Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

ESET online scanner error 101

11K views 76 replies 5 participants last post by  iMacg3 
#1 ·
Hi,

I'm have for a while some issues with my HP laptop Windows 10 and I wanted to run ESET online scanner, I did in the past and was able to resolve some malware problems on my computer but I can't run it anymore now because it get stuck with the message "Unexpected error 101". Thanks for your help.

Serge
 
#44 ·
Hi Serge2012,

Sounds like one of the programs you installed was bundled with unwanted software.

Please do this:

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: select the 64 bit version
  • Right-click FRST64.exe then click "Run as administrator"
  • When the tool opens, click Yes to the disclaimer.
  • Press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste the logs in your next reply.
 
#45 ·
Hi Serge2012,

Sounds like one of the programs you installed was bundled with unwanted software.

Please do this:

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: select the 64 bit version
  • Right-click FRST64.exe then click "Run as administrator"
  • When the tool opens, click Yes to the disclaimer.
  • Press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste the logs in your next reply.
Hi iMacg3,

Here are the logs of the scans. I still have quite a few issues with my laptop especially some freezing and not responding "issues" on Internet but also on File Explorer. I even noticed that I can't view some information on some websites, it's doesn't display it anymore, weird... I also can't run any diagnostics in HP Support Assistant "Operating system troubleshooting, Display troubleshooting, etc...) the only one working seems to be "HP network check" and the connection status is good.

Serge
 

Attachments

#46 ·
Hi Serge2012,

---------------------------------------------------
CKScanner

Download CKScanner by askey127 from here

Important : Save it to your desktop.
  • Double-click CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

---------------------------------------------------
LicensingDiag

  • Click the Start button, and type Command Prompt in the search box.
  • Right-click on "Command Prompt" in the search results and select Run as Administrator
  • At the command prompt, copy and paste the following and press Enter
    Code:
    Licensingdiag.exe -report "%userprofile%\desktop\Report.txt" -log NUL
  • Once the command is complete, a file called Report.txt will be saved to your desktop. Please post its contents in your reply.

---------------------------------------------------

In your next reply, please include:
  • CKFiles.txt
  • Report.txt
 
#50 ·
Hi Serge2012,

There are some errors in the logs regarding your computer's hard drive. Please do the following:

---------------------------------------------------
GSmartControl

Download gsmartcontrol and save it to your desktop.
  • Extract the .zip file to your desktop. (Right-click the file, and select Extract)
  • Double-click on gsmartcontrol.exe
  • A list of hard drives will appear, single-click each disk to see Drive Information and identify your drive.
    note: most machines will only have one or two entries, but an easy way to identify your drive is by its size.
  • Double-click on the hard drive to see detailed Device Information
  • Click on the Attributes tab, do you see any red or pink entries like the ones below? Please list the names in your next reply if there are any.
  • Click on the Perform Tests tab.
  • Select Extended Self-Test and click Execute.
    note: this test can take several hours to run
  • Allow the test to complete, the results will be displayed at the bottom.
  • Please post the result of the scan in your next reply.
 
#51 ·
Hi iMacg3,

Here are the test logs. The Extended Self Test stopped at 90%. I also included the test log for the "Attributes" and I see "pre-failure" that doesn't sound to good.... I'll try to run it again and see if I can reach 100%.

Serge
 

Attachments

#56 ·
Looks like your hard drive is quite old and may not be performing that well. I would look into replacing it soon if possible, or at least create backups of your files elsewhere.

Currently going over your FRST logs and will get back to you as soon as possible with further instructions.
 
#57 ·
Hi Serge2012,

---------------------------------------------------
Farbar Recovery Scan Tool - Fix

  • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
    Code:
    Start::
    CreateRestorePoint:
    CloseProcesses:
    HKU\S-1-5-21-14076878-1770451862-2028005097-1002\...\Run: [Chromium] => "c:\users\serge\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
    
    c:\users\serge\appdata\local\chromium
    Task: {0C3880D8-1D99-4A56-BE38-47668A433534} - System32\Tasks\ChromiumUpdateTaskMachineCore => C:\Program Files (x86)\Chromium\Update\ChromiumUpdate.exe
    
    Task: {33072A7F-E691-4698-B941-FE3D73BDAFFE} - System32\Tasks\ChromiumUpdateTaskMachineUA => C:\Program Files (x86)\Chromium\Update\ChromiumUpdate.exe
    
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_anplw_20_10_ssg00&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0AzzyCzzyB0DyDzztCtDyCtB0C0BtCtN0D0Tzu0StBzyzzyCtN1L2XzuyEtFyCtCtFtDtFtCtBtBtN1L1Czu1BtCtN1L1G1B1V1N2Y1L1Qzu2StC0EyD0EtB0B0A0EtGyC0CtBtAtGtCtDtB0CtGtB0E0EyCtGzy0CyByEyD0A0DtCtBtDyEyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1Q1SzytDtBtCzy1RtGtBtCtBtCtGyE1QyEtDtG1S1P1QyEtG1Q1StB1R1Q1RtC1P1QtC1Q1R2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDzztAyEtDyEyDzyyC%26cr%3D1837206925%26a%3Dwsg_anplw_20_10_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
    HKU\S-1-5-21-14076878-1770451862-2028005097-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_anplw_20_10_ssg00&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0AzzyCzzyB0DyDzztCtDyCtB0C0BtCtN0D0Tzu0StBzyzzyCtN1L2XzuyEtFyCtCtFtDtFtCtBtBtN1L1Czu1BtCtN1L1G1B1V1N2Y1L1Qzu2StC0EyD0EtB0B0A0EtGyC0CtBtAtGtCtDtB0CtGtB0E0EyCtGzy0CyByEyD0A0DtCtBtDyEyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1Q1SzytDtBtCzy1RtGtBtCtBtCtGyE1QyEtDtG1S1P1QyEtG1Q1StB1R1Q1RtC1P1QtC1Q1R2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDzztAyEtDyEyDzyyC%26cr%3D1837206925%26a%3Dwsg_anplw_20_10_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_anplw_20_10_ssg00&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0AzzyCzzyB0DyDzztCtDyCtB0C0BtCtN0D0Tzu0StBzyzzyCtN1L2XzuyEtFyCtCtFtDtFtCtBtBtN1L1Czu1BtCtN1L1G1B1V1N2Y1L1Qzu2StC0EyD0EtB0B0A0EtGyC0CtBtAtGtCtDtB0CtGtB0E0EyCtGzy0CyByEyD0A0DtCtBtDyEyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1Q1SzytDtBtCzy1RtGtBtCtBtCtGyE1QyEtDtG1S1P1QyEtG1Q1StB1R1Q1RtC1P1QtC1Q1R2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDzztAyEtDyEyDzyyC%26cr%3D1837206925%26a%3Dwsg_anplw_20_10_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_anplw_20_10_ssg00&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0AzzyCzzyB0DyDzztCtDyCtB0C0BtCtN0D0Tzu0StBzyzzyCtN1L2XzuyEtFyCtCtFtDtFtCtBtBtN1L1Czu1BtCtN1L1G1B1V1N2Y1L1Qzu2StC0EyD0EtB0B0A0EtGyC0CtBtAtGtCtDtB0CtGtB0E0EyCtGzy0CyByEyD0A0DtCtBtDyEyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1Q1SzytDtBtCzy1RtGtBtCtBtCtGyE1QyEtDtG1S1P1QyEtG1Q1StB1R1Q1RtC1P1QtC1Q1R2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDzztAyEtDyEyDzyyC%26cr%3D1837206925%26a%3Dwsg_anplw_20_10_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_anplw_20_10_ssg00&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0AzzyCzzyB0DyDzztCtDyCtB0C0BtCtN0D0Tzu0StBzyzzyCtN1L2XzuyEtFyCtCtFtDtFtCtBtBtN1L1Czu1BtCtN1L1G1B1V1N2Y1L1Qzu2StC0EyD0EtB0B0A0EtGyC0CtBtAtGtCtDtB0CtGtB0E0EyCtGzy0CyByEyD0A0DtCtBtDyEyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1Q1SzytDtBtCzy1RtGtBtCtBtCtGyE1QyEtDtG1S1P1QyEtG1Q1StB1R1Q1RtC1P1QtC1Q1R2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDzztAyEtDyEyDzyyC%26cr%3D1837206925%26a%3Dwsg_anplw_20_10_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_anplw_20_10_ssg00&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0AzzyCzzyB0DyDzztCtDyCtB0C0BtCtN0D0Tzu0StBzyzzyCtN1L2XzuyEtFyCtCtFtDtFtCtBtBtN1L1Czu1BtCtN1L1G1B1V1N2Y1L1Qzu2StC0EyD0EtB0B0A0EtGyC0CtBtAtGtCtDtB0CtGtB0E0EyCtGzy0CyByEyD0A0DtCtBtDyEyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1Q1SzytDtBtCzy1RtGtBtCtBtCtGyE1QyEtDtG1S1P1QyEtG1Q1StB1R1Q1RtC1P1QtC1Q1R2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDzztAyEtDyEyDzyyC%26cr%3D1837206925%26a%3Dwsg_anplw_20_10_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-14076878-1770451862-2028005097-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_anplw_20_10_ssg00&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0AzzyCzzyB0DyDzztCtDyCtB0C0BtCtN0D0Tzu0StBzyzzyCtN1L2XzuyEtFyCtCtFtDtFtCtBtBtN1L1Czu1BtCtN1L1G1B1V1N2Y1L1Qzu2StC0EyD0EtB0B0A0EtGyC0CtBtAtGtCtDtB0CtGtB0E0EyCtGzy0CyByEyD0A0DtCtBtDyEyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1Q1SzytDtBtCzy1RtGtBtCtBtCtGyE1QyEtDtG1S1P1QyEtG1Q1StB1R1Q1RtC1P1QtC1Q1R2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDzztAyEtDyEyDzyyC%26cr%3D1837206925%26a%3Dwsg_anplw_20_10_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-14076878-1770451862-2028005097-1002 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fjnhltxzm_20_10_ssg94&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0AzzyCzzyB0DyDzztCtDyCtB0C0BtCtN0D0Tzu0StBzyzzyEtN1L2XzuyEtFyCtCtFtDtFtCtCtBtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyDzytC0E0Fzz0A0DtGtAtA0AzztGyDyD0CtBtGtCzytCzztG0EyBzytAtB0DzztDzytA0EtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1Q1SzytDtBtCzy1RtGtBtCtBtCtGyE1QyEtDtG1S1P1QyEtG1Q1StB1R1Q1RtC1P1QtC1Q1R2QtN0A0LzuyEtN1B2Z1V1T1S1NzutByDyCyEtBtN1Q2Z1B1P1RzutCyDzztAtByBtDtDtCyB%26cr%3D949342372%26a%3Dwbf_fjnhltxzm_20_10_ssg94%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    
    CHR HKLM\...\Chrome\Extension: [icmgebopaejnjlncllgmcenbbflikfjd]
    CHR HKU\S-1-5-21-14076878-1770451862-2028005097-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [icmgebopaejnjlncllgmcenbbflikfjd]
    CHR HKLM-x32\...\Chrome\Extension: [icmgebopaejnjlncllgmcenbbflikfjd]
    
    S1 SEGURAZOKD; \??\C:\Program Files (x86)\Segurazo\SegurazoKD.sys [X] <==== ATTENTION
    C:\Program Files (x86)\Segurazo
    
    2020-03-05 05:37 - 2020-03-05 10:35 - 000000000 ____D C:\Program Files (x86)\Chromium
    2020-03-05 05:37 - 2020-03-05 05:37 - 000003440 _____ C:\WINDOWS\system32\Tasks\ChromiumUpdateTaskMachineUA
    2020-03-05 05:37 - 2020-03-05 05:37 - 000003316 _____ C:\WINDOWS\system32\Tasks\ChromiumUpdateTaskMachineCore
    
    2020-03-03 16:36 - 2020-03-03 16:36 - 000000000 ____D C:\ProgramData\ByteFence
    2020-03-03 16:22 - 2020-03-03 16:22 - 000002341 _____ C:\Users\SERGE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
    2020-03-03 16:18 - 2020-03-03 16:22 - 000000000 ____D C:\Users\SERGE\AppData\Local\chromium
    2020-03-03 16:18 - 2020-03-03 16:18 - 000000000 ____D C:\WINDOWS\system32\Tasks\Fopucatuc
    2020-03-03 16:16 - 2020-03-05 05:37 - 000000000 ____D C:\ProgramData\{743B4807-5C13-307F-044B-1857ECA3C08F}
    2020-03-03 16:15 - 2020-03-05 05:38 - 000000000 ____D C:\Users\SERGE\AppData\Local\{721B4447-56B3-28FF-3B2B-0D171F43F18F}
    FirewallRules: [{399C9E4C-DB06-463B-810B-15C0CAA3816C}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE No File
    FirewallRules: [{A58C288F-1749-4E11-8D60-10D67531A23F}] => (Allow) C:\Users\SERGE\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) [File not signed]
    folder: C:\ProgramData\bagag
    EmptyTemp:
    End::
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
    Note: No need to paste the script into FRST.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.
 
#58 ·
Hi Serge2012,

---------------------------------------------------
Farbar Recovery Scan Tool - Fix

  • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
    Code:
    Start::
    CreateRestorePoint:
    CloseProcesses:
    HKU\S-1-5-21-14076878-1770451862-2028005097-1002\...\Run: [Chromium] => "c:\users\serge\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
    
    c:\users\serge\appdata\local\chromium
    Task: {0C3880D8-1D99-4A56-BE38-47668A433534} - System32\Tasks\ChromiumUpdateTaskMachineCore => C:\Program Files (x86)\Chromium\Update\ChromiumUpdate.exe
    
    Task: {33072A7F-E691-4698-B941-FE3D73BDAFFE} - System32\Tasks\ChromiumUpdateTaskMachineUA => C:\Program Files (x86)\Chromium\Update\ChromiumUpdate.exe
    
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_anplw_20_10_ssg00&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0AzzyCzzyB0DyDzztCtDyCtB0C0BtCtN0D0Tzu0StBzyzzyCtN1L2XzuyEtFyCtCtFtDtFtCtBtBtN1L1Czu1BtCtN1L1G1B1V1N2Y1L1Qzu2StC0EyD0EtB0B0A0EtGyC0CtBtAtGtCtDtB0CtGtB0E0EyCtGzy0CyByEyD0A0DtCtBtDyEyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1Q1SzytDtBtCzy1RtGtBtCtBtCtGyE1QyEtDtG1S1P1QyEtG1Q1StB1R1Q1RtC1P1QtC1Q1R2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDzztAyEtDyEyDzyyC%26cr%3D1837206925%26a%3Dwsg_anplw_20_10_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
    HKU\S-1-5-21-14076878-1770451862-2028005097-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_anplw_20_10_ssg00&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0AzzyCzzyB0DyDzztCtDyCtB0C0BtCtN0D0Tzu0StBzyzzyCtN1L2XzuyEtFyCtCtFtDtFtCtBtBtN1L1Czu1BtCtN1L1G1B1V1N2Y1L1Qzu2StC0EyD0EtB0B0A0EtGyC0CtBtAtGtCtDtB0CtGtB0E0EyCtGzy0CyByEyD0A0DtCtBtDyEyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1Q1SzytDtBtCzy1RtGtBtCtBtCtGyE1QyEtDtG1S1P1QyEtG1Q1StB1R1Q1RtC1P1QtC1Q1R2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDzztAyEtDyEyDzyyC%26cr%3D1837206925%26a%3Dwsg_anplw_20_10_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_anplw_20_10_ssg00&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0AzzyCzzyB0DyDzztCtDyCtB0C0BtCtN0D0Tzu0StBzyzzyCtN1L2XzuyEtFyCtCtFtDtFtCtBtBtN1L1Czu1BtCtN1L1G1B1V1N2Y1L1Qzu2StC0EyD0EtB0B0A0EtGyC0CtBtAtGtCtDtB0CtGtB0E0EyCtGzy0CyByEyD0A0DtCtBtDyEyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1Q1SzytDtBtCzy1RtGtBtCtBtCtGyE1QyEtDtG1S1P1QyEtG1Q1StB1R1Q1RtC1P1QtC1Q1R2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDzztAyEtDyEyDzyyC%26cr%3D1837206925%26a%3Dwsg_anplw_20_10_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_anplw_20_10_ssg00&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0AzzyCzzyB0DyDzztCtDyCtB0C0BtCtN0D0Tzu0StBzyzzyCtN1L2XzuyEtFyCtCtFtDtFtCtBtBtN1L1Czu1BtCtN1L1G1B1V1N2Y1L1Qzu2StC0EyD0EtB0B0A0EtGyC0CtBtAtGtCtDtB0CtGtB0E0EyCtGzy0CyByEyD0A0DtCtBtDyEyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1Q1SzytDtBtCzy1RtGtBtCtBtCtGyE1QyEtDtG1S1P1QyEtG1Q1StB1R1Q1RtC1P1QtC1Q1R2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDzztAyEtDyEyDzyyC%26cr%3D1837206925%26a%3Dwsg_anplw_20_10_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_anplw_20_10_ssg00&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0AzzyCzzyB0DyDzztCtDyCtB0C0BtCtN0D0Tzu0StBzyzzyCtN1L2XzuyEtFyCtCtFtDtFtCtBtBtN1L1Czu1BtCtN1L1G1B1V1N2Y1L1Qzu2StC0EyD0EtB0B0A0EtGyC0CtBtAtGtCtDtB0CtGtB0E0EyCtGzy0CyByEyD0A0DtCtBtDyEyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1Q1SzytDtBtCzy1RtGtBtCtBtCtGyE1QyEtDtG1S1P1QyEtG1Q1StB1R1Q1RtC1P1QtC1Q1R2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDzztAyEtDyEyDzyyC%26cr%3D1837206925%26a%3Dwsg_anplw_20_10_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_anplw_20_10_ssg00&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0AzzyCzzyB0DyDzztCtDyCtB0C0BtCtN0D0Tzu0StBzyzzyCtN1L2XzuyEtFyCtCtFtDtFtCtBtBtN1L1Czu1BtCtN1L1G1B1V1N2Y1L1Qzu2StC0EyD0EtB0B0A0EtGyC0CtBtAtGtCtDtB0CtGtB0E0EyCtGzy0CyByEyD0A0DtCtBtDyEyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1Q1SzytDtBtCzy1RtGtBtCtBtCtGyE1QyEtDtG1S1P1QyEtG1Q1StB1R1Q1RtC1P1QtC1Q1R2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDzztAyEtDyEyDzyyC%26cr%3D1837206925%26a%3Dwsg_anplw_20_10_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-14076878-1770451862-2028005097-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_anplw_20_10_ssg00&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0AzzyCzzyB0DyDzztCtDyCtB0C0BtCtN0D0Tzu0StBzyzzyCtN1L2XzuyEtFyCtCtFtDtFtCtBtBtN1L1Czu1BtCtN1L1G1B1V1N2Y1L1Qzu2StC0EyD0EtB0B0A0EtGyC0CtBtAtGtCtDtB0CtGtB0E0EyCtGzy0CyByEyD0A0DtCtBtDyEyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1Q1SzytDtBtCzy1RtGtBtCtBtCtGyE1QyEtDtG1S1P1QyEtG1Q1StB1R1Q1RtC1P1QtC1Q1R2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDzztAyEtDyEyDzyyC%26cr%3D1837206925%26a%3Dwsg_anplw_20_10_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-14076878-1770451862-2028005097-1002 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fjnhltxzm_20_10_ssg94&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0B0AzzyCzzyB0DyDzztCtDyCtB0C0BtCtN0D0Tzu0StBzyzzyEtN1L2XzuyEtFyCtCtFtDtFtCtCtBtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyDzytC0E0Fzz0A0DtGtAtA0AzztGyDyD0CtBtGtCzytCzztG0EyBzytAtB0DzztDzytA0EtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1Q1SzytDtBtCzy1RtGtBtCtBtCtGyE1QyEtDtG1S1P1QyEtG1Q1StB1R1Q1RtC1P1QtC1Q1R2QtN0A0LzuyEtN1B2Z1V1T1S1NzutByDyCyEtBtN1Q2Z1B1P1RzutCyDzztAtByBtDtDtCyB%26cr%3D949342372%26a%3Dwbf_fjnhltxzm_20_10_ssg94%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    
    CHR HKLM\...\Chrome\Extension: [icmgebopaejnjlncllgmcenbbflikfjd]
    CHR HKU\S-1-5-21-14076878-1770451862-2028005097-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [icmgebopaejnjlncllgmcenbbflikfjd]
    CHR HKLM-x32\...\Chrome\Extension: [icmgebopaejnjlncllgmcenbbflikfjd]
    
