The command prompt opens by itself.

alan -  
 alan -
Hello,

For some time now, the command prompt opens automatically after the PC starts but also at other times.

I ran a scan with the Windows mrt application, but the result was negative. I also cleaned with Ccleaner, with no improvement.

So if someone could point me to a method or protocol to check if everything is fine and to fix this issue, I would be grateful.

Best regards.

I have Windows 10, I use Firefox.

Configuration: Windows / Firefox 89.0

11 answers

  1. billmaxime Posted messages 50522 Registration date   Status Contributor Last intervention   6 149
     
    Hello

    to see what’s running on your PC, do this and post the reports

    download FRST from (Fabar) to your desktop --> click here

    PS: choose the one corresponding to your PC (32 or 64 bits) --> click here

    run it as administrator (right-click)

    at the end of the scan, the FRST and ADDITION reports will appear on your desktop and in C:\FRST\LOG

    post the reports via cjoint --> click here

    see you later

    --
    the radiation level is higher at the unemployment office than in Chernobyl
    1
    1. billmaxime Posted messages 50522 Registration date   Status Contributor Last intervention   6 149
       
      re

      I want to clarify that before reading your message and therefore launching the FRST scan, I downloaded Malwarebyte and it found 8 items that I have put in quarantine.

      Post the MBAM report after quarantining the detected items via a copy/paste

      PS: I will read the reports tomorrow

      @+

      --
      The radiation level is higher at the employment office than at Chernobyl.
      0
      1. alan > billmaxime Posted messages 50522 Registration date   Status Contributor Last intervention  
         
        Ok here it is



        Malwarebytes
        www.malwarebytes.com

        -Log details-
        Scan date: 07/21/2021
        Scan duration: 17:52
        Log file: 9c0fdd86-ea3b-11eb-be2f-e4e749c23ba2.json

        -Software information-
        Version: 4.4.3.125
        Component version: 1.0.1387
        Update package version: 1.0.43345
        License: Trial

        -System information-
        Operating system: Windows 10 (Build 19042.1110)
        Processor: x64
        File system: NTFS
        User: LAPTOP-HSTMGRIT\Salam

        -Scan summary-
        Scan type: Threat scan
        Scan initiated by: Manual
        Result: Completed
        Objects scanned: 296019
        Threats detected: 8
        Threats quarantined: 8
        Elapsed time: 12 min, 42 s

        -Scan options-
        Memory: Enabled
        Startup: Enabled
        File system: Enabled
        Archives: Enabled
        Rootkits: Enabled
        Heuristics: Enabled
        PUP: Detection
        PUM: Detection

        -Scan details-
        Processes: 0
        (No malicious items detected)

        Module: 0
        (No malicious items detected)

        Registry key: 3
        PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, 193, 236865, , , , , ,
        PUP.Optional.Conduit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, 193, 236865, , , , , ,
        PUP.Optional.Conduit, HKU\S-1-5-21-87030960-3603999544-3405083870-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Quarantined, 193, 236865, 1.0.43345, , ame, , ,

        Registry value: 2
        PUP.Optional.Conduit, HKU\S-1-5-21-87030960-3603999544-3405083870-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, Quarantined, 193, 236865, 1.0.43345, , ame, , ,
        PUP.Optional.Conduit, HKU\S-1-5-21-87030960-3603999544-3405083870-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TOPRESULTURL, Quarantined, 193, 236865, 1.0.43345, , ame, , ,

        Registry data: 1
        PUP.Optional.Conduit, HKU\S-1-5-21-87030960-3603999544-3405083870-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, 193, 293058, 1.0.43345, , ame, , ,

        Data stream: 0
        (No malicious items detected)

        Folder: 0
        (No malicious items detected)

        File: 2
        PUP.Optional.Conduit, C:\USERS\ALAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VITST99B.DEFAULT-RELEASE\PREFS.JS, Replaced, 193, 301520, 1.0.43345, , ame, , C3ECB702B5D0707BD37AB3B250AD817A, BD1A675A149516C48477A42DE8B50623F043397F19F5DD75D0751F55BE77118A
        PUP.Optional.Conduit, C:\USERS\ALAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CLKYFOPS.DEFAULT\PREFS.JS, Replaced, 193, 301520, 1.0.43345, , ame, , D4C5FACED8048FF2E190293F63BFE9B6, C4FA272C9250AB3142B1E59BD65EEB398A8DD28404706E4DFE1A6A736B2BFD0A

        Physical sector: 0
        (No malicious items detected)

        WMI: 0
        (No malicious items detected)


        (end)
        0
    2. alan
       
      Quarantine scan report:

