issue or visit sites that you are 100% certain are safe.

===================================================

Note: Please complete these tasks in the order given in the instructions.

===================================================

Uninstall programmes

Please uninstall these programmes:

McAfee Security Scan Plus
Search the Web
Speedial
Web Search

  • click Start, Control Panel, Programs and Features
  • click on McAfee Security Scan Plus and then Uninstall
  • repeat this for the other programs listed above.

If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

  • repeat this for the other programmes listed above.

================================================

Run Malwarebytes Anti-Malware

Please download Malwarebytes Anti-Malware from here:

  • run the program
  • click on Scan
  • Malwarebytes will then run an update and begin the scan
  • when the scan has completed and if malware was found, click the Quarantine Selected button to allow MBAM to quarantine what was found
  • if prompted to restart the computer, close all other programs and click Yes to restart your computer
  • once you are back at your desktop, open MBAM once more
  • click on the ‘Reports’ tab
  • double-click on the most recent Scan Report
  • click on Export, then Copy to Clipboard

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

  • run AdwCleaner by clicking on Scan Now
  • when it has finished, leave everything that was found checked, (ticked), then click on Clean and Repair
  • if it asks to reboot, allow the reboot
  • on reboot, click on View Log File; please attach the content of the log to your next reply.

Logs to include with the next post:

Mbam.txt
AdwCleaner log


Thanks

Satchfan


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#3 CMD4649

CMD4649

    Authentic Member

  • Authentic Member
  • PipPip
  • 68 posts

Posted 22 April 2020 - 05:19 PM

Ok, I did everything and I added the log files. Please let me know if I did everything correctly and what the next steps are.

 

Thanks.

Attached Files



#4 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,775 posts
  • Interests:LFC, music, more LFC, more music

Posted 22 April 2020 - 05:31 PM

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • press Scan button
  • it will produce a log called Frst.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Frst.txt into your reply.

Logs to include with next post:

Frst.txt
Addition.txt


Thanks

I'm in the UK and it's 30 minutes past midnight here so I won't get back tonight but will check the logs and reply as soon as I can

Satchfan

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#5 CMD4649

CMD4649

    Authentic Member

  • Authentic Member
  • PipPip
  • 68 posts

Posted 22 April 2020 - 06:04 PM

Here are the two files.

Attached Files



#6 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,775 posts
  • Interests:LFC, music, more LFC, more music

Posted 23 April 2020 - 05:31 AM

Still some work to do.

Remove Firefox extensions

 

  • click on Tools, Add-ons, Extensions
  • click on Speedial and then on Remove.

===================

Uninstall Chrome Extension

  • open Google Chrome and type chrome://extensions in the address bar, then press Enter
  • click the trash can icon next to the following extension(s):

    Google Search

  • a confirmation dialog will appear, click Remove.

===================================================

Disable Windows Defender

This old version of Windows Defender was pretty useless and generally only looked for spyware. It’s using up resources so I suggest you turn it off.

To turn real-time protection off:

  • open Windows Defender, (Start > Programs > Windows Defender)
  • click Tools and then General Settings
  • under ‘Real-time protection’, uncheck the Turn on real-time protection (recommended) check box
  • click Save.

===================================================

Run Farbar Recovery Scan Tool

Open notepad (Start >All Programs > Accessories > Notepad). Please copy the entire contents of the code box below and paste it into Notepad.

