1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved Black Screen with Cmd Prompt after boot up (win 10)

Discussion in 'Virus & Other Malware Removal' started by Imp777, Mar 9, 2019.

Thread Status:
Not open for further replies.
Advertisement
  1. Imp777

    Imp777 Thread Starter

    Joined:
    Mar 9, 2019
    Messages:
    9
    Hello, my problem is that after booting my computer (win 10 64bit) I normally log into my account but then instead of my normal screen with icon appears a black screen on both monitors with cmd window running. I can get into task manager through ctrl-alt-del then run explorer and use my computer normally (I'm writing this thread on it). But everytime I start or restart the computer, the black screen appears again. It might come from a cracked game I downloaded, but I have updated AVG business edition and I have run deep scan and it found nothing. When I go into msconfig to set it to normal bootup it sets itself into selective bootup everytime. Thanks for every response.
     
  2. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    505
    Welcome to the Tech Support Guy malware removal forum.
    I'm iMacg3 and will be helping you.

    Please keep the following information in mind before we begin:
    • Do not run any fixes or tools on your system unless I request that you do so.
    • Please read all instructions carefully, and complete them in the order listed.
    • If your computer seems to start working normally, please don't abandon the topic. Just because your computer doesn't seem to have a problem doesn't mean that it isn't infected.
    • If you have pirated or illegal software on your computer, uninstall it now before proceeding.
    • If you have questions about anything, please ask.


    --------------------


    Download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Right-click FRST/FRST64 and select Run as administrator. (Windows XP users double-click on the file).
    • If you receive a SmartScreen alert, click More Info, then Run Anyway.
    • When the tool opens, click Yes to the disclaimer.
    • Press the Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The tool will also produce another log (Addition.txt ). Please attach this to your reply.

    Note - FRST.txt and Addition.txt are saved to the same location as FRST/FRST64.
     
  3. Imp777

    Imp777 Thread Starter

    Joined:
    Mar 9, 2019
    Messages:
    9
    Here it is
     

    Attached Files:

  4. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    505
    Hi,

    Do you use Mail.ru?

    Press the Windows Key + R. This will open the Run box.
    Type Notepad and click OK.

    Copy the contents of the below code box to the new file:

    Code:
    Start
    
    CreateRestorePoint:
    EmptyTemp:
    CloseProcesses:
    
    HKU\S-1-5-21-2167430826-2506375391-3483579542-1001\...\Winlogon: [Shell] %comspec% <==== ATTENTION
    HKU\S-1-5-21-2167430826-2506375391-3483579542-1001\...\Command Processor: @mode 20,5 & tasklist /FI "IMAGENAME eq SoundMixer.exe" 2>NUL | find /I /N "SoundMixer.exe">NUL && exit & if exist ( start /MIN "" & tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) else ( tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) <==== ATTENTION
    GroupPolicy: Restriction ? <==== ATTENTION
    GroupPolicy\User: Restriction ? <==== ATTENTION
    
    BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll => No File
    BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll => No File
    Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll No File
    Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll No File
    
    S3 GPUZ; \??\C:\Users\jakub\AppData\Local\Temp\GPUZ.sys [X] <==== ATTENTION
    
    CustomCLSID: HKU\S-1-5-21-2167430826-2506375391-3483579542-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\jakub\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2167430826-2506375391-3483579542-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\jakub\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2167430826-2506375391-3483579542-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\jakub\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => No File
    ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
    ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
    ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
    ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
    ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
    ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
    ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
    ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
    
    Task: {655C2711-E06C-4B37-82AE-F7CAFB445DC4} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    
    AlternateDataStreams: C:\Users\Public\AppData:CSM [486]
    AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [462]
    
