Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

infected with bestfaustcaptcha [Solved]


  • This topic is locked This topic is locked

#16
scewter

scewter

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts

Did that as well. Not there either.

 

The only thing in that folder are the scan logs I created (FRST and Addition) before starting this thread.


  • 0

Advertisements


#17
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,225 posts

You downloaded FRST, but have you run the fixlist as instructed here: http://www.geekstogo...a/#entry2663379 ?


  • 0

#18
scewter

scewter

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts

Ok...

 

as I read the instructions - copied below. Pretty sure I did all of this, and in the Safe Mode. It indicated it created a log of the Fix, and that I would find it after the computer restarted, only I cannot find it now.

 

Should I try it again?

 

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere."
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.

  • 0

#19
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,225 posts

Yes, please. Try once more. 

 

If it fails, I will give new a new set of instructions. 


  • 0

#20
scewter

scewter

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts

Still in the Safe Mode?


  • 0

#21
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,225 posts

Still in the Safe Mode?

 

You said that the tool couldn't run in normal mode. That's why we are trying to run it in Safe mode. 


  • 0

#22
scewter

scewter

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts

The tool didn't run in either mode, and as you figured out looking at the icon on the desktop, was probably due to a corrupt download.

 

I downloaded a second time when you pointed this out, the desktop displayed the appropriate looking icon and then it appeared to work - except for the fixlog.txt thing.

 

Me thinks it will work in the normal mode now that I have an uncorrupted version of FRST.

 

Your call.


  • 0

#23
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,225 posts

Please run the fix in Safe mode and let me know the result. 


  • 0

#24
scewter

scewter

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts

Done, in the Safe Mode. Results were the same as last time.

 

Here's a screen shot of the results after the scan. I must be doing something wrong?

 

Screenshot (5).png

 

Btw, here's the Fixlog.txt I mentioned earlier - caution: pretty sure this is not the results from this last attempt as I look at the date/time and the boot mode. Only included here for your info. Have no idea where this came from - possibly the corrupted version of FRST?

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 30-01-2022
Ran by scodo (04-02-2022 05:56:05) Run:2
Running from C:\Users\scodo\OneDrive\Desktop
Loaded Profiles: scodo
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2021-03-25] (IObit Information Technology -> IObit)
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2021-03-25] (IObit Information Technology -> IObit)
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2021-03-25] (IObit Information Technology -> IObit)
SearchScopes: HKU\S-1-5-21-2087068202-1813543609-1746243882-1002 -> DefaultScope {207C416D-9F08-4EA0-A815-7DD0E992EC54} URL = 
SearchScopes: HKU\S-1-5-21-2087068202-1813543609-1746243882-1002 -> {207C416D-9F08-4EA0-A815-7DD0E992EC54} URL = 
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch (No File)
HKU\S-1-5-21-2087068202-1813543609-1746243882-1002\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-2087068202-1813543609-1746243882-1002\...\MountPoints2: {61fccc5d-8a59-11eb-b98b-004e01b3ca92} - "E:\LaunchU3.exe" -a
Task: {360AD7A3-F7D9-41B2-BF90-0B00E98B76F8} - System32\Tasks\SU_AutoUpdate => C:\Program Files (x86)\IObit\Software Updater\SoftwareUpdater.exe [4518936 2021-04-25] (IObit CO., LTD -> IObit)
Task: {6914382D-E063-4398-8E0F-AB6E70342128} - System32\Tasks\ASC_SkipUac_scodo => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe /SkipUac (No File)
Task: {803AED5A-A644-489F-A6BB-459D4BBCEAC4} - System32\Tasks\ASC_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe /Task (No File)
Task: {CFA0FF18-A828-4765-B758-C0A45CE11706} - System32\Tasks\Software Updater Scheduler => C:\Program Files (x86)\IObit\Software Updater\SUInit.exe [1794584 2021-04-14] (IObit CO., LTD -> IObit) <==== ATTENTION
Task: {EFB1CC11-9B04-4E02-B5B2-801BD3743A0C} - System32\Tasks\Software Updater SkipUAC(scodo) => C:\Program Files (x86)\IObit\Software Updater\SoftwareUpdater.exe [4518936 2021-04-25] (IObit CO., LTD -> IObit) <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
CHR Notifications: Default -> hxxps://bestfaustcaptcha.top; hxxps://robynbauder.securefilepro.com
CHR HomePage: Default -> hxxps://192.168.1.1/login?redirect=%2F
C:\Program Files (x86)\IObit\Advanced SystemCare
C:\Program Files (x86)\IObit\Software Updater
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2
EmptyTemp: 
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC} => Error: No automatic fix found for this entry.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Advanced SystemCare => not found
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\Advanced SystemCare => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Advanced SystemCare => not found
"HKU\S-1-5-21-2087068202-1813543609-1746243882-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => not found
HKU\S-1-5-21-2087068202-1813543609-1746243882-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{207C416D-9F08-4EA0-A815-7DD0E992EC54} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Logitech Download Assistant" => not found
"HKU\S-1-5-21-2087068202-1813543609-1746243882-1002\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NolowDiskSpaceChecks" => not found
HKU\S-1-5-21-2087068202-1813543609-1746243882-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61fccc5d-8a59-11eb-b98b-004e01b3ca92} => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{360AD7A3-F7D9-41B2-BF90-0B00E98B76F8}" => not found
"C:\WINDOWS\System32\Tasks\SU_AutoUpdate" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SU_AutoUpdate" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6914382D-E063-4398-8E0F-AB6E70342128}" => not found
"C:\WINDOWS\System32\Tasks\ASC_SkipUac_scodo" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC_SkipUac_scodo" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{803AED5A-A644-489F-A6BB-459D4BBCEAC4}" => not found
"C:\WINDOWS\System32\Tasks\ASC_PerformanceMonitor" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC_PerformanceMonitor" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFA0FF18-A828-4765-B758-C0A45CE11706}" => not found
"C:\WINDOWS\System32\Tasks\Software Updater Scheduler" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Software Updater Scheduler" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFB1CC11-9B04-4E02-B5B2-801BD3743A0C}" => not found
"C:\WINDOWS\System32\Tasks\Software Updater SkipUAC(scodo)" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Software Updater SkipUAC(scodo)" => not found
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => not found
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => not found
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => not found
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => not found
"Chrome Notifications:" => not found
"Chrome HomePage" => removed successfully
"C:\Program Files (x86)\IObit\Advanced SystemCare" => not found
"C:\Program Files (x86)\IObit\Software Updater" => not found
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 => removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 786432 B
 

