Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Xnqfxq keeps coming back [Solved]


  • This topic is locked This topic is locked

#31
vinay9099

vinay9099

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
  1. The fresh FRST logs, FRST.txt and Addition.txt

 

Attached Files


  • 0

Advertisements


#32
vinay9099

vinay9099

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Is it fine? Everything ok right?


  • 0

#33
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

McAfee services are still there.
 
Let's try remove these remnants in Safe Mode.

1. Restart with Safe mode

  • Press the Windows icon on the keyboard together with the letter I, to get into the Settings.
  • Choose Update and Security.
  • From the menu at the left, choose Recovery.
  • Under the title Advanced startup at the right, choose Restart now.
  • From the window that will appear choose Troubleshoot and then Advanced options.
  • Choose Startup Settings and then Restart.
  • Press number 5, for choosing Safe mode with networking.
  • You will know that you are in Safe mode, if the background is black and Safe mode is written at the four corners of the screen.

 

2. FRST fix in Safe Mode

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
Closeprocesses:
CHR Notifications: Default -> hxxps://service.mcafee.com
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [646248 2021-03-19] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [646248 2021-03-19] (McAfee, Inc. -> McAfee, LLC)
S3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [646248 2021-03-19] (McAfee, Inc. -> McAfee, LLC)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [531896 2021-03-19] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [385464 2021-03-19] (McAfee, Inc. -> McAfee, LLC)
R0 mfedisk; C:\WINDOWS\System32\DRIVERS\mfedisk.sys [107448 2021-03-19] (McAfee, Inc. -> McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [522168 2021-03-19] (McAfee, Inc. -> McAfee, LLC)
R3 mfehck; C:\WINDOWS\System32\drivers\mfehck.sys [91576 2021-03-19] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [1019832 2021-03-19] (McAfee, Inc. -> McAfee, LLC)
R1 mfenlfk; C:\WINDOWS\system32\DRIVERS\mfenlfk.sys [82360 2021-03-19] (McAfee, Inc. -> McAfee, LLC)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [116664 2021-03-19] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252344 2021-03-19] (McAfee, Inc. -> McAfee, LLC)
C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe 
C:\WINDOWS\System32\drivers\mfeaack.sys 
C:\WINDOWS\System32\drivers\mfeavfk.sys 
C:\WINDOWS\System32\DRIVERS\mfedisk.sys 
C:\WINDOWS\System32\drivers\mfefirek.sys 
C:\WINDOWS\System32\drivers\mfehck.sys 
C:\WINDOWS\System32\drivers\mfehidk.sys 
C:\WINDOWS\system32\DRIVERS\mfenlfk.sys 
C:\WINDOWS\System32\drivers\mfeplk.sys 
C:\WINDOWS\System32\drivers\mfewfpk.sys
C:\Program Files\Common Files\McAfee\SystemCore\mfehcs.exe
C:\Windows\System32\mfevtps.exe
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

  • 0

#34
vinay9099

vinay9099

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Can I directly deleted it from here C:\Program Files\Common Files\McAfee\

 

Below is the log file

Attached Files


  • 0

#35
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

Fix in Safe mode did the job. 
 
I don't see any other issues in your logs and the computer is now clean.  :thumbsup:
 
 

The following tips are regarding the RAM and hard disk's space:
 
 

1. RAM
 
Here you can run a free RAM wizard to determine which RAM is compatible with your motherboard. It will scan your computer and then recommend compatible RAM. You don't have to buy from them, but you can find out how much RAM the computer can accept. Since 85% of RAM is in use, you need to add RAM, so consider this.
 
 
2. Free some disk's space

Limited space can have a negative impact to your computer's functionality. You will not be able to update your operating system if you haven't got enough space. Of course, you have plenty of space in drive D, but your operating system is on drive C. A good idea would be saving your files in D from now on, especially those taking much space. This can help:

Disc cleanup

  • Press the Windows icon on your keyboard, together with the letter R.
  • Type in the blank area cleanmgr and then press OK.
  • Select Drive C and press OK.
  • Select everything you don't need in the list that will appear. Actually, you can select everything there, but be careful if you need some files in the Downloads folder.
  • Press the button Clean up system files and wait a bit.
  • Again, select everything you don't need, including old Windows installations, if any.
  • Select the tab More options.
  • Under the title System Restore and Shadow Copies, press Clean up.
  • Press Delete and OK if you are asked to.
  • Wait some time (depending of the items that are deleted).
  • Make a restart when the process is finished.
  • Check the C space: In the Search area type This PC > Check the free space of C.