    FirewallRules: [UDP Query User{BCB29786-CC2E-4D8F-9B5D-BEA8806BBAD8}D:\hry\league of legends\rads\projects\league_client\releases\0.0.0.141\deploy\leagueclient.exe] => (Allow) D:\hry\league of legends\rads\projects\league_client\releases\0.0.0.141\deploy\leagueclient.exe No File
    FirewallRules: [TCP Query User{CD5857A3-1868-4FEB-AF6D-53C5C2CB5021}D:\hry\league of legends\rads\projects\league_client\releases\0.0.0.141\deploy\leagueclient.exe] => (Allow) D:\hry\league of legends\rads\projects\league_client\releases\0.0.0.141\deploy\leagueclient.exe No File
    FirewallRules: [UDP Query User{DE063867-F33F-440E-B681-1EE4865938F8}D:\hry\league of legends\rads\projects\league_client\releases\0.0.0.134\deploy\leagueclient.exe] => (Allow) D:\hry\league of legends\rads\projects\league_client\releases\0.0.0.134\deploy\leagueclient.exe No File
    FirewallRules: [TCP Query User{2A57E60A-32F4-4636-96AB-B77F013C2153}D:\hry\league of legends\rads\projects\league_client\releases\0.0.0.134\deploy\leagueclient.exe] => (Allow) D:\hry\league of legends\rads\projects\league_client\releases\0.0.0.134\deploy\leagueclient.exe No File
    FirewallRules: [UDP Query User{39EBA4B8-4A45-437C-A997-F063BBCA327E}D:\games\kingdom come deliverance\bin\win64\kingdomcome.exe] => (Allow) D:\games\kingdom come deliverance\bin\win64\kingdomcome.exe No File
    FirewallRules: [TCP Query User{BF2F3FAC-4441-404D-AABD-DD9DB94D084C}D:\games\kingdom come deliverance\bin\win64\kingdomcome.exe] => (Allow) D:\games\kingdom come deliverance\bin\win64\kingdomcome.exe No File
    FirewallRules: [UDP Query User{2E57E17D-BEEF-4AE6-884E-6B49687FB8CF}D:\hry\lol pbe\rads\projects\league_client\releases\0.0.1.158\deploy\leagueclient.exe] => (Allow) D:\hry\lol pbe\rads\projects\league_client\releases\0.0.1.158\deploy\leagueclient.exe No File
    FirewallRules: [TCP Query User{8AA30118-3EC7-4C5F-8B99-B4650F3FFBC5}D:\hry\lol pbe\rads\projects\league_client\releases\0.0.1.158\deploy\leagueclient.exe] => (Allow) D:\hry\lol pbe\rads\projects\league_client\releases\0.0.1.158\deploy\leagueclient.exe No File
    FirewallRules: [UDP Query User{255A4D71-EE9B-4BDC-856E-944371BBD210}D:\hry\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe] => (Allow) D:\hry\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe No File
    FirewallRules: [TCP Query User{083705F1-EBA8-4582-958A-CA6B566559E6}D:\hry\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe] => (Allow) D:\hry\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe No File
    FirewallRules: [UDP Query User{126E33B6-F4D7-4AAB-9AB4-06A7129D5F62}D:\hry\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe] => (Allow) D:\hry\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe No File
    FirewallRules: [TCP Query User{DFBAAA07-9DF8-4B56-A414-11D3DC6F739C}D:\hry\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe] => (Allow) D:\hry\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe No File
    FirewallRules: [{9CBC85E3-D788-4D4F-9908-5D90A1E512EF}] => (Allow) D:\Hry\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe No File
    FirewallRules: [{000DB25F-2B38-40FE-BE96-593FE3B4694D}] => (Allow) D:\Hry\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe No File
    FirewallRules: [{6B1F4FFF-B38C-4CD4-AC1D-03F39AFB2D9C}] => (Allow) D:\Hry\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe No File
    FirewallRules: [{59695220-D15E-4BCD-A4F7-6889ACBDA006}] => (Allow) D:\Hry\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe No File
    FirewallRules: [{C0F085EC-E30E-46E0-BF30-D5576F7203CC}] => (Allow) D:\Hry\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
    FirewallRules: [{B87815E6-C8EF-4BA0-8558-6DAC400D1323}] => (Allow) D:\Hry\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
    FirewallRules: [{09EAD90C-E453-4AAE-92CA-C7C81BC26ADC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe No File
    FirewallRules: [{687AC2F4-E5D5-45EF-8162-17CA7E21B428}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe No File
    FirewallRules: [{BE8235F2-662F-493B-AB62-2976E517F301}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe No File
    FirewallRules: [{3747F83C-8E13-4D90-A68A-F64A5141F5DA}] => (Allow) C:\Users\jakub\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\bin\BlackDesert32.exe No File
    FirewallRules: [{6BCDE68A-FA00-4726-A4C4-0DFB1F589824}] => (Allow) C:\Users\jakub\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\bin64\BlackDesert64.exe No File
    FirewallRules: [{4E9F3FB4-22F6-469F-A092-5497291ABEAC}] => (Allow) C:\Users\jakub\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\BlackDesert_Launcher.exe No File
    FirewallRules: [{FB79A05F-E17E-4F04-BEC0-8DF371743607}] => (Allow) C:\Users\jakub\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\BlackDesert_Downloader.exe No File
    FirewallRules: [TCP Query User{3E6C5755-436B-47F0-9B8A-1C6E0BC91E01}D:\hry\league of legends\rads\projects\league_client\releases\0.0.0.144\deploy\leagueclient.exe] => (Allow) D:\hry\league of legends\rads\projects\league_client\releases\0.0.0.144\deploy\leagueclient.exe No File
    FirewallRules: [UDP Query User{8D44FE7B-973E-4B39-83FE-5F276D774A27}D:\hry\league of legends\rads\projects\league_client\releases\0.0.0.144\deploy\leagueclient.exe] => (Allow) D:\hry\league of legends\rads\projects\league_client\releases\0.0.0.144\deploy\leagueclient.exe No File
    
