Jump to content

My laptop has .koom


Recommended Posts

My personal files have .koom as an extension, along with viruses. Luckily my first attention was the viruses since they can spread, and I cleared all if not most of them. Afterwards, my worries lied upon the .koom files. When I used the STOP djvu decrypter tool it shown: 

 Notice: this ID appears be an offline ID, decryption MAY be possible in the future 

I know that indicates the ID key isn't discovered yet, and so I went here to ask for some support, tips and also to show the ID to maybe help with you guys to find the key for it.

Here's the ID: 99p8vN1UYnRVfJrLk31VTLd69Ni5b0ex99QMQKt1

Thanks in advanced!

Link to comment
Share on other sites

Hello @DrpepperTaco,

 

Welcome to the Emsisoft Support Forums.

 

I understand it is frustrating, but currently, we cannot decrypt files with an Offline-ID that we do not have the Private Encryption Key in our Database.

 

Please read this Topic. It contains information about your situation and whether or not your files can be decrypted.

https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Link to comment
Share on other sites

Thanks for the info!

I noticed that whenever I open task manager it says 100%, then when loaded (takes a sec) it goes back down to around 10-20%. The sound my laptop makes also goes down, too. Is this normal?

Also I have suspicion that some Windows services may be tampered with a virus of some sort. Especially Anti Malware Service Executable (task manager says the exe is MsMpEng.exe. Also this file is located in:

C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0.

Instead of: C:\Program Files\Windows Defender which I found where the exe normally is in tutorial videos.

This task seems to eat up most of my memory/ram. Which is around 60-70% when I have Brave open, 50% idle. Normally its around 20% before. (My ram size is 8gb.)

I also noticed that turning on my laptop itself seems to be slower than before. It also shows a black screen with the cursor movable, which I haven't seen before, too.

I ran Malwarebytes 4 times, first scan shown 180 viruses and such, second scan shown 30-50 (can't remember), third scan shown 10, and finally the last scan shown none. All of which it scanned I quarantined and deleted. It also seems to pick up some .tmp file in my temp folder for the last 2 scans.

In Windows Defender, I noticed that there were allowed threats. When I went to disallow all of them they kept coming back to that tab.

Photos are here:

image.thumb.png.fe1a7ae967da14d1140f3a26abf6c7d1.png image.thumb.png.ed1307464e3232af96944852d5fc0cfc.png

I'm pretty worried about my laptop's status, so maybe some help would be great!

Thanks in advanced again!

Link to comment
Share on other sites

Please read the entire instructions below. Yes, they are a bit lengthy and contain necessary administrative instructions as well as technical instructions.

 

 

All users of the Emsisoft Support Forums who are in need of Malware Removal assistance are required to complete the procedures listed below:

 

NOTE: You will want to print these instructions for reference, as you will perform all scans with all browsers closed.

 

The majority of our support staff work Monday-Friday. We try very hard to answer all posts within 24-hours of the posting, but be aware that if you post anytime in the late afternoon or evening on Friday, or anytime on Saturday or Sunday, you will not receive an answer until Monday. Also, be aware that our support technicians may not be in the same time zone as you, therefore there could be several hours difference between when you post and the technician working your support case is available.

 

The below guidelines are for the Help, my PC is infected! Support Forum. They are intended to help you provide the technician, working your thread, with enough information to start formulating a plan to clean your machine; and for you to leave the Emsisoft Support Forums with a safe, secure, functioning computer.

  • Emsisoft does not condone the use of Pirated/Illegal software. If such software is found on your computer, the technician assisting you will insist that the Pirated/Illegal software be removed.
  • We insist that anyone receiving help, here at the Emsisoft Support Forums, install an Anti-Malware program at a minimum to protect their system.
  • Start only one thread requesting help. Keep all your questions in your thread. DO NOT start a new topic.
  • If you don't know, stop and ask! Don't keep going on.
  • Continue to respond until you are given "All Clear" (Just because you can't see a problem doesn't mean it isn't there)
  • Once your case has been solved, the thread will be closed.
  • Your thread will be closed after 72-hours of no activity.
  • DO NOT use any form of Haxor, Leetspeak, Netspeak, IM speak and such in any postings on this forum. Use only proper spelling, grammar, punctuation, and capitalization. The more time the person helping you has to spend trying to figure out what you are saying, the longer it will take them to formulate a response.
  • DO NOT post any logs without first completing the steps in this guide, they will be deleted.
  • DO NOT copy and paste logs into your threads. All logs are to be attached to your post.

 

Download to your Desktop:

 

NOTE: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

NOTE: If you are unable to download the tools from the infected system, the tools can be saved to and run from a USB flash drive.

 

All scans are to be run in Normal Mode.