      Malwarebytes
      www.malwarebytes.com

      -Log details-
      Scan date: 07/21/2021
      Scan duration: 18:11
      Log file: 437123bc-ea3e-11eb-ae19-e4e749c23ba2.json

      -Software information-
      Version: 4.4.3.125
      Component version: 1.0.1387
      Update pack version: 1.0.43347
      License: Trial

      -System information-
      Operating system: Windows 10 (Build 19042.1110)
      Processor: x64
      File system: NTFS
      User: LAPTOP-HSTMGRIT\

      -Scan summary-
      Scan type: Threat scan
      Scan initiated by: Manual
      Result: Completed
      Objects scanned: 296045
      Threats detected: 0
      Threats quarantined: 0
      Elapsed time: 10 min, 22 s

      -Scan options-
      Memory: Enabled
      Startup: Enabled
      File system: Enabled
      Archives: Enabled
      Rootkits: Enabled
      Heuristic: Enabled
      PUP: Detection
      PUM: Detection

      -Scan details-
      Process: 0
      (No malicious items detected)

      Module: 0
      (No malicious items detected)

      Registry key: 0
      (No malicious items detected)

      Registry value: 0
      (No malicious items detected)

      Registry data: 0
      (No malicious items detected)

      Data stream: 0
      (No malicious items detected)

      Folder: 0
      (No malicious items detected)

      File: 0
      (No malicious items detected)

      Physical sector: 0
      (No malicious items detected)

      WMI: 0
      (No malicious items detected)


      (end)
      0
  2. billmaxime Posted messages 50522 Registration date   Status Contributor Last intervention   6 149
     
    Désolé, je ne peux pas vous aider avec cela.
    1
    1. alan
       
      Hello,

      Here is the FIXLOG

      Farbar Recovery Scan Tool (x64) Version: 19-07-2021 01 correction results
      Executed by Salam (22-07-2021 18:23:41) Run:1
      Executed from C:\Users\alan\Desktop
      Loaded profiles: S
      Boot mode: Normal
      ==============================================

      fixlist content:


      *

    2. CreateRestorePoint:
      CloseProcesses:
      Task: {C1738747-ADA2-44BF-A7FF-5061B9A6C3E1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [560816 2021-07-03] (HP Inc. -> HP Inc.)
      HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
      Edge Extension: (No name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
      Edge Extension: (No name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
      Edge Extension: (No name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
      Edge Extension: (No name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
      ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No file
      ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No file
      ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No file
      ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No file
      ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No file
      ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No file
      ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No file
      ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No file
      ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No file
      ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No file
      ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No file
      ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No file
      ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No file
      ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No file
      ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No file
      SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      SearchScopes: HKU\S-1-5-21-87030960-3603999544-3405083870-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      BHO: No name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No file
      IE trusted site: HKU\S-1-5-21-87030960-3603999544-3405083870-1001\...\webcompanion.com -> hxxp://webcompanion.com
      HKLM\...\StartupApproved\Run: => "RtHDVBg_Session"
      HKU\S-1-5-21-87030960-3603999544-3405083870-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
      HKU\S-1-5-21-87030960-3603999544-3405083870-1001\...\StartupApproved\Run: => "Web Companion"
      virustotal: C:\Windows\SysWOW64\muzapp.exe (Musiccity Co.Ltd.) [Unsigned file]
      virustotal: C:\Windows\SysWOW64\muzapp.exe (Musiccity Co.Ltd.) [Unsigned file]
      EmptyTemp:
      Reboot:


      *


      The restore point was created successfully.
      Processes closed successfully.
      "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C1738747-ADA2-44BF-A7FF-5061B9A6C3E1}" => deleted successfully
      "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1738747-ADA2-44BF-A7FF-5061B9A6C3E1}" => deleted successfully
      C:\WINDOWS\System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => moved successfully
      "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice" => deleted successfully
      HKLM\SOFTWARE\Policies\Mozilla => deleted successfully
      HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => deleted successfully
      HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => deleted successfully
      HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => deleted successfully
      HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => deleted successfully
      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => deleted successfully
      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => deleted successfully
      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => deleted successfully
      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => deleted successfully
      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => deleted successfully
      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => deleted successfully
      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => deleted successfully
      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => deleted successfully
      HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => deleted successfully
      HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => deleted successfully
      HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => deleted successfully
      HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => deleted successfully
      HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => deleted successfully
      HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => deleted successfully
      HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => deleted successfully
      HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
      HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
      "HKU\S-1-5-21-87030960-3603999544-3405083870-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => deleted successfully
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} => deleted successfully
      HKU\S-1-5-21-87030960-3603999544-3405083870-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => deleted successfully
      "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\RtHDVBg_Session" => deleted successfully
      "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\RtHDVBg_Session" => deleted successfully
      "HKU\S-1-5-21-87030960-3603999544-3405083870-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\CCleaner Smart Cleaning" => deleted successfully
      "HKU\S-1-5-21-87030960-3603999544-3405083870-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CCleaner Smart Cleaning" => deleted successfully
      "HKU\S-1-5-21-87030960-3603999544-3405083870-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Web Companion" => deleted successfully
      "HKU\S-1-5-21-87030960-3603999544-3405083870-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Web Companion" => not found
      "VirusTotal: C:\Windows\SysWOW64\muzapp.exe (Musiccity Co.Ltd.) [Unsigned file]" => not found
      "VirusTotal: C:\Windows\SysWOW64\muzapp.exe (Musiccity Co.Ltd.) [Unsigned file]" => not found