    End
    Click on File > Save as. Save the file as fixlist.txt to the same location as FRST.
    The location is in the 3rd line of the FRST.txt log you posted.
    Run FRST/FRST64 and click on Fix.
    When the fix is complete the tool will create a log in the same directory as FRST. (Fixlog.txt) Please post the log in your next reply.
     
  5. Imp777

    Imp777 Thread Starter

    Joined:
    Mar 9, 2019
    Messages:
    9
    Although it cleared my chrome cache so I had to log in back to everything, my computer reset after finishing the fix and the black screen was no more there! it normally booted! I'm attaching the fixlog, tell me if I need to do anything further to get rid of this. And to your question, I'm definitely not using mail.ru .
     

    Attached Files:

  6. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    505
    Hi,

    Please run a new scan with FRST and attach both logs to your reply. (FRST.txt and Addition.txt)
     
  7. Imp777

    Imp777 Thread Starter

    Joined:
    Mar 9, 2019
    Messages:
    9
    Here it is
     

    Attached Files:

  8. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    505
    Hi,

    Uninstall a Chrome Extension

    Type chrome://extensions in the address bar and press Enter.
    Click the trash can icon next to the following extension(s):

    Визуальные Закладки Mail.Ru
    Домашняя страница Mail.Ru


    A confirmation dialog will appear. Click Remove.

    -----------------------

    We need to run a fix with FRST:

    • Please download the attached fixlist.txt file and save it to the same location as FRST
      Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
      NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
    • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
    • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
     

    Attached Files:

  9. Imp777

    Imp777 Thread Starter

    Joined:
    Mar 9, 2019
    Messages:
    9
    Hello, all went well, I removed the extensions- there were actually 3 russian extenstions so I removed them all. Attaching the fixlog, thanks,
     

    Attached Files:

  10. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    505
    Hi,

    #1 - Download AdwCleaner and save it to your Desktop.
    • Right-click on AdwCleaner.exe and select Run as Administrator
    • Accept the EULA (I accept), then click on Scan.
    • Let the scan complete. If no objects are detected, close the AdwCleaner window.
    • If any objects are detected, make sure that all the boxes are checked and click on the Clean and Repair button.
    • Once the cleaning process is complete, AdwCleaner will ask to restart your computer. Allow it to do so.
    • After the restart, an AdwCleaner window will open. Click on View Log File, and the log will open in notepad. Copy and paste the contents of the log into your next reply.

    Note: the AdwCleaner log is also saved to C:\AdwCleaner\Logs\AdwCleaner[CXX].txt (where XX is two numbers).

    -----------------

    #2 - Download ESET Online Scanner and save it to your desktop.
    • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
    • Click on Get Started.
    • Another window will appear - select Get Started. Select whether you would like to send anonymous data to ESET.
    • Click on the Full Scan option.
    • Click on the option to Enable ESET to detect and remove potentially unwanted applications, and select Start scan.
    • ESET will now begin scanning your computer. This may take some time.
    • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop with a name like ESETlog.txt. Click on Continue.
    • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
    • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
    • On your desktop, a file will be created called ESETlog.txt. Open it, then copy and paste its contents into your next reply.

    -----------------

    #3 - New FRST scan
    • Right-click on FRST/FRST64 and click Run as Administrator
    • Click on Scan. Once the scan is complete, Notepad will open with the scan logs. (FRST.txt and Addition.txt)
    • Attach FRST.txt and Addition.txt to your next reply.

    -----------------

    In your next reply, please include:
    • AdwCleaner log
    • ESET log
    • FRST.txt/Addition.txt
     