 

WARNING: The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on a system, other than the one they were written for, could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

 

Let's get started:

 

  • Install and Run Emsisoft Emergency Kit (EEK):

 

IMPORTANT If you have Emsisoft Anti-Malware (EAM) Installed do not install and use EEK. Instead run a custom scan with EAM and provided the EAM Scan report.

 

    • Double click EmergencyKitScanner.exe to install EEK
    • When the installation of EEK is complete the Emergency Kit scanner will run. NOTE: Make sure to enable PUPs detection.
    • Click "Yes" to Update Emsisoft Emergency Kit
    • Under "Scan" click-on "Malware Scan". IMPORTANT: Do not quarantine or delete anything. We just want the scan log without anything being quarantined or deleted.
    • Save the scan log somewhere that you can find it.
    • Exit Emsisoft Emergency Kit.
  • Run Farbar Recovery Scan Tool (FRST):
    • Double-click to run it. When the tool opens click Yes to the disclaimer. NOTE: DO NOT change any of the default settings. If you do we will just close your logs and ask for new ones ran with FRST's default settings.
    • Press the Scan button.
    • Farbar Recovery Scan Tool will produce the following logs:
      • FRST.txt
      • Addition.txt
  • Attach the following logs to your reply:
    • Emsisoft Emergency Kit log (C:\EEK\Reports)
    • FRST.txt
    • Addition.txt

 

IMPORTANT NOTE: Any logs that are copied and pasted to a post will be removed from the post without being read. Do not alter or change the logs in any way.

 

Once a Malware Removal Specialist has replied to your request for malware removal, they will handle your case from start to finish. You will have 72 hours to reply to any instructions given by the Malware Removal Specialist handling your case. Failure to comply with requests for information or instructions from the Malware Removal Specialist handling your case will result in the locking of your thread.

Link to comment
Share on other sites

 

Copy the below code to NotepadSave As fixlist.txt to your Desktop.

 

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {3A8AF384-D7BC-4A47-A22E-423DBF5B7F07} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\SystemInfoTool => C:\Users\Admin\AppData\Roaming\\sysinfotool\\sitool.exe <==== ATTENTION
Task: C:\Windows\Tasks\sgurMlpOGLjSCIOLH.job => C:\Windows\Temp\HJzgJQmvLHwsRJNb\dXEPCcXYCEWEYPo\utxFwiL.exe
S2 AppServicea; C:\Windows\system32\1WVV0R7I3W.tmp [6144 2021-09-29] (Microsoft Corporation) [File not signed] <==== ATTENTION
R1 webshieldfilter; C:\Windows\System32\drivers\webshieldfilter.sys [96264 2020-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) <==== ATTENTION
S3 bntap; \SystemRoot\System32\drivers\bntap.sys [X]
S1 cUots6f; \??\C:\Users\Admin\AppData\Roaming\cUots6f.sys [X]
S3 klupd_a21d9ecfa_arkmon_58F37976; \??\C:\logs\tron\raw_logs\Temp\58F379760B519E358F7C46FF4D7FB49E\klupd_a21d9ecfa_arkmon.sys [X]
S3 MpKslcdff6bed; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A89201E9-5B54-4D2F-A0C0-39BD4F44AF28}\MpKslDrv.sys [X]
S3 semav6msr64; \??\C:\Windows\system32\drivers\semav6msr64.sys [X]
2021-09-28 20:19 - 2021-09-29 21:53 - 000006144 _____ (Microsoft Corporation) C:\Windows\system32\1WVV0R7I3W.tmp
2021-09-23 10:03 - 2021-09-23 20:37 - 000000460 _____ C:\Windows\Tasks\sgurMlpOGLjSCIOLH.job
2021-09-23 09:44 - 2021-09-23 09:44 - 000000000 _____ C:\Program Files (x86)\temp_files
2021-09-23 09:42 - 2021-09-23 20:28 - 000000000 ____D C:\Program Files (x86)\uScDaUf
2021-09-23 05:40 - 2021-09-24 18:30 - 000000000 ____D C:\Program Files (x86)\zMtoClwRWC
2021-09-23 05:17 - 2021-09-25 14:33 - 000000000 ____D C:\Users\Admin\AppData\LocalLow\uS0wV5wY9qH3
2021-09-23 05:17 - 2021-09-23 05:51 - 006826592 ____N C:\Windows\system32\Drivers\21nQ8y3kf0E.sys
2021-09-23 05:17 - 2021-09-23 05:18 - 000000000 ____D C:\Windows\SysWOW64\WinOpcIrmProtector
2021-09-23 05:13 - 2021-09-24 18:28 - 000000000 ____D C:\Program Files (x86)\Company
2021-09-23 05:12 - 2021-09-25 19:41 - 000000000 ____D C:\ProgramData\ZS7US2AUVTUPNAQAUQUL9GCRI
2021-09-23 09:44 - 2021-09-23 09:44 - 000000000 _____ () C:\Program Files (x86)\temp_files
2021-09-29 21:54 C:\Windows\system32\config\SYSTEM
2021-09-23 05:51 C:\Windows\system32\Drivers\21nQ8y3kf0E.sys
CustomCLSID: HKU\S-1-5-21-2102723078-641696285-197280854-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2102723078-641696285-197280854-1001_Classes\CLSID\{20894375-46AE-46E2-BAFD-CB38975CDCE6}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2102723078-641696285-197280854-1001_Classes\CLSID\{47E6DCAF-41F8-441C-BD0E-A50D5FE6C4D1}\localserver32 -> "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\Microsoft.SharePoint.exe" => No File
CustomCLSID: HKU\S-1-5-21-2102723078-641696285-197280854-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2102723078-641696285-197280854-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2102723078-641696285-197280854-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2102723078-641696285-197280854-1001_Classes\CLSID\{917E8742-AA3B-7318-FA12-10485FB322A2}\localserver32 -> "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\Microsoft.SharePoint.exe" => No File
CustomCLSID: HKU\S-1-5-21-2102723078-641696285-197280854-1001_Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2102723078-641696285-197280854-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2102723078-641696285-197280854-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2102723078-641696285-197280854-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2102723078-641696285-197280854-1001_Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2102723078-641696285-197280854-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2102723078-641696285-197280854-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
CustomCLSID: HKU\S-1-5-21-2102723078-641696285-197280854-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncShell64.dll -> No File
ContextMenuHandlers1_S-1-5-21-2102723078-641696285-197280854-1001: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncShell64.dll -> No File
ContextMenuHandlers4_S-1-5-21-2102723078-641696285-197280854-1001: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncShell64.dll -> No File
ContextMenuHandlers5_S-1-5-21-2102723078-641696285-197280854-1001: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncShell64.dll -> No File
AlternateDataStreams: C:\Users\Admin:.repos [1036]
HKLM\...\.scr: SageThumbsImage.scr => "%1" /S <==== ATTENTION
HKU\S-1-5-21-2102723078-641696285-197280854-1001\...\StartupApproved\Run: => "wwbmzkcn"
FirewallRules: [{D2F56F87-AE45-43F4-AAE4-9A7B5132787C}] => (Allow) C:\Program Files\Pioneer\rekordbox 6.5.1\rekordboxAgent-win32-x64\rekordboxAgent.exe => No File
FirewallRules: [TCP Query User{43E59A00-2403-4127-B16C-495D22186F26}C:\users\admin\appdata\local\programs\opera gx\75.0.3969.259\opera.exe] => (Block) C:\users\admin\appdata\local\programs\opera gx\75.0.3969.259\opera.exe => No File
FirewallRules: [UDP Query User{D16447B9-0396-441B-88F6-FD21590BE99C}C:\users\admin\appdata\local\programs\opera gx\75.0.3969.259\opera.exe] => (Block) C:\users\admin\appdata\local\programs\opera gx\75.0.3969.259\opera.exe => No File
FirewallRules: [TCP Query User{29B67B9D-6195-408E-9A6C-F776C26683C1}C:\users\admin\appdata\local\programs\opera gx\75.0.3969.267\opera.exe] => (Allow) C:\users\admin\appdata\local\programs\opera gx\75.0.3969.267\opera.exe => No File
FirewallRules: [UDP Query User{66452437-417B-4071-B2E3-2AF032DAB077}C:\users\admin\appdata\local\programs\opera gx\75.0.3969.267\opera.exe] => (Allow) C:\users\admin\appdata\local\programs\opera gx\75.0.3969.267\opera.exe => No File