 

Do you have any other questions/concerns regarding this computer?


  • 0

#36
vinay9099

vinay9099

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Can I directly deleted McAfree from here C:\Program Files\Common Files\McAfee\


  • 0

#37
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

 

Can I directly deleted McAfree from here C:\Program Files\Common Files\McAfee\

 

 

 

Yes, of course! I should include it in the fix! If you get an error message, you can delete it in Safe mode. 

 

  :thumbsup:


  • 0

#38
vinay9099

vinay9099

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

I would like to add 16 GB RAM to my Laptop Intel COREi5 8th Generation. Is it possible? If yes. Which is the best for Dell Laptop?


  • 0

#39
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

Running the utility here will tell you how many slots for RAM sticks and how much RAM can your computer accept. 


  • 0

#40
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

If no other question...

 

 

The following tool will remove the tools we used as well as reset system restore points:

Download KpRm by kernel-panik and save it to your desktop.

  • Right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.

 

 

Now your computer is clean, here are some final tips about your computer's security from now on:

Some of the following, are from Klein's (2005) article, So how did I get infected in the first place. Since then, the article has been reproduced or linked to in dozens of locations. As a result, many malware experts have continued updating it, to include current operating systems and software program information. My source is Security Garden, and I marked for you the following:

1. Keep your Windows updated!
It is important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer.

2. Update 3rd Party Software Programs
Third Party software programs have long been targets for malware creators. It has been stated that "Adobe’s Reader and Flash and all versions of Java are together responsible for a total of 66 percent of the vulnerabilities in Windows systems exploited by malware.'' It's important to keep everything updated.

3. Update the browsers you use
Many malware infections install themselves by exploiting security holes in the Internet browser that you use. So... Keep them updated.

4. Be careful about what you download and what you open!

  • Many "freeware" programs come with an enormous amount of bundled spyware that will slow down your system, spawn pop-up advertisements, or just plain crash your browser or even Windows itself. Watch for pre-checked options such as toolbars that are not essential to the operation of the installed software.
  • Peer-to-peer (P2P) programs like Kazaa, BearShare, Imesh, Warez P2P, and others, allow the creation of a network enabling people to connect with other users and upload or download material in a fast efficient manner. BUT even if the P2P software you are using is "clean", a large percentage of the files served on the P2P network are likely to be infected.
  • Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Have this in mind.
  • Do not open any files without being certain of what they are!

5. Avoid questionable web sites!
Visit web sites that are trustworthy and reputable. Many disreputable sites will attempt to install malware on your system through "drive-by" exploits just by visiting the site in your browser. Lyrics sites, free software sites (especially ones that target young children), cracked software sites, and pornography sites are some of the worst offenders. Also, never give out personal information of any sort online or click "OK" to a pop-up unless it is signed by a reputable company and you know what it is.

6. Registry cleaners/driver boosters/system optimizers
I do not recommend registry cleaners, system optimizers, driver boosters and the like. It is your computer and certainly your choice. However, please consider that modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. With registry cleaner and system optimization software programs, the potential is ever present to cause more problems than they claim to fix. Do note, however, that Microsoft does not support the use of registry cleaners. See Microsoft support policy for the use of registry cleaning utilities.

7. PC means personal computer!
Don't give access to your computer to friends or family who appear to be clueless about what they are doing.

8. Back-up your work!
Make back-ups of your personal files frequently. You never know when you'll have to reformat and start from scratch. You can always reformat and reinstall programs, but you cannot replace your data if you haven't made backups.

9. Must-Have Software
An anti-virus and an anti-spyware program is a necessity for the security of your computer. Be sure that you keep them updated, and that real time protection is enabled. You have the built-in Windows 10 Windows Defender as your antivirus, as well as Malwarebytes as antimalware. You can use it for a daily scan (or weekly, depending on how much you use your computer). Both can keep you safe if you follow the safe computing rules.


If you have any questions or concerns please don't hesitate to ask!

I'm glad I was able to help you.  :)


  • 0

Advertisements


#41
vinay9099

vinay9099

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
# Run at 09-05-2021 22:20:54
# KpRm (Kernel-panik) version 2.9
# Run by 91709 from C:\Users\91709\Desktop
# Computer Name: DESKTOP-GNNB30U
# OS: Windows 10 X64 (21370) 
# Number of passes: 1
 
- Checked options -
 
    ~ Registry Backup
    ~ Delete Tools
    ~ Restore System Settings
    ~ UAC Restore
    ~ Delete Restore Points
    ~ Create Restore Point
 
- Create Registry Backup -
 
   ~ [OK] Hive C:\WINDOWS\System32\config\SOFTWARE backed up
   ~ [OK] Hive C:\Users\91709\NTUSER.dat backed up
 
     [OK] Registry Backup: C:\KPRM\backup\2021-05-09-22-20-54
 
- Delete Tools -
 
 
  ## AdwCleaner
     [OK] C:\Users\91709\Downloads\adwcleaner_8.1.exe deleted
     [OK] C:\Users\91709\Downloads\adwcleaner_8.2.exe deleted
 
  ## FRST
     [OK] C:\Users\91709\Desktop\Addition.txt deleted
     [OK] C:\Users\91709\Desktop\Fixlog.txt deleted
     [OK] C:\Users\91709\Desktop\FRST.txt deleted
     [OK] C:\Users\91709\Desktop\FRST64.exe deleted
     [OK] C:\Users\91709\Downloads\Addition.txt deleted
     [OK] C:\Users\91709\Downloads\Fixlog.txt deleted
     [OK] C:\Users\91709\Downloads\FRST.txt deleted
 
  ## FSS
     [OK] C:\Users\91709\Desktop\FSS.exe deleted
     [OK] C:\Users\91709\Desktop\FSS.txt deleted
 
- Other Lines -
 
 
  ## Quarantines keeped
    ~ C:\AdwCleaner (AdwCleaner)
    ~ C:\FRST (FRST)
 
- Restore System Settings -
 
     [OK] Reset WinSock
     [OK] FLUSHDNS
     [OK] Hide Hidden file.
     [OK] Show Extensions for known file types
     [OK] Hide protected operating system files
 
- Restore UAC -
 
     [OK] Set EnableLUA with default (1) value
     [OK] Set ConsentPromptBehaviorAdmin with default (5) value
     [OK] Set ConsentPromptBehaviorUser with default (3) value
     [OK] Set EnableInstallerDetection with default (0) value
     [OK] Set EnableSecureUIAPaths with default (1) value
     [OK] Set EnableUIADesktopToggle with default (0) value
     [OK] Set EnableVirtualization with default (1) value
     [OK] Set FilterAdministratorToken with default (0) value
     [OK] Set PromptOnSecureDesktop with default (1) value
     [OK] Set ValidateAdminCodeSignatures with default (0) value
 
- Clear Restore Points -
 
     [I] No system recovery points were found
 
- Create Restore Point -
 
     [OK] System Restore Point created
 
- Display System Restore Point -
 
   ~ [I] RP named KpRm created at 05/09/2021 16:51:06
 
-- KPRM finished in 25.73s --

  • 0

#42
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

Good. 

 

I hope you are happy with your computer now. 


  • 0

#43
vinay9099

vinay9099

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Thank You so much. Can I know which country are you from? I'm from India, Hyderabad.


  • 0

#44
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

You are very welcome. I am a Greek.  :)

 

I hope things are getting better in India, regarding the pandemic. Take care, stay safe!


  • 0

#45
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

As this issue appears to be resolved, I'm closing this topic.

 

If you need it reopened, please send me a personal message (Hoover with the mouse on my profile name and choose Send message).


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP