[usernamenn]

This app disappeared on my pc before I was able to delete it. I might have an infection. Virus total have scanned flixvision app and found infections.

https://www.virustot...fd8da07c3536148

 

I have attached a Farbar and Additional scan of my PC.

 

Thank you

Attached Files

•  FRST.txt   35.74KB   51 downloads
•  Addition.txt   43.94KB   49 downloads

[Advertisements]

Hi, usernamenn.

 

It seems that you repeatedly start a topic with this subject and then leave. 

 

In case you really need assistance:

Please, adhere to the guidelines below and give your consent. I'll review the logs only after I receive your consent and your commitment that you will stay with me until we finish. 

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.

[DR M]

Hi, usernamenn.

 

It seems that you repeatedly start a topic with this subject and then leave. 

 

In case you really need assistance:

Please, adhere to the guidelines below and give your consent. I'll review the logs only after I receive your consent and your commitment that you will stay with me until we finish. 

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.

[usernamenn]

You have my consent. Thanks

[DR M]

OK, then.

 
1. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

• Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.

Start::
CreateRestorePoint:
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-1981391479-2456464987-1861116909-1001_Classes\CLSID\{14100442-9664-1407-2647-000000000000}\localserver32 -> "C:\Users\Username\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe" -ToastActivated => No File
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} =>  -> No File
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} =>  -> No File
ContextMenuHandlers2: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} =>  -> No File
ContextMenuHandlers2: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} =>  -> No File
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} =>  -> No File
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} =>  -> No File
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKU\S-1-5-21-1981391479-2456464987-1861116909-1001\...\StartupApproved\Run: => "ProtonVPN"
FirewallRules: [{F8DA642C-240F-4A3F-9175-8F8E7FA0CE9C}] => (Allow) C:\Users\Username\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe => No File
FirewallRules: [{F0BA27B3-FE7E-4378-A763-6EAFA4349504}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe => No File
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX11\DivX Media Server\DivXMediaServer.exe (No File)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (No File)
HKU\S-1-5-21-1981391479-2456464987-1861116909-1001\...\Run: [ProtonVPN] => C:\Program Files\Proton\VPN\ProtonVPN.Launcher.exe (No File)
HKU\S-1-5-21-1981391479-2456464987-1861116909-1001\...\MountPoints2: {c8a51880-9175-11ef-b197-b831b59f5772} - "D:\startme.exe" 
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> 
BootExecute: autocheck autochk * sdnclean64.exe
Task: {9DEF5225-B478-443B-BFCA-E86968F75481} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem129.0.6651.2{700B4A20-1325-4897-8A55-5106F4CEDE18} => "C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.2\updater.exe"  --wake --system (No File)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe  (No File)
Task: {8D2B8953-1D37-4FAC-A917-97694BD4CC1E} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe  LogonUpdateResults (No File)
Task: {53C91D3D-8A5C-416C-A077-B7AE7A3CDB2C} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe  /RunOnAC ReadyToReboot (No File)
Task: {69660714-37E9-4C2F-8E37-D7382D32CEBA} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe  /RunOnBattery ReadyToReboot (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
CHR Notifications: Default -> hxxps://my.shaadi.com; hxxps://www.facebook.com; hxxps://www.instagram.com; hxxps://www.pof.com
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
S3 WireGuard; C:\WINDOWS\System32\drivers\wireguard.sys [489368 2024-12-20] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
2025-01-15 23:39 - 2024-10-22 16:16 - 000041448 _____ C:\WINDOWS\system32\OV8865_REAR.aiqd
2025-01-15 23:39 - 2024-07-08 17:19 - 000041448 _____ C:\WINDOWS\system32\OV5693_FRONT.aiqd
C:\WINDOWS\System32\drivers\wireguard.sys
Hosts:
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2
EmptyTemp:
End::

• Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
• Press the Fix button once and wait.
• FRST will process fixlist.txt
• When finished, it will produce a log fixlog.txt on your Desktop.
• Post the log in your next reply.

 

 

2. Remove a Chrome extension

Please remove Norton Home Page extension from your Chrome.



In your next reply, please post:

1. The fixlog.txt
2. If uninstalling the extension was successfull

[usernamenn]

I have tried to run the FRST64 as administrator. It does not open. It is loading but does not open.

[DR M]

Can you please restart the computer and try again? It worked before, right? 

[usernamenn]

It did work before. I have restarted the computer, but it does the same thing. Should I reinstall it. Should I install the latest one from bleeping computer website 

[usernamenn]

I reinstalled the FRST and opened it. I have attached the fixlog.

Attached Files

•  Fixlog.txt   11.35KB   49 downloads

[DR M]

Hi, usernamenn.
 
Apologies for the delay.

 

Moving on.

1. Run AdwCleaner (scan only)

Download AdwCleaner and save it to your desktop.

• Double click AdwCleaner.exe to run it.
• Click the Scan Now button.
• Once the scan completes, AdwCleaner shows you all detected PUPs and adware. DO NOT check anything found, and click Next.
• If any preinstalled software was detected on your device, a message notifies you that your action is requested. DO NOT check anything, and click Cancel to continue.
• Click the Log Files tab.
• Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
• A Notepad file will open containing the results of the removal.
• Please post the contents of the file in your next reply.

Note: Click Skip Basic Repair if you are asked to.


2. Run Malwarebytes (scan only)

• Download Malwarebytes and save it to your Desktop.
• Once downloaded, close all programs and Windows on your computer.
• Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
• Follow the instructions to install the program.
• When finished, double click the program's icon created on your Desktop.
• Click the little gear on the top right (Settings) and when it opens, click the General tab. Under the title Windows Security Center, make sure the option is disabled.
• Click the Scan and Detections tab and under the Scan options title, enable Scan for rootkits option. Do not change any other option.
• Return to the Dashboard and choose Scan.
• When finished, you will see the Threat Scan Summary window open.
• If threats are not found, click View Report and proceed to the two last steps below.
  
  If threats are found, make sure that all threats are not selected,close the program and proceed to the next steps below.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

 

 

 

In your next reply, please post:

• The AdwCleaner[S0*].txt
• The Malwarebytes report

[usernamenn]

I have attached the logs.

Attached Files

•  Malwarebytes Scan Report 2025-02-10 151506.txt   1.21KB   47 downloads
•  AdwCleanerS00.txt   2.13KB   43 downloads
•  AdwCleanerC00.txt   2.2KB   44 downloads

[DR M]

OK, you already performed the scan in clean mode, so we are a step forward.
 
Let's make another check with ESET online scanner.

ESET Online Scan

Download ESET Online Scanner and save it to your desktop.

• Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
• When the tool opens, click Get Started.
• Read and accept the license agreement.
• At the Welcome to ESET Online Scanner window, click Get Started.
• Select whether you would like to send anonymous data to ESET.
• Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
• Click on the Full Scan option.
• Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
• ESET will now begin scanning your computer. This may take some time.
• When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
• ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
• On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
• Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

[usernamenn]

ESET found no infected files

[usernamenn]

How do I uninstall ESET?

[usernamenn]

I am unable to find it in the apps list on windows.

[DR M]

Do not uninstall ESET or anything else, before we finish the cleaning procedure. 

 

Let's see fresh FRST logs now, please. Run the tool, as you did before, and attach for me the 2 logs to review. Make sure that you moved FRST tool from your Downloads folder on to the Desktop.