Hidden Malware

Hey, I was checking up on my sister's notebook. She told me that she couldn't use Chrome and some websites anymore. At the moment, I am installing an antivirus on her device, one of the known ones. But in the meantime, I really can't connect to websites like Binance and can't turn Chrome on. When I try to install Chrome, the installer comes in and out in a second, and nothing happens. I tried to check if there was any VPN, but there wasn't, and I couldn't see any configuration at the hosts file. So, I need your help. I will put the FRST log down there.

Welcome

Please rename C:\Users\pc\Downloads\frst\FRST64.exe as EnglishFRST.exe. Run EnglishFRST.exe. Perform a Scan and post new logs.

Welcome

 

Please rename C:\Users\pc\Downloads\frst\FRST64.exe as EnglishFRST.exe. Run EnglishFRST.exe. Perform a Scan and post new logs.

Oh i only can do that tomorrow :'( But thanks for comment i will be back with diff logs tomorrow 

Ok.

there you go boss i want to know if there is any software sided problems o7

Hi
 
Welcome
 
I'll be helping you with your computer.
 
Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.
 
Please take note of the guidelines for this fix:

• Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
• First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
• Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
• Please read ALL instructions carefully and perform the steps fully and in the order they are written.
• If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
• Continue to read and follow my instructions until I tell you that your machine is clean.
• If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
• Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary.

Let's begin...

• Highlight the entire content of the quote box below.

Start:: 

SystemRestore: On 

CreateRestorePoint: 

CloseProcesses: 

 

CustomCLSID: HKU\S-1-5-21-720295556-348854575-3973674434-1001_Classes\CLSID\{041F9391-C79D-44EE-AA4E-AF4E029C4B47}\InprocServer32 -> C:\Users\pc\AppData\Local\Google\Update\1.3.36.111\psuser_64.dll => No File 

CustomCLSID: HKU\S-1-5-21-720295556-348854575-3973674434-1001_Classes\CLSID\{1F9E0710-2073-435F-9C1B-F29946205947}\InprocServer32 -> C:\Users\pc\AppData\Local\Google\Update\1.3.36.152\psuser_64.dll => No File 

CustomCLSID: HKU\S-1-5-21-720295556-348854575-3973674434-1001_Classes\CLSID\{2919A592-BF5E-4AF5-A658-84454D70841E}\InprocServer32 -> C:\Users\pc\AppData\Local\Google\Update\1.3.36.202\psuser_64.dll => No File 

CustomCLSID: HKU\S-1-5-21-720295556-348854575-3973674434-1001_Classes\CLSID\{5D44759C-CF3F-433D-9EA0-267E45577C77}\InprocServer32 -> C:\Users\pc\AppData\Local\Google\Update\1.3.36.212\psuser_64.dll => No File 

CustomCLSID: HKU\S-1-5-21-720295556-348854575-3973674434-1001_Classes\CLSID\{69545769-8D02-4B07-A481-AD374CD8D5D1}\InprocServer32 -> C:\Users\pc\AppData\Local\Google\Update\1.3.36.132\psuser_64.dll => No File 

Task: {06590338-F62F-4D5A-A75F-ED660BEDD8A5} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem122.0.6180.0{75BE16F4-7442-4DC6-9232-196E2838FDB4} => "C:\Program Files (x86)\Google\GoogleUpdater\122.0.6180.0\updater.exe"  --wake --system --enable-logging --vmodule=*/components/winhttp/*=1,*/components/update_client/*=2,*/chrome/updater/*=2 (No File) 

FirewallRules: [{E06F886E-EC93-49A7-864F-9FF985C78FDB}] => (Allow) C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe => No File 

HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION 

HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION 

FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\bd_js_config.js [2024-03-07] <==== ATTENTION (Points to *.cfg file) 

FF ExtraCheck: C:\Program Files\mozilla firefox\bd_config.cfg [2024-03-07] <==== ATTENTION 

FirewallRules: [{E06F886E-EC93-49A7-864F-9FF985C78FDB}] => (Allow) C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe => No File 

EMPTYTEMP:

End::

• Right click on the highlighted text and select Copy.
• Start FRST (FRST64) with Administrator privileges
• Press the Fix button. FRST will process the lines copied above from the clipboard.
• When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
 
Download AdwCleaner and save it to your desktop.

• Double click AdwCleaner.exe to run it.

When AdwCleaner starts, on the left side of the window, click on “Settings” and then enable these repair actions on that tab-window
by clicking their button to the far-right for ON status

• Delete IFEO keys
• Delete tracing keys
• Delete Prefetch files
• Reset Proxy
• Reset IE Policies
• Reset Chrome policies
• Reset Winsock
• Reset HOSTS file
• Click Scan Now ...
• When the scan has finished a Scan Results window will open.
• Click Cancel (at this point do not attempt to Quarantine anything that is found)
• Now click the Log Files tab ...
• Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
• A Notepad file will open containing the results of the scan.

Please post the contents of the file in your next reply.
 
 
 

there you go boss again o7

AdwCleaner - Clean

• Double click AdwCleaner.exe to run it.

When AdwCleaner starts, on the left side of the window, click on “Settings” and then enable these repair actions on that tab-window
by clicking their button to the far-right for ON status

• Delete IFEO keys
• Delete tracing keys
• Delete Prefetch files
• Reset Proxy
• Reset IE Policies
• Reset Chrome policies
• Reset Winsock
• Reset HOSTS file
• Click Scan Now
• When the scan has finished a Scan Results window will open.
• Please check all boxes and then click Quarantine
  • Click Next
  • If any pre-installed software was found on your machine, a prompt window will open ...
    • Click OK to close it
  • Check any pre-installed software items you want to remove (if they're not causing you a problem I recommend you don't select any)
  • Click Quarantine
• A prompt to save your work will appear ...
  • Click Continue when you're ready to proceed.
• A prompt to restart your computer will appear ...
  • Click Restart Now
• Once your computer has restarted ...
  • If it doesn't open automatically, please start AdwCleaner ...
  • Click the Log Files tab ...
  • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
  • A Notepad file will open containing the results of the removal.
  • Please post the contents of the file in your next reply.

Let me know how is the computer doing?

AdwCleaner - Clean

• Double click AdwCleaner.exe to run it.

When AdwCleaner starts, on the left side of the window, click on “Settings” and then enable these repair actions on that tab-window
by clicking their button to the far-right for ON status

• Delete IFEO keys
• Delete tracing keys
• Delete Prefetch files
• Reset Proxy
• Reset IE Policies
• Reset Chrome policies
• Reset Winsock
• Reset HOSTS file
• Click Scan Now
• When the scan has finished a Scan Results window will open.
• Please check all boxes and then click Quarantine
  • Click Next
  • If any pre-installed software was found on your machine, a prompt window will open ...
    • Click OK to close it
  • Check any pre-installed software items you want to remove (if they're not causing you a problem I recommend you don't select any)
  • Click Quarantine
• A prompt to save your work will appear ...
  • Click Continue when you're ready to proceed.
• A prompt to restart your computer will appear ...
  • Click Restart Now
• Once your computer has restarted ...
  • If it doesn't open automatically, please start AdwCleaner ...
  • Click the Log Files tab ...
  • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
  • A Notepad file will open containing the results of the removal.
  • Please post the contents of the file in your next reply.

Let me know how is the computer doing?

don't worry boss i will keep you updated but since my sister went for holiday at different country i couldn't apply fix yet 

Still cant install chrome boss and there are the logs but i didn't get any promp like u said after i quarantined it said it completed succesfully and it was done  i did another scan to see if anything pops but nothing did 

And i still can't connect to websites like Binance but that may be because of ISP i will call them also tomorrow 

Check your Settings -> Apps -> Installed Applications. If Chrome is present, uninstall the application. Once done download Google Chrome.

Try downloading from this site:

Google Chrome - The Fast & Secure Web Browser Built to be Yours

Install the application.

Run FRST64 once again and post new logs.

Something deleted bitdefender without permission and still can't install chrome it says just wait when i click on installer then goes off nothing happens

Turns out my sister recovered a system point bitdefender went off because of that but still can't install chrome 

I will use fix you posted again since computer didn't turn on and she used system restore point but current logs are :