Tech Support banner

Status
Not open for further replies.
1 - 5 of 5 Posts

·
Registered
Joined
·
2 Posts
Discussion Starter · #1 ·
Hello, im new here and also im not from US/UK so sorry for my english.

Today i´ve got message from steam that my password and email has been changed, so i checked my Gmail and email were deleted to bin.

The thing is, that i have 2 phase security on my gmail, so its not possible to join from other computer.

And its true... When i checked active connection it literally says ´´this device XXXX is connected from russia´´ and that is strange because im from czech republic.

I tried malwarebytes search for virusues = 0
I tried windows defender = 0

also what is strange is before everything this happend i had to reset my bios to default bcz when i tried to start up it says i have no boot disk in my PC


Im running windows 10

Is here anyone who can help me to get rid of this, if its possibble without doing clean instalation and everyting?

Thank you very much!
 

·
Moderator , Security Team
Joined
·
1,126 Posts
Looking over your logs now.

This may take some time. I'll be back when I've finished.
 

·
Moderator , Security Team
Joined
·
1,126 Posts
No obvious signs of an active infection, however there are a few entries in your log that I'd like to investigate further, and a few questions that I need to ask you.

First .... Was it you who installed Team Viewer on your machine ?

Next ....Did you install IOBitUninstaller ... and have you uninstalled it, because I do not see it in your list of installed programs, but I do see remnants of it in your logs.

Next .... There are 3 Chrome extensions that I can find no reliable information for ....

CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Martin G\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Chrome Media Router) - C:\Users\Martin G\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-04]
CHR HKU\S-1-5-21-1215771508-622911918-1038150175-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
.... do you know what they are, and/or did you install them ?

Next ....

I want to check out some files at VirusTotal .....

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press Ctrl+y (Ctrl and y keys at the same time)
  • A blank randomly named .txt Notepad file will open.
  • Copy and paste the following into it (don't include Code: ) ....
Code:
VirusTotal: C:\Users\Martin G\Desktop\Throtlestop\ThrottleStop.exe;C:\Users\Martin G\AppData\Local\Programs\Blitz\Blitz.exe;C:\Users\Martin G\AppData\Local\Temp\ALSysIO64.sys;C:\WINDOWS\system32\drivers\HWiNFO64A_152.SYS;C:\Users\Martin G\AppData\Local\Temp\ThrottleStop.sys;C:\WINDOWS\temp\cpuz145\cpuz145_x64.sys

Cmd: ipconfig /flushdns
EmptyTemp:
Hosts:
  • Press Ctrl+s to save fixlist.txt
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log
 
1 - 5 of 5 Posts
Status
Not open for further replies.
Top