  • 0

#25
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,225 posts

Whatever has happened, the fix ran twice, that's why the Not found indications. 

 

You can now move to the next steps (4 and 5) here: http://www.geekstogo...a/#entry2663379

 

Do the above in normal mode.  :thumbsup:


  • 1

Advertisements


#26
scewter

scewter

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts

Ok.

 

I'll get back to this tonite or early tomorrow as I've got errands to run.

 

Glad we were able to get past that step.

 

thnx for your patience.


  • 1

#27
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,225 posts

Thanks for letting me know. I will be here. :)


  • 0

#28
scewter

scewter

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts

AdwCleaner scan results:

 

# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build:    11-18-2021
# Database: 2022-02-03.4 (Cloud)
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    02-05-2022
# Duration: 00:00:04
# OS:       Windows 10 Home
# Scanned:  32014
# Detected: 26
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
PUP.Optional.AdvancedSystemCare C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.AdvancedSystemCare HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\Software\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
PUP.Optional.AdvancedSystemCare HKLM\Software\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IOBIT\ASC
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IObit\RealTimeProtector
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries found.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries found.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs found.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries found.
 
***** [ Preinstalled Software ] *****
 
Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SAREMEDIATION\AGENT 
Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SAREMEDIATION\AUDIT 
Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SAREMEDIATION\PLUGIN 
Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SUPPORTASSISTAGENT 
Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\DELL\SAREMEDIATION\AGENT 
Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\DELL\SAREMEDIATION\PLUGIN 
Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\SUPPORTASSIST\CLIENT\TECHNICIANTOOLKIT 
Preinstalled.DellSupportAssistAgent   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{68BC6866-95BE-4BB8-AED8-281F9617FDA1}  
Preinstalled.DellSupportAssistAgent   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68BC6866-95BE-4BB8-AED8-281F9617FDA1}  
Preinstalled.DellSupportAssistAgent   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dell SupportAssistAgent AutoUpdate 
Preinstalled.DellSupportAssistAgent   Task   C:\Windows\System32\Tasks\DELL SUPPORTASSISTAGENT AUTOUPDATE 
Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files (x86)\DELL\UPDATESERVICE 
Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files\DELL\UPDATE 
Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\DELL\UPDATESERVICE 
 
 
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

  • 0

#29
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,225 posts

Very good, Scewter.

 

Let's see Malwarebytes' report as well.

 

When I have both the reports, I will give you instructions to clean the detected items. 


  • 0

#30
scewter

scewter

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts

Been working on the Malwarebytes scan - but run into some difficulty. The directions you posted do not follow what I have installed. Here're couple of screen shots that better explain what I'm referring to.

 

 

Screenshot (6).png

Screenshot (7).png

Screenshot (8).png


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP