Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Fake Windows Defender Notice [Solved]


  • This topic is locked This topic is locked

#16
redleader74

redleader74

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 192 posts

Here is the log.   Looks like the DisableMSDefender was successfully deleted.  

Attached Files


  • 0

Advertisements


#17
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,577 posts

Yes!

 

Can you please run FRST again and provide for me to check the 2 created logs (Addition, FRST)?

 

===============================
 
A couple of remaining things:
 
1. Upgrade your operating system

 

It seems that you are an upgrade behind. Your computer runs with version 21H1, while the latest one is 21H2. It is important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer.

 

If you want to upgrade now (I recommend this):

  • Go to this Microsoft page and under the title Create Windows 10 installation media press on Download tool now.
  • Save the tool on your Desktop and double click to run it.
  • On the License terms page, if you accept the license terms, select Accept.
  • On the What do you want to do page, select Upgrade this PC now, and then select Next.
  • Follow the instructions and select Keep personal files and apps, when you are asked to.
  • It might take a couple of hours, depending on your wifi speed connection, to install Windows 10. Your PC will restart a few times. Make sure you don’t turn off your PC.
  • After downloading and installing, the tool will walk you through how to set up Windows 10 on your PC.

 

2. RAM

 

You said that the computer is running slow.

 

These lines are from your logs, indicating that you have only 4GB RAM, and 82% of it is in use.

 

Percentage of memory in use: 82%
Total physical RAM: 3537.01 MB
Available physical RAM: 624.19 MB

 

So, you need extra RAM to add. Here you can run a free RAM wizard to determine which RAM is compatible with your motherboard. You download and run a small program, which will scan your computer and then recommend compatible RAM. You don't have to buy from them, but you can find out how much RAM the computer can accept. It will help your computer functionality. 
 
 
In your next reply please post:
  1. The fresh FRST logs
  2. If you are going to upgrade now
  3. Any remaining issue, question, concern, regarding this computer

  • 0

#18
redleader74

redleader74

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 192 posts

THanks, please see attached logs.  

 

I think I will wait a little before upgrading Windows.

 

Thanks!

Attached Files


  • 0

#19
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,577 posts

The logs are clean.
 
We could finish it now, but let's do a last scan to ensure that everything is fine:

ESET Online Scanner

Download ESET Online Scanner and save it to your desktop.

  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

  • 0

#20
redleader74

redleader74

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 192 posts

Hi, so I started running ESET scanner  and it's been running all day, nearly 10 hours now.  Just wanted to see if this is normal, it seems like a very long time.


  • 0

#21
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,577 posts

Hi. Yes... Sometimes it takes so long. It depends also on what you have in the computer. 


  • 0

#22
redleader74

redleader74

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 192 posts

Ok here is the log

Attached Files

  • Attached File  eset.txt   1.33KB   54 downloads

  • 0

#23
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,577 posts

Hi, redleader74.
 
It was good we ran Eset.
 
The last item detected (YourTemplateFinder Chrome extension) is bad. As you see here, it can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.
 
Although Eset log shows that it has been removed, I would like you to also make some additional scans:


1. Run AdwCleaner (scan only)

Download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

 

2. Run Malwarebytes (scan only)

  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) the option is NOT checked.
    Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.

If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.

  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

 

In your next reply, please post:

  • The AdwCleaner[S0*].txt
  • The Malwarebytes report

  • 0

#24
redleader74

redleader74

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 192 posts

Ok, please see attached logs.

Attached Files


  • 0

#25
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,577 posts

Thank you.

 

Let's clean.

 

1. AdwCleaner (Clean mode)

Let me explain to you the log created by AdwCleaner:

The findings in the Registry part of the log, are adware and PUPs which stands for Potentially Unwanted Programs. In the instructions below, I will list them all to be removed.

The section at the bottom under Preinstalled Software is software that was apparently installed when the device was new, which you may or may not use. Personally, I do not keep anything I don't use/need. But it's your computer, so your decision.

To proceed, please do the following:

  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

 

2. Run Malwarebytes (Clean mode)

  • Double click the program's icon on your Desktop, as you did before.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) the option is unchecked.
    Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Thread Scan Summary window open.
  • If threats are not found, click View Report and proceed to the two last steps below.
  • If threats are found, make sure that all threats are selected, and click on Quarantine/Remove selected.
  • You may need to restart the computer.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

 

3. Fresh FRST logs

 

Please make another scan with FRST tool, and attach for me the two logs, Addition and FRST.

 

 

In your next reply, please post:

  • The AdwCleaner[C0*].txt
  • The Malwarebytes report
  • The fresh FRST logs, Addition and FRST

  • 0

Advertisements


#26
redleader74

redleader74

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 192 posts

THanks, here are the latest logs.

Attached Files


  • 0

#27
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,577 posts

Hi, and thank you for the logs.

 

1. FRST fix

 

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
Task: {2D86FEE5-B053-4A0C-926E-EEB3C45EAFD6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe /noreport (No File)
Task: {31E13182-75D5-49D7-A94D-1518FB53AD71} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /L Analysis (No File)
Task: {71AF3764-164A-441B-8061-4CBB2F76BB3C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe /f (No File)
Task: {7D3ED69E-0B16-46FF-BF07-17F4E2EE605C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /taskrestart (No File)
Task: {98BC104C-14D4-4E8C-9749-029F3EA65FEA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe /send (No File)
Task: {CBAE028D-9108-4376-B902-0AC0DE2C33B1} - System32\Tasks\WpsNotifyTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsnotify.exe -from=task (No File)
Task: {CCC3C231-D56F-43DF-82D6-08824CFB85DB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe (No File)
Task: {EA2FF502-E406-4C6A-9ECD-5DD843DD9515} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe -task -source HPSA (No File)
Task: {F29C7F9F-D61F-473A-AC08-363A46ADB988} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_TH6593J2K5 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe /ForDevice:TH6593J2K5 (No File)
Task: {F67BD79A-D42A-41FE-B3F1-4BF60F78EE51} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe /DeviceScanR6 (No File)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [No File]
CHR NewTab: Default ->  Not-active:"chrome-extension://jadhamcfimejpbemfkgoeijaimpciehj/stubby.html"
S2 GamesAppIntegrationService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe" [X]
S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X]
S2 HPSupportSolutionsFrameworkService; "c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe" [X]
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

 

2. FRST log

 

Make another scan with FRST tool and attach the FRST log. I don't need Addition this time.

 

 

In your next reply please post:

  1. The fixlog.txt
  2. The FRST log
  3. Feedback: How is the computer running now? Any remaining issue/question/concern? 

  • 0

#28
redleader74

redleader74

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 192 posts

Attached are the logs.  I do notice, that after running a FRST "Fix" the computer will automatically reboot....not sure if this is correct.

Attached Files


  • 0

#29
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,577 posts

Hi.
 
Everything is clean now.
 
The only remaining things for you to have in mind, is the computer's upgrade and the RAM addition (See my post here).
 
If you are not going to upgrade now and if you have no other questions, please go to the next last step of the procedure:

The following tool will remove the tools we used as well as reset system restore points:

Download KpRm by kernel-panik and save it to your desktop.

  • Right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.

  • 0

#30
redleader74

redleader74

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 192 posts

ok, here's the log

Attached Files


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP