All Activity

This stream auto-updates     

  1. Past hour
  2. Done as well!! FRST.txt Addition.txt
  3. Today
  4. Run a fresh scan with FRST. Attach the new FRST reports to your reply. I will check back tomorrow and look at the scan reports.
  5. Done, thanks for the quick reply! Fixlog.txt
  6. Copy the below code to Notepad; Save As fixlist.txt to your Desktop. HKLM\Software\...\AppCompatFlags\Custom\chrome.exe: [{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb] -> HKLM\Software\...\AppCompatFlags\Custom\chrome.exe: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] -> HKLM\Software\...\AppCompatFlags\Custom\explorer.xxx: [{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb] -> HKLM\Software\...\AppCompatFlags\Custom\explorer.zza: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] -> HKLM\Software\...\AppCompatFlags\Custom\firefox.exe: [{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb] -> HKLM\Software\...\AppCompatFlags\Custom\iexplore.exe: [{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb] -> HKLM\Software\...\AppCompatFlags\Custom\iexplore.exe: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] -> HKLM\Software\...\AppCompatFlags\Custom\software_removal_tool.exe: [{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb] -> HKLM\Software\...\AppCompatFlags\Custom\software_reporter_tool.exe: [{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb] -> GroupPolicy: Restriction ? <==== ATTENTION FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION CHR HKU\S-1-5-21-3615462294-2877540407-2494349180-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION Task: {0590680B-7BC2-4685-8A1B-86722DE787EB} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION Task: {0C7AC884-8E72-43B6-8AF2-12C959BA6174} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316} Task: {0ED1F4C2-82F7-4661-91DF-D29E9F9DE133} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {1696F9DC-F213-4601-BF66-0E3409A15471} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {178AC129-E863-4801-A8E2-886E6FE8EECF} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {2705A2A9-8BFE-4377-9320-0ABCA024C5C7} - System32\Tasks\Online Application V2G6 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [199864 2017-11-02] (MICROLEAVES LTD -> ) <==== ATTENTION Task: {30015613-8ECD-4B1B-8A99-0C33046A9C06} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61} Task: {41E4C846-C0AC-48D9-88DC-5BD6D61744AC} - System32\Tasks\{88FD7D18-8FFE-498E-B892-FB3C5F00CFE7} => C:\Windows\system32\pcalua.exe -a C:\Users\User\Downloads\chromeinstall-8u45.exe -d C:\Users\User\Downloads Task: {427D630B-4E86-475D-98A7-496359AAAD36} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB} Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A} Task: {62F2C4EA-7BAE-4890-8FEC-AB5FEECA9101} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1} Task: {655F87E0-97F8-4DD5-B62A-0ED386F00058} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {6831C10D-B5AB-4D70-B866-68DB9259E8B1} - System32\Tasks\{700E24ED-628E-45AF-9AD4-F3D145A630D4} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty 4\pbsetup.exe" -d "C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty 4" Task: {81985162-81DE-429C-911E-EC973933C56E} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969} Task: {82C7ABAA-C83E-4898-881E-7F2C23C194A0} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {8F4F5D57-A813-493A-B4CD-EE936FE9046A} - System32\Tasks\Online Application V2G4 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [199864 2017-11-02] (MICROLEAVES LTD -> ) <==== ATTENTION Task: {9AA81D01-C256-4964-81F4-150B44E103E1} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [199864 2017-11-02] (MICROLEAVES LTD -> ) <==== ATTENTION Task: {9AB79D83-08C6-4FB1-A448-D57D75EBD60F} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E} Task: {AAC2CF52-65BF-4FD9-B39E-08011CEA28BC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371} Task: {B343C0EA-44D7-4C59-985F-772F8FF7DFD0} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {C039993C-0E13-4018-9267-3841570C04A2} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {C1E4A1DA-54B3-442C-852C-447E21F9894F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {C47A76A5-7DCC-4726-8997-6033444F2326} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [199864 2017-11-02] (MICROLEAVES LTD -> ) <==== ATTENTION Task: {C8EEDA29-3575-4D61-8744-8F86DAC9374C} - System32\Tasks\qmxggvjmvfczw => msiexec.exe /quiet /i "C:\Users\User\AppData\Roaming\jwonaylbydqr\wircouaracpcyie.msi" WEBID=STAGE2_PM_P1 TKNME=qmxggvjmvfczw Task: {E2E0DF33-6EE8-49B8-81D6-89666D676BD6} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION Task: {E628051F-3B5B-4606-9430-5DC75892BADE} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {E6546341-5E14-4C0C-869C-C7C1EC4E6591} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [908144 2017-11-02] (MICROLEAVES LTD -> Microleaves) <==== ATTENTION Task: {E8EECCC8-007D-480B-93A3-A8A51DE4C27A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {EB24E5B4-3DB4-4D3F-8E34-5B26FBD78AAF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {F9D52545-D922-4826-83EB-9D37D817E3F6} - System32\Tasks\metwsvdadkuuras => msiexec.exe /quiet /i "C:\Users\User\AppData\Roaming\jwonaylbydqr\wircouaracpcyie.msi" WEBID=STAGE2_PM_P1 TKNME=metwsvdadkuuras Task: {F9E66F42-44D7-4940-88C4-AB9F0931A272} - System32\Tasks\Format Factory => C:\Users\User\AppData\Local\Temp\is-NRGA7.tmp\prsetup.exe <==== ATTENTION Task: {FA81AE38-395F-4D4F-A660-46A4719877A3} - System32\Tasks\Online Application V2G5 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [199864 2017-11-02] (MICROLEAVES LTD -> ) <==== ATTENTION Task: {FF32AF3E-7DCF-40AF-ABE8-3CCEED1E224B} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [199864 2017-11-02] (MICROLEAVES LTD -> ) <==== ATTENTION Task: C:\WINDOWS\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\Online Application V2G4.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\Online Application V2G5.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\Online Application V2G6.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = S2 WIFIService; C:\ProgramData\WIFIService\WIFIService.exe [X] <==== ATTENTION R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [270608 2017-12-21] (Beijing Duodian Online Science and Technology Co.,Ltd -> BigNox Corporation) 2019-09-19 08:53 - 2019-09-19 08:53 - 000004036 _____ C:\WINDOWS\System32\Tasks\qmxggvjmvfczw 2019-09-19 08:53 - 2019-09-19 08:53 - 000003336 _____ C:\WINDOWS\System32\Tasks\metwsvdadkuuras 2019-09-19 08:48 - 2019-09-19 08:55 - 000000362 _____ C:\WINDOWS\Tasks\Online Application V2G6.job 2019-09-19 08:48 - 2019-09-19 08:55 - 000000362 _____ C:\WINDOWS\Tasks\Online Application V2G5.job 2019-09-19 08:48 - 2019-09-19 08:55 - 000000362 _____ C:\WINDOWS\Tasks\Online Application V2G4.job 2019-09-19 08:48 - 2019-09-19 08:55 - 000000362 _____ C:\WINDOWS\Tasks\Online Application V2G3.job 2019-09-19 08:48 - 2019-09-19 08:55 - 000000362 _____ C:\WINDOWS\Tasks\Online Application V2G2.job 2019-09-19 08:48 - 2019-09-19 08:55 - 000000362 _____ C:\WINDOWS\Tasks\Online Application V2G1.job 2019-09-19 08:48 - 2019-09-19 08:48 - 000003252 _____ C:\WINDOWS\System32\Tasks\Online Application V2G6 2019-09-19 08:48 - 2019-09-19 08:48 - 000003252 _____ C:\WINDOWS\System32\Tasks\Online Application V2G5 2019-09-19 08:48 - 2019-09-19 08:48 - 000003252 _____ C:\WINDOWS\System32\Tasks\Online Application V2G4 2019-09-19 08:48 - 2019-09-19 08:48 - 000003252 _____ C:\WINDOWS\System32\Tasks\Online Application V2G3 2019-09-19 08:48 - 2019-09-19 08:48 - 000003252 _____ C:\WINDOWS\System32\Tasks\Online Application V2G2 2019-09-19 08:48 - 2019-09-19 08:48 - 000003252 _____ C:\WINDOWS\System32\Tasks\Online Application V2G1 2019-09-19 08:48 - 2019-09-19 08:48 - 000000000 ____D C:\Users\User\AppData\Roaming\Microleaves 2019-09-19 08:48 - 2019-09-19 08:48 - 000000000 ____D C:\Users\User\AppData\Local\AdvinstAnalytics 2019-09-19 08:48 - 2019-09-19 08:48 - 000000000 ____D C:\Program Files (x86)\Microleaves 2019-08-29 17:30 - 2019-08-29 17:31 - 000002424 _____ C:\WINDOWS\System32\Tasks\{AEB0B1A2-83B5-40DE-A0DB-CEAED321E4AC} 2019-08-29 17:30 - 2019-08-29 17:31 - 000002424 _____ C:\WINDOWS\System32\Tasks\{700E24ED-628E-45AF-9AD4-F3D145A630D4} 2019-08-29 17:30 - 2019-08-29 17:31 - 000002274 _____ C:\WINDOWS\System32\Tasks\{F671ACEE-123F-402D-9569-6FA78514D210} 2019-08-29 17:30 - 2019-08-29 17:30 - 000002290 _____ C:\WINDOWS\System32\Tasks\{88FD7D18-8FFE-498E-B892-FB3C5F00CFE7} 2019-08-29 17:30 - 2019-08-29 17:30 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software 2019-08-29 17:30 - 2019-08-29 17:30 - 000000000 ____D C:\WINDOWS\System32\Tasks\{05393A74-2FD4-D7CB-9F69-4E99F3F244C5} 2019-08-30 03:58 - 2016-10-21 01:03 - 000000000 ____D C:\WINDOWS\system32\3b2af1a12ea79bc2e1bf91..bin 2019-08-30 03:58 - 2016-10-15 17:41 - 000000000 ____D C:\WINDOWS\system32\ÿÿÿÿÿÿÿÿq 2019-08-30 03:58 - 2016-10-15 17:41 - 000000000 ____D C:\WINDOWS\system32\47735563807a935c5e6eed..bin 2019-08-30 03:58 - 2016-10-03 01:11 - 000000000 ____D C:\WINDOWS\system32\ÿÿÿÿÿÿÿÿ8 C:\Users\User\AppData\Roaming\jwonaylbydqr\wircouaracpcyie.msi C:\Users\User\AppData\Roaming\jwonaylbydqr C:\Program Files (x86)\OLBPre\OLBPre.exe C:\Program Files (x86)\OLBPre C:\Users\User\AppData\Local\Temp\is-NRGA7.tmp\prsetup.exe C:\Users\User\AppData\Local\Temp\is-NRGA7.tmp HKU\S-1-5-21-3615462294-2877540407-2494349180-1000\...\ChromeHTML: -> <==== ATTENTION ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No FileClose Notepad. NOTE: It's important that both files, FRST64, and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST64 and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply. NOTE: If the tool warns you about an outdated version please download and run the updated version.
  7. Yesterday
  8. Hello, Is it possible to get some help here as well please? Reading previous posts, i already run Farbar as instructed, please some help on how to proceed if possible! Thanks in advance, Makis FRST.txt Addition.txt
  9. im having a problem removing some malware atleast your software said its malware ( Wmpshare.exe, Dismhost.exe, Odb32.exe ) Im working with the new 10 pro version 1903 build 18362.356
  10. Hello @Kushela Attach a ransom note, so that we can take a look at your ID and check out yet another way to decrypt the files.
  11. Hello @Richard Attach a ransom note, so that we can take a look at your ID and check out yet another way to decrypt the files.
  12. Hello @dinh Attach a ransom note, so that we can take a look at your ID and check out yet another way to decrypt the files.
  13. Ah, there you go! So, AdGuard themselves are trying to fix the error and are already testing the beta version with corrections! Thanks for the information! I'll wait for the final release)
  14. See here for hotfix https://adguard.com/en/versions/windows/beta.html#version-722936
  15. Hello all! It's about the AdGuard program. A few days ago, the program was updated to version 7.2. In this version - AdGuardAssistent does not work in any browser! (Edge, IE, Fx, Chrome). This problem is associated (including AdGuard developers) with possible incompatibility with EAM. https://github.com/AdguardTeam/AdguardForWindows/issues/2957 Is this really so? They recommend disabling the WFP driver. But then there is no filtering in IE and Edge ... I had to install the previous version, 7.1 and work with it. Everything is in order here! What is the problem? Really in incompatibility? When can I wait for corrections and from which manufacturer? Now Windows 10 Pro x64😉
  16. Hi GT500 I got the update via the stable feed and so far so good. Regards
  17. Some banks use phone numbers to send an SMS code to... and they tend to provide a choice of numbers - typically "home", "work" & "mobile" - though they can be anything and their three labels are irrelevant. But at least there's some resilience if, say, one phone network is unavailable. How difficult would it be for the Emsisoft code to support use of an alternate pre-defined email address? After all, email is not by any means 100% reliable. Also, do Emsisoft have any monitored checking that their email-sending code (or the providers they use) is still working? What happens if the SMTP server they use ends up on a blacklist?
  18. GT500 already answered you. I agree.
  19. Thank you for answer I will wait to find a solution
  20. Yea maybe good question. Since the new version updates files in Program Files and or/(86x) and the new version of 1903 does the same something could have been conflicted. I appreciate the feedback. I'm glad its fixed.
  21. That's understandable. Hopefully it, and other authenticator apps, are something we can add support for soon.
  22. Dịch. That is more than likely a variant of the STOP/Djvu ransomware. You may verify that using ID Ransomware if you'd like to: https://id-ransomware.malwarehunterteam.com/ Important: STOP/Djvu now installs the Azorult trojan as well, which allows it to steal passwords. It is imperative that you change all passwords (for your computer and for online services you use) once your computer is clean. Also note:While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: If anything that appears suspicious is found in your logs, then your post will be moved into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it.
  23. That means the ransomware was able to connect to its command and control servers when it infected your computer, and so an online ID and key were created to encrypt your files. There's no way to decrypt your files right away, however if you give us some time then hopefully we'll be able to do something for you.
  24. At first glance I don't see an active infection in the FRST logs. I do see pirated software in them however, which I highly recommend removing ASAP. Pirated software (or even fake movie and/or music downloads) are the main source of STOP/Djvu infections.
  25. GT, thanks for that. I am sure we will be allright and there is no need to go through support in this case. I will have a look at the options to set up additional users with their own log in - it will only be two, so either way I can live with it. Just wondered about google authenticator - I was initially sceptical about that but now find it very easy to use and so far very reliable.
  26. At the moment we don't have that option. It's possible it may be added in the future, as it would certainly be ideal to have more than one method for better flexibility. That option was removed. There are too many bots attempting automated logins with stolen credentials, and too many people who still reuse the same login information on multiple websites. Since we expect most people would simply turn off Two-Factor Authentication and open their accounts for compromise, we decided to remove it from the settings to prevent this from happening. You may want to consider having each member of your team who needs access to your workspace in MyEmsisoft creating an account, and then inviting those accounts to the workspace where you can manage them (in the settings for the workspace): https://help.emsisoft.com/en/2323/emsisoft-cloud-console-user-guide/#inviteusers If it's absolutely imperative to turn off Two-Factor Authentication, then please send our support team an e-mail from the e-mail address associated with the account that needs Two-Factor Authentication disabled, and be sure to let them know why. Keep in mind though that we normally only do this when someone can't log in to their account at all.
  1. Load more activity
  • Who's Online   0 Members, 0 Anonymous, 34 Guests (See full list)

    There are no registered users currently online

  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up