      =========== EmptyTemp: ==========

      BITS transfer queue => 12869632 B
      DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 18982105 B
      Java, Flash, Steam htmlcache => 1201 B
      Windows/system/drivers => 17602468 B
      Edge => 37888 B
      Firefox => 1255885820 B
      Opera => 0 B

      Temp, IE cache, history, cookies, recent:
      Default => 6656 B
      ProgramData => 6656 B
      Public => 6656 B
      systemprofile => 6656 B
      systemprofile32 => 6656 B
      LocalService => 32456 B
      NetworkService => 79000 B
      alank => 201482691 B

      RecycleBin => 2174137 B
      EmptyTemp: => 1.4 GB temporary data deleted.

      ================================


      The system had to restart.

      End of Fixlog 18:29:16

0
  • alan
     
    Hi

    the scan is in the previous message.
    0
  • bazfile Posted messages 58490 Registration date   Status Moderator Last intervention   20 266
     
    Hello,
    there's no need to look for an infection where there isn't one; the command prompt windows come from a program by HP (HP diagnostics) that launches scheduled tasks, for example:
    Task: {15B619A5-0AA7-45B7-B3E4-E922291ACCEA} - System32\Tasks\Hewlett-Packard\HP Diagnostics\ABO => cmd /c start hpdiags://ABO
    Task: {326F4273-BC80-4017-9C84-15EFA72820C6} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BatteryStatusError => cmd /c start hpdiags://BatteryStatusError
    Task: {37CD65EB-0846-4D99-917A-471DDFB17B47} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BHM1 => cmd /c start hpdiags://BHM1
    Task: {3CB9FE7D-5B25-4430-B964-3DDC4083F8BE} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BCF => cmd /c start hpdiags://BCF
    Task: {4C5C00FE-8ED5-4D85-98AA-7002ED0AD7C9} - System32\Tasks\Hewlett-Packard\HP Diagnostics\SmartCheckError => cmd /c start hpdiags://SmartCheckError
    Task: {5FD2DBA9-5C9B-4BDF-8FEB-BE2DC3786250} - System32\Tasks\Hewlett-Packard\HP Diagnostics\ShowUI => cmd /c start hpdiags:
    Task: {6AA92D18-2F1A-4040-B489-5FBEBF2E0A4A} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BHM2 => cmd /c start hpdiags://BHM2
    Task: {8FF37C6B-23DE-4FE2-8236-DAE535772A07} - System32\Tasks\Hewlett-Packard\HP Diagnostics\SmartCheckTest => cmd /c start hpdiags://SmartCheckTest
    Task: {C38E54B6-86EE-428D-846F-899F40760EC7} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BatteryStatusTest => cmd /c start hpdiags://BatteryStatusTest
    Task: {C9499A82-2232-40B2-ADED-F14940E1916A} - System32\Tasks\Hewlett-Packard\HP Diagnostics\LaunchUI => cmd /c start hpdiags://LaunchUI


    --
    bazfile
    Moderator/Security Contributor.
    a hello, a response, a thank you are always appreciated.
    1
  • billmaxime Posted messages 50522 Registration date   Status Contributor Last intervention   6 149
     
    hello

    check Bazfile's message for your CMD issue --> click here

    do this:

    rename FRST to Uninstall.exe and run it as administrator (right-click)

    a PC restart will be required

    see you

    --
    the radiation level is higher at the unemployment office than at Chernobyl
    1
    1. alan
       
      Hello

      Okay, it's done.

      Thanks for your help, billmaxime.
      0
  • billmaxime Posted messages 50522 Registration date   Status Contributor Last intervention   6 149
     
    re

    have you seen Bazfile's message? --> click here

    you should normally always have the command prompt windows opening...

    @+

    --
    the radiation rate is higher at unemployment agency than in Chernobyl
    1
  • Edawards_0352 Posted messages 220 Registration date   Status Member Last intervention   11
     
    Hello,
    What version of Windows are you using?

    See this:

    https://www.malekal.com/supprimer-fenetre-noire-cmd-windows/

    --
    Life is not a river but just a crossing.
    0
    1. alan
       
      Hello,

      On Windows 10
      0
      1. Edawards_0352 Posted messages 220 Registration date   Status Member Last intervention   11 > alan
         
        Hello,
        By putting the items in quarantine, you turn off the P.C. completely, wait for a moment, and then turn it back on to see if the problem is resolved.
        0
  • billmaxime Posted messages 50522 Registration date   Status Contributor Last intervention   6 149
     
    hello

    Scan report after quarantine

    there's nothing detected in the report you posted!!!

    I will read the reports

    @+

    --
    the radiation level is higher at the job center than at Chernobyl
    1
  • billmaxime Posted messages 50522 Registration date   Status Contributor Last intervention   6 149
     
    hi

    are you still using this? --> C:\Windows\SysWOW64\muzapp.exe (Musiccity Co.Ltd.)

    @+

    --
    the radiation level is higher at the unemployment office than at Chernobyl
    0
    1. alan
       
      Not at all, I don't even know what it is.

      Otherwise, is everything good? Did you see the latest Fixlog correction report?
      0
  • billmaxime Posted messages 50522 Registration date   Status Contributor Last intervention   6 149
     
    re

    the scan is in the previous message

    I saw it, but I'm asking if you're still using muzapp.exe (Musiccity Co.Ltd.)

    @+

    --
    the radiation level is higher at the unemployment office than at Chernobyl
    0
  • billmaxime Posted messages 50522 Registration date   Status Contributor Last intervention   6 149
     


    ok, do this:

    open FRST

    copy all the text below: (from Start:: to End::)

    Start:: CreateRestorePoint: CloseProcesses: FirewallRules: [{E4AA0782-6A30-4E41-BF3D-E1B6C049498E}] => (Allow) C:\Windows\SysWOW64\muzapp.exe (Musiccity Co.Ltd.) [Unsigned file] FirewallRules: [{DD87A2CF-9932-49D0-9342-81404531B8A8}] => (Allow) C:\Windows\SysWOW64\muzapp.exe (Musiccity Co.Ltd.) [Unsigned file] EmptyTemp: Reboot: End:: 


    when the script is copied, click on fix in FRST

    let the fix complete with FRST and restart the pc when prompted

    when the pc has restarted, you will have 1 FIXLOG file on the desktop, post it by pasting it in your reply

    @+
    --
    the radiation level is higher at the employment center than at Chernobyl
    0
    1. alan
       
      Results of Farbar Recovery Scan Tool (x64) Version: 19-07-2021 01
      Executed by S (23-07-2021 22:54:35) Run:2
      Executed from C:\Users\alan\Desktop
      Loaded Profiles: S
      Boot Mode: Normal
      ==============================================

      fixlist contents:

    2. CreateRestorePoint:
      CloseProcesses:
      FirewallRules: [{E4AA0782-6A30-4E41-BF3D-E1B6C049498E}] => (Allow) C:\Windows\SysWOW64\muzapp.exe (Musiccity Co.Ltd.) [Unsigned File]
      FirewallRules: [{DD87A2CF-9932-49D0-9342-81404531B8A8}] => (Allow) C:\Windows\SysWOW64\muzapp.exe (Musiccity Co.Ltd.) [Unsigned File]
      EmptyTemp:
      Reboot:


      The restore point was successfully created.
      Processes successfully closed.
      "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E4AA0782-6A30-4E41-BF3D-E1B6C049498E}" => deleted successfully
      "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DD87A2CF-9932-49D0-9342-81404531B8A8}" => deleted successfully

      =========== EmptyTemp: ==========

      BITS transfer queue => 12869632 B
      DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12630067 B
      Java, Flash, Steam htmlcache => 0 B
      Windows/system/drivers => 1051914 B
      Edge => 0 B
      Firefox => 878059911 B
      Opera => 0 B

      Temp, IE cache, history, cookies, recent:
      Default => 0 B
      ProgramData => 0 B
      Public => 0 B
      systemprofile => 0 B
      systemprofile32 => 0 B
      LocalService => 0 B
      NetworkService => 5948 B
      alan => 50045706 B

      RecycleBin => 57259952 B
      EmptyTemp: => 965 MB of temporary data deleted.

      ================================


      The system had to restart.

      End of Fixlog 22:58:40

      So, is muzzapp.exe deleted?