  11. Imp777

    Imp777 Thread Starter

    Joined:
    Mar 9, 2019
    Messages:
    9
    Hello
    Copypasting the adwcleaner scan:
    # -------------------------------
    # Malwarebytes AdwCleaner 7.2.7.0
    # -------------------------------
    # Build: 01-30-2019
    # Database: 2019-03-04.3 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Clean
    # -------------------------------
    # Start: 03-10-2019
    # Duration: 00:00:01
    # OS: Windows 10 Home
    # Cleaned: 17
    # Failed: 0
    ***** [ Services ] *****
    No malicious services cleaned.
    ***** [ Folders ] *****
    Deleted C:\Users\jakub\AppData\Roaming\DriverAgentPlus
    ***** [ Files ] *****
    Deleted C:\Users\jakub\AppData\Roaming\Mozilla\Firefox\Profiles\8g7xlko5.default-1495197696770\SEARCHPLUGINS\MAILRU.XML
    Deleted C:\Users\jakub\Favorites\Mail.Ru.url
    Deleted C:\Users\jakub\Favorites\Mail.Ru ????? - ????????? ??? ???????!.url
    Deleted C:\Users\jakub\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk
    ***** [ DLL ] *****
    No malicious DLLs cleaned.
    ***** [ WMI ] *****
    No malicious WMI cleaned.
    ***** [ Shortcuts ] *****
    No malicious shortcuts cleaned.
    ***** [ Tasks ] *****
    No malicious tasks cleaned.
    ***** [ Registry ] *****
    Deleted HKCU\Software\ESUPPORT.COM\DriverAgent Plus
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|MailRuUpdater
    Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AE298D-7E8A-4F53-BE55-15D2B065F6C0}
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8E8F97CD-60B5-456F-A201-73065652D099}
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E8F97CD-60B5-456F-A201-73065652D099}
    Deleted HKLM\Software\Classes\Prod.cap
    Deleted HKCU\Software\Xpom
    Deleted HKCU\Software\Google\Chrome\NativeMessagingHosts\ru.mail.go.ext_info_host
    Deleted HKLM\Software\Classes\IESearchPlugin.MailRuBHO
    Deleted HKCU\Software\Amigo
    ***** [ Chromium (and derivatives) ] *****
    Deleted ?????????? ???????? Mail.Ru
    Deleted ????? Mail.Ru
    ***** [ Chromium URLs ] *****
    No malicious Chromium URLs cleaned.
    ***** [ Firefox (and derivatives) ] *****
    No malicious Firefox entries cleaned.
    ***** [ Firefox URLs ] *****
    No malicious Firefox URLs cleaned.
    *************************
    [+] Delete Tracing Keys
    [+] Reset Winsock
    *************************
    AdwCleaner[S00].txt - [2710 octets] - [10/03/2019 19:05:22]
    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

    I accidentally missclicked and didn't save the log from ESET but I know it found 5 threats and terminated them. :/

    FRST and addition are attached, thanks for your time.
     

    Attached Files:

  12. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    505
    Hi,

    We'll remove a remnant of Mail.ru with this FRST fix.


    Press the Windows Key + R. This will open the Run box.
    Type Notepad and click OK.

    Copy the contents of the below code box to the new file:

    Code:
    Start
    CHR StartupUrls: Default -> "hxxp://mail.ru/cnt/10445?gp=811013"
    ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
    ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
    ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
    ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
    ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
    ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
    ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
    ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
    FirewallRules: [UDP Query User{42078C49-AB17-4AD8-90F5-620CA0C02C80}C:\users\jakub\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\jakub\appdata\roaming\utorrent\utorrent.exe No File
    FirewallRules: [TCP Query User{CED3FE10-46AA-46F2-9084-435166F1BF4C}C:\users\jakub\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\jakub\appdata\roaming\utorrent\utorrent.exe No File
    End
    Click on File > Save as. Save the file as fixlist.txt to the same location as FRST.
    The location is in the 3rd line of the FRST.txt log you posted.
    Run FRST/FRST64 and click on Fix.
    When the fix is complete the tool will create a log in the same directory as FRST. (Fixlog.txt) Please post the log in your next reply.
     
  13. Imp777

    Imp777 Thread Starter

    Joined:
    Mar 9, 2019
    Messages:
    9
    Hello, here is the fixlog after applying the fix.
     

    Attached Files:

  14. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    505
    Hi,

    Update Java
    • Click here then click Verify Java version
    • If you are notified your Java version is out of date click Update (recommended)
    • Click Agree and Start Free Java Download
    • Save jxpiinstall.exe to your desktop
    • Double click the icon then click Install
    • Uncheck all optional offers
    • Click Next
    • Once completed you should be notified You have successfully installed Java
    • If Java notifies you older versions of the program need to be removed check each of the versions and click Uninstall
    • Verify the older version(s) was uninstalled then click Next
    • Click Close
    Let me know how the computer is doing.
     
  15. Imp777

    Imp777 Thread Starter

    Joined:
    Mar 9, 2019
    Messages:
    9
    Hello,
    Well I could not do it the way you've written, because it said: "We are unable to verify if Java is currently installed and enabled in your browser." but I have downloaded the latest version nonetheless and installed it, removing one outdated Java version. The computer is doing fine, starts up completely normal, no disfunctions or unwanted chrome extentions occured. Thank you for your help so far, it was great and easy to follow.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1224211

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice