Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    German authorities identify REvil and GangCrab ransomware bosses

Featured Deal: Protect up to 9 devices from ads and tracking for just $16 in this AdGuard deal

Latest Buyer's Guide:     Best VPNs in 2025

Generic User Avatar

reCaptcha and some pages not working after Windows update

Started by avatarRD , Apr 30 2021 08:39 PM

  • This topic is locked This topic is locked
38 replies to this topic

#16 avatarRD

avatarRD
  • Topic Starter

  • Avatar image
  • Members
  • 20 posts
  • OFFLINE
    •  
  • Local time:08:46 PM

Posted 04 May 2021 - 06:10 PM

Here the results of the Farbar R

Fix result of Farbar Recovery Scan Tool (x64) Version: 28-04-2021
Ran by YPC3 (04-05-2021 17:30:20) Run:3
Running from C:\Users\LAPC\Desktop\# UNO
Loaded Profiles: YPC3
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_433.dll [2020-09-15] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_433.dll [2020-09-15] (Adobe Inc. -> )
2021-04-29 16:43 - 2021-04-29 16:43 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsignec5c7d73d2ebf726
2021-04-29 16:43 - 2021-04-29 16:43 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign5599c53cdbc089d4
2021-04-27 16:09 - 2021-04-27 16:09 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsignee557e8a0eea052d
2021-04-27 14:10 - 2021-04-27 14:10 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsignb5668fac1289089f
2021-04-27 10:15 - 2021-04-27 10:15 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign149160c4e5bb8830
2021-04-27 10:12 - 2021-04-27 10:12 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsignc2cc468ae48cd25a
2021-04-27 10:12 - 2021-04-27 10:12 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsignab7453ee49a5a17a
2021-04-27 10:12 - 2021-04-27 10:12 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign7088d5d792253d59
2021-04-27 10:12 - 2021-04-27 10:12 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign6028a02c729ca397
2021-04-27 10:11 - 2021-04-27 10:11 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsigna7476cf2898d7e7e
2021-04-27 10:11 - 2021-04-27 10:11 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign4afade2e2a026653
2021-04-27 10:05 - 2021-04-27 10:05 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign650de012317aa68a
2021-04-27 10:05 - 2021-04-27 10:05 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign4fe19451f31c6989
2021-04-27 10:05 - 2021-04-27 10:05 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign0bf3864f0bd81058
2021-04-27 09:30 - 2021-04-27 09:30 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign99a4a4460c6dec4c
2021-04-27 09:04 - 2021-04-27 09:04 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsigneb663db6a8bb032c
2021-04-27 09:04 - 2021-04-27 09:04 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign4b30c9cd2914cc69
2021-04-27 09:04 - 2021-04-27 09:04 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign2be9fa5cb1515f10
2021-04-26 13:37 - 2021-04-26 13:37 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign93eb77bf46d2db4b
2021-04-26 13:36 - 2021-04-26 13:36 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign939541647a99d3c1
2021-04-26 13:32 - 2021-04-26 13:32 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign5ebc04d8ed828660
2021-04-26 13:02 - 2021-04-26 13:02 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsignd034d3186591396d
2021-04-26 11:12 - 2021-04-26 11:12 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsignac92544101bff369
2021-04-26 10:50 - 2021-04-26 10:50 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign35065bbc7661428e
2021-04-26 10:01 - 2021-04-26 10:01 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign10cfac3665ca3970
2021-04-26 10:00 - 2021-04-26 10:00 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsigned6c8413599ecba7
2021-04-26 10:00 - 2021-04-26 10:00 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsignc6037b3ea15a5678
2021-04-26 10:00 - 2021-04-26 10:00 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign40e5c76a447fa5bb
2021-04-26 08:41 - 2021-04-26 08:41 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsigna209d15090dbf41e
2021-04-26 08:39 - 2021-04-26 08:39 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsigne4e3136ed8414eae
2021-04-26 08:39 - 2021-04-26 08:39 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign0ceabe6ffb1c7d50
2021-04-17 22:21 - 2021-04-17 22:21 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign797af77be8b8cde0
2021-04-17 22:21 - 2021-04-17 22:21 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign57ce748b2426268c
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
C:\WINDOWS\system32\Tasks\InstallShield® Setup Engine Kernel
C:\Program Files (x86)\Common Files\InstallShield
Task: {2092D4C2-6213-4011-B598-A0F186F4A712} - System32\Tasks\Optimize Thumbnail Cache => C:\Program Files (x86)\Common Files\installshield\engine\8\intel 32\isupdate.exe [61104 2020-09-26] (Flexera Software LLC -> InstallShield®) [File not signed]
2021-04-19 22:48 - 2021-04-19 22:48 - 000000000 ____D C:\WINDOWS\system32\Tasks\MEGA
2021-04-19 22:48 - 2021-04-19 22:48 - 000000000 ____D C:\WINDOWS\system32\Tasks\COMODO
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO
2021-04-19 22:40 - 2020-03-28 13:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2021-04-26 13:24 - 2020-04-02 16:16 - 000000000 ____D C:\Users\LAPC\AppData\Roaming\MiPony
2021-04-19 22:40 - 2020-04-02 16:16 - 000000000 ____D C:\Users\LAPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiPony
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings)
AutoConfigURL: [HKLM] => hxxp://127.0.0.1:86/
AutoConfigURL: [HKLM-x32] => hxxp://127.0.0.1:86/
AutoConfigURL: [{1C5A8DD3-4F41-4B45-910B-D3D379B045D4}] => hxxp://127.0.0.1:86/
ManualProxies: 0hxxp://127.0.0.1:86/
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Removeproxy:
Powershell:  Get-Process -Id (Get-NetTCPConnection -LocalPort 86).OwningProcess