FirewallRules: [TCP Query User{6EAE9B26-6264-43A4-9E75-4D5E09FA3E78}C:\users\admin\appdata\local\programs\opera gx\75.0.3969.279\opera.exe] => (Allow) C:\users\admin\appdata\local\programs\opera gx\75.0.3969.279\opera.exe => No File
FirewallRules: [UDP Query User{AF1A9F4F-F949-47D5-9E3A-8675C691944C}C:\users\admin\appdata\local\programs\opera gx\75.0.3969.279\opera.exe] => (Allow) C:\users\admin\appdata\local\programs\opera gx\75.0.3969.279\opera.exe => No File
FirewallRules: [TCP Query User{98CD633C-C6F7-4D1A-8F84-A4FA98B0A25C}C:\program files (x86)\steam\steamapps\common\team comtres 2\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\team comtres 2\hl2.exe => No File
FirewallRules: [UDP Query User{EFD86E61-E8EB-471C-B786-F9117C92095D}C:\program files (x86)\steam\steamapps\common\team comtres 2\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\team comtres 2\hl2.exe => No File
FirewallRules: [TCP Query User{FBF8D4D7-0902-4092-81B9-51BF7EEFF971}C:\program files (x86)\steam\steamapps\common\team comtress 2\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\team comtress 2\hl2.exe => No File
FirewallRules: [UDP Query User{C620A1EE-875A-429E-9E04-77DD49D39478}C:\program files (x86)\steam\steamapps\common\team comtress 2\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\team comtress 2\hl2.exe => No File
FirewallRules: [TCP Query User{C69DF5CE-5360-4470-88C0-E164BFFAC1C5}C:\program files (x86)\steam\steamapps\common\team comtress 2\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\team comtress 2\hl2.exe => No File
FirewallRules: [UDP Query User{9FD94B01-00BB-41C7-AD88-9E0C803C33D0}C:\program files (x86)\steam\steamapps\common\team comtress 2\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\team comtress 2\hl2.exe => No File
FirewallRules: [{70DB0657-79CC-42A9-86AE-943AE27478A7}] => (Allow) C:\Program Files (x86)\Stea
FirewallRules: [TCP Query User{87380B3B-B7F6-466D-BA33-3A7AC449EE84}C:\emulators\fightnightrpcs3\rpcs3.exe] => (Allow) C:\emulators\fightnightrpcs3\rpcs3.exe => No File
FirewallRules: [UDP Query User{5AA7F79D-44F7-452A-8467-3F898B029E12}C:\emulators\fightnightrpcs3\rpcs3.exe] => (Allow) C:\emulators\fightnightrpcs3\rpcs3.exe => No File
FirewallRules: [TCP Query User{7250150E-1A69-4B19-9CBF-F49C9C3B1B21}C:\emulators\wariofallingdownacliff\rpcs3.exe] => (Allow) C:\emulators\wariofallingdownacliff\rpcs3.exe => No FileC:\Windows\System32\Drivers\21nQ8y3kf0E.sys
C:\Program Files (x86)\Company
C:\Windows\system32\1WVV0R7I3W.tmp
C:\Windows\Temp\HJzgJQmvLHwsRJNb\dXEPCcXYCEWEYPo\utxFwiL.exe
C:\Windows\Temp\HJzgJQmvLHwsRJNb\dXEPCcXYCEWEYPo
C:\Windows\Temp\HJzgJQmvLHwsRJNb
C:\Windows\Tasks\sgurMlpOGLjSCIOLH.job
FirewallRules: [UDP Query User{91111729-585D-44D8-AFC8-8433C5E32133}C:\emulators\wariofallingdownacliff\rpcs3.exe] => (Allow) C:\emulators\wariofallingdownacliff\rpcs3.exe => No File
FirewallRules: [TCP Query User{9D42C1DC-4741-43EF-9932-B4CF13FDC3C3}C:\arcade centre\retro arcade 2\collections\ringedge\roms\mario kart dx\amcus\amauthd.exe] => (Allow) C:\arcade centre\retro arcade 2\collections\ringedge\roms\mario kart dx\amcus\amauthd.exe => No File
FirewallRules: [UDP Query User{E67074D7-94C2-4C8D-85A4-35626319372E}C:\arcade centre\retro arcade 2\collections\ringedge\roms\mario kart dx\amcus\amauthd.exe] => (Allow) C:\arcade centre\retro arcade 2\collections\ringedge\roms\mario kart dx\amcus\amauthd.exe => No File
FirewallRules: [TCP Query User{783AF365-2D10-4218-A9BA-E1C2E3126EB7}C:\arcade centre\retro arcade 2\collections\ringedge\roms\mario kart dx\amcus\muchabin\muchacd.exe] => (Allow) C:\arcade centre\retro arcade 2\collections\ringedge\roms\mario kart dx\amcus\muchabin\muchacd.exe => No File
FirewallRules: [UDP Query User{CE9B90EE-C664-437B-9701-5490C5303EE1}C:\arcade centre\retro arcade 2\collections\ringedge\roms\mario kart dx\amcus\muchabin\muchacd.exe] => (Allow) C:\arcade centre\retro arcade 2\collections\ringedge\roms\mario kart dx\amcus\muchabin\muchacd.exe => No File
FirewallRules: [TCP Query User{60E2E1F4-B5D4-4DD0-BDD6-ECA3565886BA}C:\arcade centre\retro arcade 2\collections\ringedge\roms\mario kart dx\mk_agp3_final.exe] => (Allow) C:\arcade centre\retro arcade 2\collections\ringedge\roms\mario kart dx\mk_agp3_final.exe => No File
FirewallRules: [UDP Query User{92D75963-097A-4384-A1F2-19BF9D0F5EF8}C:\arcade centre\retro arcade 2\collections\ringedge\roms\mario kart dx\mk_agp3_final.exe] => (Allow) C:\arcade centre\retro arcade 2\collections\ringedge\roms\mario kart dx\mk_agp3_final.exe => No File
FirewallRules: [{D8F3DD9B-2DE9-4FED-A2F9-5BC72879CFC5}] => (Allow) C:\Program Files (x86)\MaskVPN\mask_svc.exe => No File
FirewallRules: [{08B8B2F3-7873-441E-AD93-7B3852D86858}] => (Allow) C:\Program Files (x86)\MaskVPN\MaskVPN.exe => No File
FirewallRules: [{A673D187-B7CA-4B08-A8D5-E486BCBC2348}] => (Allow) C:\Program Files (x86)\MaskVPN\MaskVPNUpdate.exe => No File
FirewallRules: [{79DBAC81-F218-40B6-B326-521C8A2622DF}] => (Allow) C:\Program Files (x86)\MaskVPN\tunnle.exe => No File
FirewallRules: [{E11DF16B-801A-43E8-A92A-A409EAD3707F}] => (Allow) C:\Users\Admin\Downloads\4ddig-for-windows.exe => No File
FirewallRules: [{FE50983E-8752-43C7-8197-5E286DEBD3C6}] => (Allow) C:\Users\Admin\Downloads\4ddig-for-windows.exe => No File
FirewallRules: [{58BCCFBF-EE2E-4FBE-923D-6CE9F597EC5D}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\Tenorshare 4DDiG.exe => No File
FirewallRules: [{DD593CF8-2125-40E2-9B77-78EDE5684659}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\Tenorshare 4DDiG.exe => No File
FirewallRules: [{A05BC25B-18F6-4195-A8DA-741AC7DEA4F9}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\NetFrameCheck.exe => No File
FirewallRules: [{05B4C8CA-7F5B-4A18-915D-DA8CE51151FB}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\NetFrameCheck.exe => No File

 

 

Close Notepad.

 

NOTE: It's important that both files, FRST, and fixlist.txt are in the same location or the fix will not work.

 

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

 

IMPORTANT: Save all of your work, as the next step may reboot your computer.

 

Run FRST and press the Fix button just once and wait.

 

If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart.

 

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

 

NOTE: If the tool warns you about an outdated version please download and run the updated version.

 

Also, let me know how the machine is running now, and what remaining issues you've noticed.

Link to comment
Share on other sites

Fixlog.txtOk so I noticed some good differences after the fixlist thing esspecially the fan. So I think this did eliminate all if not most of my problems to thanks! One thing im a little concerned about is the file 1WVV0R7I3W.tmp.

Before when I was using Malwarebytes to scan a day after the ransomware attack, I noticed it kept picking up this file in the temp folder, after some time it moved to the system32 folder. Idk if this is a normal thing or a persistent virus or something like that.

What I'm surpised with is that the irremovable allowed threats tab is empty in Windows Defender, which I am really happy with. Coming to think of it, the lowwered fan noise along with the threats gone, (aside with maybe the 1WVV0R7I3W.tmp file maybe) I think this about resolved my issue.

Also one thing that sort of concerned me is that after the Windows logo when I boot up the laptop, it goes black for a few seconds (20-40 seconds aprox) then gets to the log in screen. I'm not sure if thats malware related or probably Malwarebytes has to do with anything about this because after the windows logo (which goes on for 20-30 secs), it goes straight to the log in screen.

But aside of that, thanks a ton! Although maybe comment on the tmp file and the boot up concern. (also here's this fixlog)

Link to comment
Share on other sites

EDIT: The high cpu and disk usage unless I open the task manager still persists, and I noticed the fan noise starts to dip down when I open task manager. Any help about this?

Another thing that I'm concerned about are these tasks:

image.png.d99e14ee0ced1c25bbbef1d754b3b4ca.png

image.png.32e2b1e63bf0949569fff242ee229ac0.png

image.png.adcac7528b2ce2aa21b649ac5aca853a.png

image.png.45707e11ec96ea4733fcc4d4ba68e574.png

Brave software update seems to be open even if I have brave off

Whenever I close click to run it keeps opening again

Antimalware service executable seems to consume lots of memory

Link to comment
Share on other sites

Changing tools.

 

Download AdwCleaner and save it to your desktop.

  • Right-click AdwCleaner.exe and select Run as Administrator.
  • Read and accept the End User License Agreement.
  • Press the Scan Now button and wait for it to complete.
  • A window titled Scan Results will open.
  • Select Cancel.
  • Click the Log Files button on the left pane.
  • Double-click the newest log file to open it in Notepad. (AdwCleaner[Sxx].txt, where x is replaced by a number)
  • Attach the scan log to your next reply.

 

Note: the AdwCleaner log is also saved to C:\AdwCleaner\Logs\AdwCleaner[Sxx].txt

Link to comment
Share on other sites

Ok so calling back and the 'high cpu unless I open task manager' still persists (which I'm concerned about out of others). Also I noticed that 2 Microsoft office click to run tasks are running at the same time. One has high disk usage but the other is normal. It appears whenever I turn on my laptop and open task manager but after a while it disappears. Relating to this I found a recent installation of 'Microsoft 665 Apps for enterprise - en-us' in control panel -> uninstall or change a program. IDK if this is a virus or not so let me now. 

Another thing that still goes on is the start up. Like I said before it, whenever I turn on my laptop it displays a black screen for around a minute or so after the windows logo shows up. Like I said again I haven't seen this before I was infected so some feedback or info about that would be great too.

Also the 1WVV0R7I3W.tmp file keeps appearing in system32 folder, so AdwCleaner didn't fix that but I think there might be ways of permanently removing that.

Out of all, the task manager high cpu thing bothers me the most. I don't think its just task manager loading in and displaying random digits until it generates the correct percentages because I could hear the fan dip down whenever I open task manager. 

But aside of that the laptop's been running well after the AdwCleaner so thanks for that! 

EDIT: I noticed my laptop's fan bumped up its noise 5-6 minutes after start up.

Link to comment
Share on other sites

Uninstall 'Microsoft 665 Apps for enterprise, there in no such thing.

Sometimes removing malware from an infected systems can be difficult and downright frustrating.

Changing tools.

Download RogueKiller from https://www.fosshub.com/RogueKiller.html and save it to your desktop.

  • Double-click on setup.exe to install RogueKiller.

 

Close all programs and disconnect any USB or external drives before running the tool.

 

  • Right-click RogueKiller.exe and select Run As Administrator to run the tool.
  • Once the Prescan has finished, click Scan.
  • Once the Status box shows "Scan Finished", click on the "Report" button and attach the scan log to your reply.
Link to comment
Share on other sites

Ok so i've done that. So far I don't see any changes so the 'high cpu unless i open task manager' issue is still there, 1WVV0R7I3W.tmp is still appearing in System32 folder, etc... 

I was planning on running Tronscript which I found out about from this video: 

 

But before I do that it might be better to continue with this.

Also Microsoft Defender picked up the _readme.txt files from the ransomware as a virus, this didnt happen before so I'm assuming something changed/happened with those .txt files that I don't know of. 

Another thing I did just recently was executing the 'scf /scannow' script to Command Prompt. After the scan it says:

"Windows Resource Protection found corrupt files and successfully repaired them."

Like I said i'm not sure of what changed after the scan so i'll keep you updated on that.

I went to the 'uninstall windows updates' section in control panel and found an unspecified update called: Update for  (KB2504637). This seemed suspicious to me but what do you think?

In regards to updates, a couple of minutes or an hour after I discovered my laptop was having a ransomware attack Windows prompted me to update windows and so I did. I'm not sure if this was some sort of 'trojan update that has a virus' or something like that so let me know about that as well.

Like I said, I'll keep you updated when I catch something or see any changes.

Link to comment
Share on other sites

(KB2504637 is a .NET update.

I was planning on running Tronscript which I found out about from this video: 

Don't you will waste 10-12 hours of your time that you will never get back.  TRON is the kitchen sink approach to malware removal.  Nobody in the online security community uses it for a reason.

WVV0R7I3W.tmp is still appearing in System32 folder

Run a fresh scan with FRST, attach the new FRST reports to your reply.

Link to comment
Share on other sites

 

Copy the below code to NotepadSave As fixlist.txt to your Desktop.

HKU\S-1-5-21-2102723078-641696285-197280854-1001\...\Policies\Explorer: [HideSCAMeetNow] 1
HKU\S-1-5-21-2102723078-641696285-197280854-1001\...\MountPoints2: E - "E:\setup.exe" 
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
HKU\S-1-5-21-2102723078-641696285-197280854-1001\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
S2 AppServicea; C:\Windows\system32\1WVV0R7I3W.tmp [X] <==== ATTENTION
S2 AppServiceb; C:\Windows\system32\1WVV0R7I3W.tmp [X] <==== ATTENTION
S2 AppServicec; C:\Windows\system32\1WVV0R7I3W.tmp [X] <==== ATTENTION
S2 AppServiced; C:\Windows\system32\1WVV0R7I3W.tmp [X] <==== ATTENTION
S2 AppServicee; C:\Windows\system32\1WVV0R7I3W.tmp [X] <==== ATTENTION
S2 AppServicef; C:\Windows\system32\1WVV0R7I3W.tmp [X] <==== ATTENTION
S2 AppServiceg; C:\Windows\system32\1WVV0R7I3W.tmp [X] <==== ATTENTION
S2 AppServiceh; C:\Windows\system32\1WVV0R7I3W.tmp [X] <==== ATTENTION
S2 AppServicei; C:\Windows\system32\1WVV0R7I3W.tmp [X] <==== ATTENTION
S2 AppServicej; C:\Windows\system32\1WVV0R7I3W.tmp [X] <==== ATTENTION
S2 AppServicek; C:\Windows\system32\1WVV0R7I3W.tmp [X] <==== ATTENTION
S2 AppServicel; C:\Windows\system32\1WVV0R7I3W.tmp [X] <==== ATTENTION
S2 AppServicem; C:\Windows\system32\1WVV0R7I3W.tmp [X] <==== ATTENTION
S2 AppServicen; C:\Windows\system32\1WVV0R7I3W.tmp [X] <==== ATTENTION
S2 AppServiceo; C:\Windows\system32\1WVV0R7I3W.tmp [X] <==== ATTENTION
S2 AppServicep; C:\Windows\system32\1WVV0R7I3W.tmp [X] <==== ATTENTION
S2 AppServiceq; C:\Windows\system32\1WVV0R7I3W.tmp [X] <==== ATTENTION
S2 AppServicer; C:\Windows\system32\1WVV0R7I3W.tmp [X] <==== ATTENTION
S2 AppServices; C:\Windows\system32\1WVV0R7I3W.tmp [X] <==== ATTENTION
S2 AppServicet; C:\Windows\system32\1WVV0R7I3W.tmp [X] <==== ATTENTION
S2 AppServiceu; C:\Windows\system32\1WVV0R7I3W.tmp [X] <==== ATTENTION
S2 AppServicev; C:\Windows\system32\1WVV0R7I3W.tmp [X] <==== ATTENTION
S2 AppServicew; C:\Windows\system32\1WVV0R7I3W.tmp [X] <==== ATTENTION
S2 AppServicex; C:\Windows\system32\1WVV0R7I3W.tmp [X] <==== ATTENTION
S2 AppServicey; C:\Windows\system32\1WVV0R7I3W.tmp [X] <==== ATTENTION
S2 MaskVPNService; "C:\Program Files (x86)\MaskVPN\mask_svc.exe" [X]
S2 rsEngineSvc; "C:\Program Files\RAVAntivirus\rsEngineSvc.exe" [X]
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [208176 2020-12-10] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [197176 2020-12-10] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [46704 2020-12-10] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 eb96aeb9; C:\Windows\System32\Drivers\eb96aeb9.sys [89392 2021-09-23] (AO Kaspersky Lab -> AO Kaspersky Lab)
2021-09-23 21:40 - 2021-09-23 21:40 - 000127792 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\a21d9ecf.sys
2021-09-23 21:28 - 2021-09-23 21:28 - 000089392 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\eb96aeb9.sys
2021-09-23 06:17 - 2021-09-23 06:51 - 006826592 ____N C:\Windows\system32\Drivers\21nQ8y3kf0E.sys
2021-10-15 19:33 - 2021-06-20 13:49 - 000000000 ____D C:\Windows\pss
2021-10-21 14:02 C:\Windows\system32\config\SYSTEM
2021-09-23 06:51 C:\Windows\system32\Drivers\21nQ8y3kf0E.sys
FirewallRules: [{5EE0CA93-E7D5-4205-873C-DDA92DEE9630}] => (Allow) C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{347BDE28-553B-4E9C-BDBD-2F56ED22347B}] => (Allow) C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{3DA2269B-39CB-4E24-983D-8B4C940C50AA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{5EC3A33E-07D2-4DC8-A92D-62F8BD6F76AF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [TCP Query User{68CA74A4-554F-4674-B9EC-325D0DB105DE}C:\users\admin\documents\image-line fl studio 20.7 (portable)\fl studio 20\stub\fl64.exe] => (Allow) C:\users\admin\documents\image-line fl studio 20.7 (portable)\fl studio 20\stub\fl64.exe => No File
FirewallRules: [UDP Query User{8C73FB13-8E71-48A5-A62B-F2D480AD6173}C:\users\admin\documents\image-line fl studio 20.7 (portable)\fl studio 20\stub\fl64.exe] => (Allow) C:\users\admin\documents\image-line fl studio 20.7 (portable)\fl studio 20\stub\fl64.exe => No File
FirewallRules: [{1FD8BC57-DCD4-4D65-9791-AB6C395E146F}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe => No File
FirewallRules: [{8AE9296F-1FB0-46B6-81CD-AF52A66AD819}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe => No File
FirewallRules: [{2693E935-47E2-4C45-9D3E-191C1B6D2480}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DaVinciPanelDaemon.exe => No File
FirewallRules: [{8B9C6003-34D2-48BB-BAB9-9691A04D9613}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe => No File
FirewallRules: [{9024F6F4-9717-4B10-BF01-64E85576507D}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe => No File
FirewallRules: [{554F8085-FA2D-4B12-A08F-FFF9C2D195ED}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe => No File
FirewallRules: [{2A4FEA5F-424C-4E3C-862F-46FE5CF3C831}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe => No File
FirewallRules: [{12984648-D4E7-489E-888A-73C805051E75}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\fuscript.exe => No File
FirewallRules: [{E94D6471-CF56-4B97-9905-9213CA4DD739}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe => No File
FirewallRules: [TCP Query User{33D7D730-A377-4442-9AE3-6A440DA3CBD3}C:\program files\blackmagic design\davinci resolve\dpdecoder.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\dpdecoder.exe => No File
FirewallRules: [UDP Query User{87C54FE9-B7ED-4A0B-9625-C9215442AC9A}C:\program files\blackmagic design\davinci resolve\dpdecoder.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\dpdecoder.exe => No File
FirewallRules: [TCP Query User{9C9B0FBE-23FB-4D97-A3B3-E7919D10EF34}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\resolve.exe => No File
FirewallRules: [UDP Query User{D394EF54-D5B2-4B04-8025-28BB1B9B24C7}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\resolve.exe => No File
FirewallRules: [TCP Query User{A3BBF00E-8DC8-4317-A300-8522DBE64C50}C:\program files\blackmagic design\davinci resolve\fuscript.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\fuscript.exe => No File
FirewallRules: [UDP Query User{79833400-9429-4DAB-9C01-BAB08DD6E132}C:\program files\blackmagic design\davinci resolve\fuscript.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\fuscript.exe => No File
FirewallRules: [TCP Query User{16F9A524-1B01-4875-8643-12C97C4F783D}C:\program files\blackmagic design\davinci resolve\davincipaneldaemon.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\davincipaneldaemon.exe => No File
FirewallRules: [UDP Query User{5F267EB9-7EE1-401D-A629-6185E17EFECD}C:\program files\blackmagic design\davinci resolve\davincipaneldaemon.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\davincipaneldaemon.exe => No File
FirewallRules: [{D5E23D25-0639-43E7-82C8-0F3946B5839B}] => (Allow) C:\Users\Admin\Downloads\4ddig-for-windows.exe => No File
FirewallRules: [{28A0FB41-F599-48CB-B4BB-CC5179ECE8C1}] => (Allow) C:\Users\Admin\Downloads\4ddig-for-windows.exe => No File
FirewallRules: [{E70631A8-34F3-4E59-9CDD-AF8C1B5F62BE}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\Tenorshare 4DDiG.exe => No File
FirewallRules: [{29044F88-4DC1-45BD-ACFB-A606EEA33F3B}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\Tenorshare 4DDiG.exe => No File
FirewallRules: [{78F406D9-3D26-4CD5-B5D7-B4A85AAAD5CC}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\NetFrameCheck.exe => No File
FirewallRules: [{80CCFBBD-34F6-4259-B166-FAC3F6925F95}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\NetFrameCheck.exe => No File
FirewallRules: [TCP Query User{15726DC8-B092-4676-886D-125F71CB8805}C:\users\admin\downloads\sdio_1.11.2.737\sdio_x64_r737.exe] => (Allow) C:\users\admin\downloads\sdio_1.11.2.737\sdio_x64_r737.exe => No File
FirewallRules: [UDP Query User{20BE966C-AFF1-4562-81D5-00B8D9EB1596}C:\users\admin\downloads\sdio_1.11.2.737\sdio_x64_r737.exe] => (Allow) C:\users\admin\downloads\sdio_1.11.2.737\sdio_x64_r737.exe => No File
FirewallRules: [{DCD05A58-07B3-4C18-ACCE-C1B031C4AC4B}] => (Allow) C:\Games\FIFA 14\Game\fifa14.exe => No File
FirewallRules: [{1BDDBCA9-4570-4A0E-B771-13E313372477}] => (Allow) C:\Games\FIFA 14\Game\fifa14.exe => No File

 

Close Notepad.

 

NOTE: It's important that both files, FRST, and fixlist.txt are in the same location or the fix will not work.

 

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

 

IMPORTANT: Save all of your work, as the next step may reboot your computer.

 

Run FRST and press the Fix button just once and wait.

 

If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart.

 

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

 

NOTE: If the tool warns you about an outdated version please download and run the updated version.

 

Also, let me know how the machine is running now, and what remaining issues you've noticed.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...