    S1 SEGURAZOKD; \??\C:\Program Files (x86)\Segurazo\SegurazoKD.sys [X] <==== ATTENTION
    C:\Program Files (x86)\Segurazo
    
    2020-03-05 05:37 - 2020-03-05 10:35 - 000000000 ____D C:\Program Files (x86)\Chromium
    2020-03-05 05:37 - 2020-03-05 05:37 - 000003440 _____ C:\WINDOWS\system32\Tasks\ChromiumUpdateTaskMachineUA
    2020-03-05 05:37 - 2020-03-05 05:37 - 000003316 _____ C:\WINDOWS\system32\Tasks\ChromiumUpdateTaskMachineCore
    
    2020-03-03 16:36 - 2020-03-03 16:36 - 000000000 ____D C:\ProgramData\ByteFence
    2020-03-03 16:22 - 2020-03-03 16:22 - 000002341 _____ C:\Users\SERGE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
    2020-03-03 16:18 - 2020-03-03 16:22 - 000000000 ____D C:\Users\SERGE\AppData\Local\chromium
    2020-03-03 16:18 - 2020-03-03 16:18 - 000000000 ____D C:\WINDOWS\system32\Tasks\Fopucatuc
    2020-03-03 16:16 - 2020-03-05 05:37 - 000000000 ____D C:\ProgramData\{743B4807-5C13-307F-044B-1857ECA3C08F}
    2020-03-03 16:15 - 2020-03-05 05:38 - 000000000 ____D C:\Users\SERGE\AppData\Local\{721B4447-56B3-28FF-3B2B-0D171F43F18F}
    FirewallRules: [{399C9E4C-DB06-463B-810B-15C0CAA3816C}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE No File
    FirewallRules: [{A58C288F-1749-4E11-8D60-10D67531A23F}] => (Allow) C:\Users\SERGE\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) [File not signed]
    folder: C:\ProgramData\bagag
    EmptyTemp:
    End::
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
    Note: No need to paste the script into FRST.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.
Hi iMacg3,

Thanks for your message. Sorry I couldn't reply earlier. I try Fix It several times but the message pop out "No fixlist.txt found. The fixlist.txt should be in the same folder/directory the tool is located.

Serge
 
#61 ·
Hi Serge2012,

Please run a new scan with FRST and copy/paste both logs into your reply.
Hi iMacg3,

Here are the new logs. My laptop seems to be working better but I have to do more tests. And this morning when I turned it on my Windows Defender didn't start I had a hard time to make it start again, also I can't open the volume icon on the taskbar.

Serge
 

Attachments

#65 ·
Hi Serge2012,

---------------------------------------------------
Farbar Recovery Scan Tool - Fix

  • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
    Code:
    Start::
    CreateRestorePoint:
    CloseProcesses:
    Task: {83661AFC-C066-4A36-8DA4-492825D8CEEA} - \Fopucatuc\{33A0EFCB-B04A-AAF9-EDB2-277874211C8E} -> No File <==== ATTENTION
    S3 esihdrv; \??\C:\Users\SERGE\AppData\Local\Temp\esihdrv.sys [X] <==== ATTENTION
    2020-03-14 06:18 - 2020-03-14 06:18 - 000161953 _____ () C:\Users\SERGE\AppData\Roaming\Fabosefihep
    HKU\S-1-5-21-14076878-1770451862-2028005097-1002\...\StartupApproved\Run: => "Chromium"
    End::
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
    Note: No need to paste the script into FRST.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.

---------------------------------------------------
Emsisoft Emergency Kit

Download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).
  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When update is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning.
  • When the scan is completed click Quarantine selected objects. Note, this option is only available if malicious objects were detected during the scan.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop and post the contents in your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.
 
#66 ·
Hi iMacg3,

Thanks for your reply. Here are both logs. I've just noticed after I ran the Emsisoft scan that there was something about PDFLite "Pup", I've been using PDFLite to read some magazines and old comics for a while now and I've never had any problems with this software, I'd really like to keep it if there's no risk with it. Something else, my browser froze earlier this morning and when I tried to open it again I got the message "dllhost.exe system error - the system detected an overrun of a stack-based buffer....".

Thanks,

Serge
 

Attachments

#71 ·
Hi Serge2012,

None of the items cleaned by Emsisoft should've caused that. Please run a new FRST scan and post both reports in your reply.
iMacg3

I send you the new logs. My laptop was working fine this morning but I started other freezing issues during the day. I open I-Tunes and then minimized it and after I wasn't able to open it when I click on the taskbar. I even had some problems to run the scan with FRST as it wasn't responding several times...

Serge
 

Attachments

#73 ·
These issues don't appear to be caused by malware. I recommend you post in the Windows 10 forum for assistance.

https://forums.techguy.org/forums/windows-10.102/

Let me know if you have any questions before I post instructions to remove the tools used and some advice about keeping your computer safe on the Internet.
 
#75 ·
I can't be certain that the hard drive is the cause of the problems. While the HD is old and may not be in perfect shape, the issues could be caused by other problems with the operating system.
Those who help in the Windows 10 forum have more experience in troubleshooting these types of issues.
 
#76 ·
Hi iMacg3,

Thanks for your reply. Ok so I will make a list of all the issues I have with my laptop and will post in the Windows 10 forum this time. I want to thank you for help and patience and wish you and your family good health during this pandemic.

Serge
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top