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer => not found
"C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_433.dll" => not found
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_433.dll [2020-09-15] (Adobe Inc." => not found
"C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_433.dll" => not found
"C:\Users\LAPC\AppData\Local\Tempzxpsignec5c7d73d2ebf726" => not found
"C:\Users\LAPC\AppData\Local\Tempzxpsign5599c53cdbc089d4" => not found
"C:\Users\LAPC\AppData\Local\Tempzxpsignee557e8a0eea052d" => not found
"C:\Users\LAPC\AppData\Local\Tempzxpsignb5668fac1289089f" => not found
"C:\Users\LAPC\AppData\Local\Tempzxpsign149160c4e5bb8830" => not found
"C:\Users\LAPC\AppData\Local\Tempzxpsignc2cc468ae48cd25a" => not found
"C:\Users\LAPC\AppData\Local\Tempzxpsignab7453ee49a5a17a" => not found
"C:\Users\LAPC\AppData\Local\Tempzxpsign7088d5d792253d59" => not found
"C:\Users\LAPC\AppData\Local\Tempzxpsign6028a02c729ca397" => not found
"C:\Users\LAPC\AppData\Local\Tempzxpsigna7476cf2898d7e7e" => not found
"C:\Users\LAPC\AppData\Local\Tempzxpsign4afade2e2a026653" => not found
"C:\Users\LAPC\AppData\Local\Tempzxpsign650de012317aa68a" => not found
"C:\Users\LAPC\AppData\Local\Tempzxpsign4fe19451f31c6989" => not found
"C:\Users\LAPC\AppData\Local\Tempzxpsign0bf3864f0bd81058" => not found
"C:\Users\LAPC\AppData\Local\Tempzxpsign99a4a4460c6dec4c" => not found
"C:\Users\LAPC\AppData\Local\Tempzxpsigneb663db6a8bb032c" => not found
"C:\Users\LAPC\AppData\Local\Tempzxpsign4b30c9cd2914cc69" => not found
"C:\Users\LAPC\AppData\Local\Tempzxpsign2be9fa5cb1515f10" => not found
"C:\Users\LAPC\AppData\Local\Tempzxpsign93eb77bf46d2db4b" => not found
"C:\Users\LAPC\AppData\Local\Tempzxpsign939541647a99d3c1" => not found
"C:\Users\LAPC\AppData\Local\Tempzxpsign5ebc04d8ed828660" => not found
"C:\Users\LAPC\AppData\Local\Tempzxpsignd034d3186591396d" => not found
"C:\Users\LAPC\AppData\Local\Tempzxpsignac92544101bff369" => not found
"C:\Users\LAPC\AppData\Local\Tempzxpsign35065bbc7661428e" => not found
"C:\Users\LAPC\AppData\Local\Tempzxpsign10cfac3665ca3970" => not found
"C:\Users\LAPC\AppData\Local\Tempzxpsigned6c8413599ecba7" => not found
"C:\Users\LAPC\AppData\Local\Tempzxpsignc6037b3ea15a5678" => not found
"C:\Users\LAPC\AppData\Local\Tempzxpsign40e5c76a447fa5bb" => not found
"C:\Users\LAPC\AppData\Local\Tempzxpsigna209d15090dbf41e" => not found
"C:\Users\LAPC\AppData\Local\Tempzxpsigne4e3136ed8414eae" => not found
"C:\Users\LAPC\AppData\Local\Tempzxpsign0ceabe6ffb1c7d50" => not found
"C:\Users\LAPC\AppData\Local\Tempzxpsign797af77be8b8cde0" => not found
"C:\Users\LAPC\AppData\Local\Tempzxpsign57ce748b2426268c" => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => not found
"C:\WINDOWS\system32\Tasks\InstallShield® Setup Engine Kernel" => not found
"C:\Program Files (x86)\Common Files\InstallShield" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2092D4C2-6213-4011-B598-A0F186F4A712}" => not found
"C:\WINDOWS\System32\Tasks\Optimize Thumbnail Cache" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Thumbnail Cache" => not found
"C:\WINDOWS\system32\Tasks\MEGA" => not found
"C:\WINDOWS\system32\Tasks\COMODO" => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}" => not found
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO" => not found
"C:\Users\LAPC\AppData\Roaming\MiPony" => not found
"C:\Users\LAPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiPony" => not found
"HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser" => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL" => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL" => not found
HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\ProxyMgr\{1C5A8DD3-4F41-4B45-910B-D3D379B045D4} => not found
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => not found

========= netsh winsock reset catalog =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= netsh int ip reset C:\resettcpip.txt =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= Bitsadmin /Reset /Allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

0 out of 0 jobs canceled.

========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= RemoveProxy: =========



========= End of RemoveProxy: =========


========= Get-Process -Id (Get-NetTCPConnection -LocalPort 86).OwningProcess =========

Get-NetTCPConnection : Clase no válida 
En C:\FRST\tmp.ps1: 1 Carácter: 18
+ Get-Process -Id (Get-NetTCPConnection -LocalPort 86).OwningProcess
+                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : MetadataError: (MSFT_NetTCPConnection:ROOT/StandardCimv2/MSFT_NetTCPConnection) [Get-Net 
   TCPConnection], CimException
    + FullyQualifiedErrorId : HRESULT 0x80041010,Get-NetTCPConnection
 
Get-Process : No se puede enlazar el argumento al parámetro 'Id' porque es nulo.
En C:\FRST\tmp.ps1: 1 Carácter: 17
+ Get-Process -Id (Get-NetTCPConnection -LocalPort 86).OwningProcess
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidData: (:) [Get-Process], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.GetProcessC 
   ommand
 

========= End of Powershell: =========



The system needed a reboot.

==== End of Fixlog 17:30:46 ====

 


BC AdBot (Login to Remove)

 

#17 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 62,346 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:46 PM

Posted 04 May 2021 - 07:58 PM

Thank you, it looks like you ran it at least twice.

If you have not done so, please follow the instructions to uninstall Adobe Flash and Avast Free Antivirus.
Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.
John 6:68-69

The Man on the Middle Cross Said I Could Come

#18 avatarRD

avatarRD
  • Topic Starter

  • Avatar image
  • Members
  • 20 posts
  • OFFLINE
    •  
  • Local time:08:46 PM

Posted 04 May 2021 - 08:54 PM

I removed Flash with Adobe Flash Player Uninstaller and Avast and KMS with Revo Uninstaller.

 

Why are we uninstalling Avast?


#19 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 62,346 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:46 PM

Posted 04 May 2021 - 09:30 PM

You should only have one antivirus program installed. If you would prefer to have that over Kaspersky we can change it.
Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.
John 6:68-69

The Man on the Middle Cross Said I Could Come

#20 avatarRD

avatarRD
  • Topic Starter

  • Avatar image
  • Members
  • 20 posts
  • OFFLINE
    •  
  • Local time:08:46 PM

Posted 04 May 2021 - 09:53 PM

I had Avast because it was free and also i have Malwarebytes premium as a combo with Avast Free, however i downloaded Kaspersky for the issue i had and it is in trial period.

Can Kaspersky works with Malwarebytes premium? I thinking about of buying Kaspersky Internet Security Premium but i'm not sure if it works with Malwarebytes and if it a good idea.


#21 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 62,346 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:46 PM

Posted 05 May 2021 - 02:33 PM

According to Kaspersky, Malwarebytes us incompatible with their software.

 

If you properly activate Windows 10 I would suggest you consider using the free Windows Defender integrated into the operating system. I use that in combination with Malwarebytes Premium and have been very happy with the protection it provides. This is not a recommendation but just something to consider.

 

Let me know what you decide and we will straighten things out for you.


Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.
John 6:68-69

The Man on the Middle Cross Said I Could Come

#22 avatarRD

avatarRD
  • Topic Starter

  • Avatar image
  • Members
  • 20 posts
  • OFFLINE
    •  
  • Local time:08:46 PM

Posted 06 May 2021 - 09:28 PM

Sorry, another busy day :unsure: .

I prefer keep Avast free and Malwarebytes premium, they works good together and right now i won't buy Kaspersky premium because the Windows licence was a little expensive so i prefer Avast free for now.

 

So should i just remove Kaspersky and reinstall Avast again?


#23 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 62,346 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:46 PM

Posted 07 May 2021 - 07:54 AM

No problem.

 

Yes, remove Kaspersky then reinstall Avast.


Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.
John 6:68-69

The Man on the Middle Cross Said I Could Come

#24 avatarRD

avatarRD
  • Topic Starter

  • Avatar image
  • Members
  • 20 posts
  • OFFLINE
    •  
  • Local time:08:46 PM

Posted 08 May 2021 - 10:04 AM

Done! :thumbsup2:  

Should i do another action or i can think my computer is fine now?

 

lol, new problem (maybe).

 

Not always but when i open Firefox, sometimes Malwarebytes show a message about a Event: "PUP detected , Site blocked: restoro.com"

I remember i had a similar problem before and it was because in my Favorite list i had the specific site it was in the "blacklist" but this time i don't have that page "restoro" in my list with firefox


Edited by avatarRD, 08 May 2021 - 01:46 PM.

#25 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 62,346 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:46 PM

Posted 08 May 2021 - 08:57 PM

Please scan your computer with Malwarebytes and following that run this.

===================================================

Farbar's Recovery Scan Tool SearchAll

--------------------
  • Right click on FRST and select Run as administrator
  • Copy/paste the following in the Search: box
SearchAll: Restoro
  • Click Search Files button
  • When completed click OK and a Search.txt document will open on your desktop
  • Copy and paste the contents of that document your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Malwarebytes log
  • Search.txt

Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.
John 6:68-69

The Man on the Middle Cross Said I Could Come

#26 avatarRD

avatarRD
  • Topic Starter

  • Avatar image
  • Members
  • 20 posts
  • OFFLINE
    •  
  • Local time:08:46 PM

Posted 10 May 2021 - 11:25 PM

Thanks for your fast reply. :thumbsup2:

 

The scan with Malwarebytes took years but this is what happened.

 

On Saturday, with Malwarebytes I run a Fast Scan and it showed 1 malware, i was surprised, it was too late so i turn off the computer.

The next day i run another Scan, i supposed Malwarebytes would show me the same malware (because i didn't do any action) but it did't show me nothing... I tryied to run the scan on the file that it supposed to had malware but it show me it was clean, maybe a false positive?

 

Here the first log

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/8/21
Scan Time: 10:37 PM
Log File: e576d086-b077-11eb-9ef5-1c1b0d6283c0.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1292
Update Package Version: 1.0.40238
License: Premium

-System Information-
OS: Windows 10 (Build 19042.964)
CPU: x64
File System: NTFS
User: DESKTOP-D3T0P4H\YPC3

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 323321
Threats Detected: 1
Threats Quarantined: 0
Time Elapsed: 3 min, 10 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
Malware.AI.1033031166, C:\WINDOWS\INSTALLER\25BFAA9.MSI, No Action By User, 1000000, 0, 1.0.40238, 74ADC840DFEA9EEA3D92CDFE, dds, 01237109, 8D58D7D212598748A73DAB234D241077, 092835F12A87FE82A6C52CEBE4897527AFDA510967E1214BDDF77CD9FC8A6632

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

I was not sure why Malwarebytes didn't show me the same info so i run a complete scan for the Disk C.

It took almost 29 hours but here is the log

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/9/21
Scan Time: 3:53 PM
Log File: acb1e074-b108-11eb-9af8-1c1b0d6283c0.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1292
Update Package Version: 1.0.40270
License: Premium

-System Information-
OS: Windows 10 (Build 19042.964)
CPU: x64
File System: NTFS
User: DESKTOP-D3T0P4H\YPC3

-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 10144564
Threats Detected: 2
Threats Quarantined: 2
Time Elapsed: 28 hr, 36 min, 51 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 2
Malware.AI.1464704554, C:\PROGRAM FILES\GIT\USR\BIN\UMOUNT.EXE, Quarantined, 1000000, 0, 1.0.40270, EDA315030D4DE163574D9E2A, dds, 01238122, 5BCFC40DB7279AEBBD1FC9CE867886DF, B6B85F13C35D3A23077E8C7F1E3DB82B8D41FEDCEB92B6AA16C607A45AD5C863
Malware.AI.2464652994, C:\WINDOWS.OLD\PROGRAM FILES (X86)\WINDOWS MEDIA PLAYER\WMPRPH.EXE, Quarantined, 1000000, 0, 1.0.40270, 1359BA1E4F5A915E92E79EC2, dds, 01238122, A1669DB8474BAB01C09CF99888A069BF, CAB0D36188E986D1FD1E92EDF677A2ECB8BD9937AC2F60C795F874EC2DFC1F40

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Git and Windows Media Player supposed to be a safe software, right?

 

And the FRST log

File:
========

folder:
========

Registry:
========


====== End of Search ======

I thinking seriously if i should clean the Disc C and reinstall Windows, i prefer don't do it because the needed time to restore all, but if it's the best idea ... :s

 


Edited by avatarRD, 10 May 2021 - 11:32 PM.

#27 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 62,346 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:46 PM

Posted 11 May 2021 - 08:28 AM

Thank you for the information. I don't see any reason why you need to reformat your drive and reinstall Windows.

Can you confirm for me the Search.txt report contains the following information in addition to what you posted:
 

================== Search Files: "Searchall: Restoro" =============


-----

Those appear to be false positive "detections." Malwarebytes employs an Artificial Intelligence evaluation process which will list certain entries without specific verification they are malicious. You can read about it here.
Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.
John 6:68-69

The Man on the Middle Cross Said I Could Come

#28 avatarRD

avatarRD
  • Topic Starter

  • Avatar image
  • Members
  • 20 posts
  • OFFLINE
    •  
  • Local time:08:46 PM

Posted 11 May 2021 - 10:02 AM

Good morning! :)

 

So, those files are false positives? Great!

About the Search.text report, it doesn't content that line. I'll run the search with FIRST again


#29 avatarRD

avatarRD
  • Topic Starter

  • Avatar image
  • Members
  • 20 posts
  • OFFLINE
    •  
  • Local time:08:46 PM

Posted 11 May 2021 - 11:02 AM

Here the report again

Farbar Recovery Scan Tool (x64) Version: 09-05-2021
Ran by YPC3 (11-05-2021 09:54:32)
Running from C:\Users\LAPC\Desktop\# UNO
Boot Mode: Normal

================== Search Files: "SearchAll: Restoro" =============

File:
========

folder:
========

Registry:
========


====== End of Search ======

#30 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 62,346 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:46 PM

Posted 11 May 2021 - 02:59 PM

Everything is looking great.

Are there any remaining questions or concerns you might have before I post some tool/log clean up instructions and other information for you to consider going forward?
Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.
John 6:68-69

The Man on the Middle Cross Said I Could Come
Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer Forums
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·