CloseProcesses:
HKU\S-1-5-21-2096224749-2221668371-2573596170-1000\...\Run: [Chromium] => "c:\users\charlie\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {26BF7887-AF72-4DAE-BC99-60281365158D} - System32\Tasks\Mokin\{4B7A83BD-6684-B30C-8E61-4AD22F2B5F9A} => C:\Users\Charlie\AppData\Roaming\Sopihof\Mokin.exe [585728 2013-04-28] () [File not signed]
Task: {29FE98F8-F673-43B4-A5F5-3185A3825E4D} - System32\Tasks\Pakacotis\{4B7A83BD-6684-B30C-8E61-4AD22F2B5F9A} => C:\Users\Charlie\AppData\Roaming\BOMAFE~1\PAKACO~1.EXE <==== ATTENTION
Task: {E84DF58E-DCCC-47C0-945C-E9A06187A789} - System32\Tasks\{2A5BABA1-02AB-DD00-AC5D-05D0E997BC84} => C:\Users\Charlie\AppData\Local\{972FA~1\UNINST~1.EXE <==== ATTENTION
Task: {F0BADA78-0975-4C7C-BF3A-ECF6E6522494} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [37389672 2018-02-01] (McAfee, Inc. -> McAfee, Inc.)
Task: C:\Windows\Tasks\{2A5BABA1-02AB-DD00-AC5D-05D0E997BC84}.job => C:\Users\Charlie\AppData\Local\{972FA~1\UNINST~1.EXE <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-7426cda5&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-7426cda5&q={searchTerms}
SearchScopes: HKLM -> {d4fee3d1-1014-4db8-a824-573bf9ab51c7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2096224749-2221668371-2573596170-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-7426cda5&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2096224749-2221668371-2573596170-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-7426cda5&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2096224749-2221668371-2573596170-1000 -> {d4fee3d1-1014-4db8-a824-573bf9ab51c7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
Edge StartupUrls: Default -> "hxxps://us.search.yahoo.com/yhs/web?hspart=ner&hsimp=yhs-001&type=aee_84d015defd161c9282&param1=ArFaIWxoNqArQGMVADwgQGR7B7NoN9I8xbFbMmYsQGMVzT0py6RoNqAqAXFaIWQBvmE4ICILNopcGWUIvmE9ISIVwVQ9J6k4NVRdIGYYwVI9JqYYNVQ4ISIYNVE9JCILNVJdESk8NUM9Jmk4wVQ3vmILNFdbDSk8vFE9ImoVvmo9ImIVwVA3vCIXwV5cGWUWvmE9GqUNNFxcJqUDNF5bDGUNNEU3wGQGvFQ4J6oXwVQ3vqYWvmpdJmISwVNdImIWNVI9I6IXNVQ4ICoUwVw9JCIWNVU4ISISvmo9JCoUvFE9J6oWvFFdImIYwVQ4ISoWNoU9GqUMNFBcJqQzNEBcGqQANFdcFCk8NoNdIWYTvmldJmoUvmk4JqYUwVxdIWYTwVNdICISvFE9IWYWNVA9IaYXNVJdIWYTwVxdICoUNVNdJ6IWvFQ9Jmk3wVNdJCk3wVVbFCILNVVdGSk8vFE9GqUXNolcEqUFNENcGmk8wVQ4ISIWwVQ4ICILNEVbDqUXNEZcFmk8wVM4ISoXvmk4ICoUvmk3vmoXvFNoNqAqxrFaIWx8NaRcLGRdLXFbMnVoN9I4ATsux81cLE1aLU08xTIuADwgxSQdCaZdCaZdQGR7y6MuwnEbQGMVMr5cQGR7y6NoN9ICzD4py6waQGQXMbFbJoYby7Aox6Mky74syZ%3D%3D&param2=MWZbMGZaNGV7"
Edge DefaultSearchURL: Default -> hxxps://us.search.yahoo.com/yhs/search?hspart=ner&hsimp=yhs-001&type=aee_84d015defd161c9282&param1=ArFaIWJoNqArQGMVADwgQGR7B7NoN9I8xbFbMmYsQGMVzT0py6RoNqAqAXFaIWQBvmE4ICILNopcGWUIvmE9ISIVwVQ9J6k4NVRdIGYYwVI9JqYYNVQ4ISIYNVE9JCILNVJdESk8NUM9Jmk4wVQ3vmILNFdbDSk8vFE9ImoVvmo9ImIVwVA3vCIXwV5cGWUWvmE9GqUNNFxcJqUDNF5bDGUNNEU3wGQGvFQ4J6oXwVQ3vqYWvmpdJmISwVNdImIWNVI9I6IXNVQ4ICoUwVw9JCIWNVU4ISISvmo9JCoUvFE9J6oWvFFdImIYwVQ4ISoWNoU9GqUMNFBcJqQzNEBcGqQANFdcFCk8NoNdIWYTvmldJmoUvmk4JqYUwVxdIWYTwVNdICISvFE9IWYWNVA9IaYXNVJdIWYTwVxdICoUNVNdJ6IWvFQ9Jmk3wVNdJCk3wVVbFCILNVVdGSk8vFE9GqUXNolcEqUFNENcGmk8wVQ4ISIWwVQ4ICILNEVbDqUXNEZcFmk8wVM4ISoXvmk4ICoUvmk3vmoXvFNoNqAqxrFaIWx8NaRcLGRdLXFbMnVoN9I4ATsux81cLE1aLU08xTIuADwgxSQdCaZdCaZdQGR7y6MuwnEbQGMVMr5cQGR7y6NoN9ICzD4py6waQGQXMbFbJoYby7Aox6Mky74syZ%3D%3D&param2=NqZ6MqtdMGB4Md%3D%3D&p={searchTerms}
Edge DefaultSearchKeyword: Default -> search by Yahoo
FF user.js: detected! => C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\aos2gv11.default\user.js [2014-05-13]
FF Homepage: Mozilla\Firefox\Profiles\aos2gv11.default -> hxxps://us.search.yahoo.com/yhs/web?hspart=shnl&hsimp=yhs-001&type=c110aaa89b40879c3d883dc5a5d&param1=Firefox&param2=1&param3=campaignID%3D207%26UserID%3D1542095211&param4=XPbueSzfBeG6K2MlxBpfEBg5afwJRzalH8Aq7yC7BPrbGXnHmQLQfgqC8VQxjJ1n9veK2BW1lOhYsp0z+b0xd3w6ZEqaD+5MLn1hhBzHr+wqrnA9Pb9yveBJKQWV26rY1a1IHPYmBcUW1od42MpnhuK8OiR5dAroHwiVQYfJ90Wfhw6j8vEr757PqBsLs6RO4cOOmfGe/57w1vxoo191tFilCpvJ0vkB5vFTWVIfYQNqxIeNh51/AkKkSmh/oh8aadzNFi+a8x+v03ZxTB9HNBZHDi5OHG8hEOD3lD9LKBKLv99CZImUUIeq1kCtkyvz38Bac6V3HuGAkL5VqL8uWE6xaM/E9L26rZBP5BsNvmiKJ0lFpkqfz6hISSta4+8iK0g7EjmjxVrLsYoIzyj9/nWCBzrGJe/ZG5BH9UzAVYsHYAxJb+d/clhJ/AEjluLovVLpDuwg+9cpePyHBRBJlsTkzpnZR29HJN4AJHZReS1c4LFW3vqHQDWy3S2+PpKOCgrMZVd+zVfIpzimv8Bz8TKwMDjp2DSVbA/Dek/jj0MtoXYHMC25LcpW9l/JCExY2NX/BfjKLQleJZ9tyvvVvB+ETQO2bgU/yma7UlcrJ8TVALFTd9umTHryCgltfvCdAgoaPkDeoOXvmBYdGenBfoCPSQwgH8DrOgWdUzYxnpwtSzroa82WMFJzob3b8KpF
FF Extension: (Speedial) - C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\aos2gv11.default\Extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52} [2014-05-09] [Legacy] [not signed]
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe [X]
S2 TrueKey; "C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe" [X]
S2 TrueKeyScheduler; "C:\Program Files\TrueKey\McTkSchedulerService.exe" [X]
S3 TrueKeyServiceHelper; "C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe" [X]
2020-04-22 14:08 - 2020-04-22 14:08 - 000339691 _____ C:\Users\Charlie\AppData\Roaming\Hanimidel
2020-04-22 19:07 - 2019-12-14 01:09 - 000000000 ____D C:\Users\Charlie\AppData\Roaming\Kinilakohas
2020-04-22 19:07 - 2019-09-06 00:10 - 000000000 ____D C:\Windows\system32\Tasks\Pokabegac
2020-04-22 19:07 - 2019-09-06 00:10 - 000000000 ____D C:\Users\Charlie\AppData\Roaming\Pofofotapup
2020-04-22 19:07 - 2019-07-17 21:30 - 000000000 ____D C:\Windows\system32\Tasks\Benam
2020-04-22 19:07 - 2019-07-17 21:30 - 000000000 ____D C:\Users\Charlie\AppData\Roaming\Pubagecoge
2020-04-22 19:07 - 2019-06-15 00:09 - 000000000 ____D C:\Windows\system32\Tasks\Dasirenop
2020-04-22 19:07 - 2019-06-15 00:09 - 000000000 ____D C:\Users\Charlie\AppData\Roaming\Hahuci
2020-04-22 19:07 - 2019-05-28 22:21 - 000000000 ____D C:\Users\Charlie\AppData\Roaming\Cebohed
2020-04-22 19:07 - 2018-05-06 21:40 - 000000000 ____D C:\Windows\system32\Tasks\Rekunamom
2020-04-22 19:07 - 2018-04-20 10:08 - 000000000 ____D C:\Windows\system32\Tasks\Hekogec
2020-04-22 19:07 - 2018-04-20 10:08 - 000000000 ____D C:\Users\Charlie\AppData\Roaming\Lucoc
2020-04-22 19:07 - 2018-04-12 10:17 - 000000000 ____D C:\Windows\system32\Tasks\Giseker
2020-04-22 19:07 - 2018-04-04 09:45 - 000000000 ____D C:\Windows\system32\Tasks\Cucigipa
2020-04-22 19:07 - 2018-03-26 10:51 - 000000000 ____D C:\Windows\system32\Tasks\Nilacase
2020-04-22 19:07 - 2018-03-26 10:51 - 000000000 ____D C:\Users\Charlie\AppData\Roaming\Barel
2020-04-22 18:52 - 2016-04-24 20:52 - 000000278 _____ C:\Windows\Tasks\{2A5BABA1-02AB-DD00-AC5D-05D0E997BC84}.job
2020-04-22 18:47 - 2016-07-20 14:53 - 000000000 ____D C:\Users\Charlie\AppData\Local\Chromium
2020-04-22 18:45 - 2020-03-22 08:56 - 000000000 ____D C:\Windows\system32\Tasks\Natimo
2020-04-22 18:37 - 2018-06-09 10:19 - 000000000 ____D C:\Windows\system32\Tasks\Lehupo
2020-04-22 18:37 - 2016-07-20 14:52 - 000000000 ____D C:\Users\Charlie\AppData\Local\{738A45D6-5722-296E-3ABA-0C861ED2F01E}
2020-04-22 14:38 - 2019-03-13 19:35 - 000000000 ____D C:\Users\Charlie\AppData\Roaming\Bomafesecam
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.15 - Google Inc.) Hidden
FirewallRules: [{E67FBF45-1E25-4D83-A373-C3DE1D285E07}] => (Allow) C:\Users\Charlie\AppData\Local\Chromium\Application\chrome.exe No File
C:\Users\Charlie\AppData\Roaming\Sopihof
C:\Program Files\Common Files\AV
cmd: netsh int ip reset
cmd: ipconfig /flushdns
EmptyTemp:

NOTE: this script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST then click Fix just once and wait
  • it will create a log (Fixlog.txt); please post it to your reply.

Satchfan

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#7 CMD4649

CMD4649

    Authentic Member

  • Authentic Member
  • PipPip
  • 68 posts

Posted 23 April 2020 - 07:31 AM

Good morning, or afternoon since you're in the UK. I did everything and attached the fix log. I disabled the Firefox extensions and Windows defender, but when I went into Google Chrome and typed chrome://extensions, I didn't see an entry for Googe Search, I saw four extensions which were:

 

Adobe Acrobat

Google Docs Offline

Skype

Docs

 

I didn't see anything for Google Search. Did I miss something? Is there anything else that you want me to do?

Attached Files



#8 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,775 posts
  • Interests:LFC, music, more LFC, more music

Posted 23 April 2020 - 08:02 AM

Good morning.

 

That extension’s a bit of a nuisance because we can’t remove it with FRST. We’ll see what another tool comes up with.

First:

Uninstall the following as you did before:

Google Update Helper, (both, if there is more than one)
Intel Security True Key

===================================================

Run RogueKiller

IMPORTANT: Please remove any usb or external drives from the computer and close all running programs before you run this scan!

Download RogueKiller to your desktop

  • for Windows Vista/7/8/10, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
  • accept the user agreement
  • click on Scan
  • if a Windows opens to explain what [PUM's] are, read about it
  • click the RoguKiller icon on your taksbar to return to the report
  • when it has finished, click on Open Report
  • click on Export Txt and save the file on your Desktop as RKreport.txt
  • copy/paste the content in your next post
  • click on the ‘Remove’ button to delete the items in RED
  • click Finish and close the program
  • locate the RKreport.txt file on your Desktop and copy/paste the contents in your next reply.

Satchfan

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#9 CMD4649

CMD4649

    Authentic Member

  • Authentic Member
  • PipPip
  • 68 posts

Posted 23 April 2020 - 08:49 AM

I've attached the results from Rogue Killer. It found some things and then I had it fix them. Fro the Chrome Extensions, I didn't see anything for Google Update Helper or Intel Security True Key. I only see the four extensions that I mentioned previously. 

Attached Files



#10 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,775 posts
  • Interests:LFC, music, more LFC, more music

Posted 23 April 2020 - 09:08 AM

They are not extensions, they are programmes.

Go to Control Panel, Programs and Features and uninstall them.

After you have done that, please run FRST again and make sure there is a checkmark next to ‘Addition.txt’ before you hit Scan.

Logs to include with next post:

New Frst.txt
New Addition.txt


Thanks


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

    Advertisements

Register to Remove


#11 CMD4649

CMD4649

    Authentic Member

  • Authentic Member
  • PipPip
  • 68 posts

Posted 23 April 2020 - 10:30 AM

Ok, I found two instances of Google Update Helper in the control panel and I removed both of them. I found an entry for Intel Security True Key in control panel and tried to remove it, but it said that it couldn't remove it because must have already been removed. It asked me if I wanted to remove it from the list of applications in the control panel, and I had it do that.  

 

I have attached the two new logs for FRST.

Attached Files



#12 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,775 posts
  • Interests:LFC, music, more LFC, more music

Posted 23 April 2020 - 11:59 AM

Did you uninstall the programmes after you ran FRST?


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#13 CMD4649

CMD4649

    Authentic Member

  • Authentic Member
  • PipPip
  • 68 posts

Posted 23 April 2020 - 12:26 PM

No, I uninstalled the applications from control panel first, and then ran FRST. Like I said, it uninstalled the two Google Update applications without any issues. Perhaps from the previous times I ran FRST, Ad Aware cleaner, and Rogue Killer the Intel Security True Key application was removed, but it still showed up in control panel. I don't know.

 

Let me know what my next steps are and thank you very much for all of your help!



#14 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,775 posts
  • Interests:LFC, music, more LFC, more music

Posted 23 April 2020 - 05:10 PM

I think there's more than I thought on your computer, so let's have a look.

 

Malwarebytes Anti-Rootkit Beta

  • download Malwarebytes Anti-Rootkit Beta and extract it to your desktop, (MBAR will be launched shortly after the extraction)
  • click on Next, and then on the Update button to let it update its database. Once the database has been successfully updated, click on Next
  • make sure all the checkboxes are checked, then click on the Scan button, and let it completes its scan, (this can take a while)
  • once the scan is done, make sure that every item is checked, and click on the Cleanup button, (a reboot might be required)
  • after that, (and the reboot, if one was required), go back in the mbar folder and look for a text file called mbar-log-TODAY'S-DATE.txt
  • copy/paste the content of that log in your next reply.

Satchfan

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#15 CMD4649

CMD4649

    Authentic Member

  • Authentic Member
  • PipPip
  • 68 posts

Posted 23 April 2020 - 06:12 PM

Well, I just ran Makwarebytes Anti-Rootkit and it found nothing. It said that no cleanup is required and didn't produce a log file, so that's a good thing.


Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users