Sandor-Helper

Temporarily turn off any antivirus. Highlight following code: ``` Start:: CloseProcesses: SystemRestore: On CreateRestorePoint: HKU\S-1-5-21-1242433909-1029065536-3682095691-1001\...\MountPoints2: {d49b36d2-d094-11ee-82db-f89e9479138b} - "D:\SETUP.exe" GroupPolicy: Restriction ?

You don't have to paste it anywhere, but nevermind, FRST got script strait from the clipboard and it ran well. Using pirated soft (was seen in logs) - is bad...

Yes it is, nothing suspisious. At last in Windows Defender you have several dangerous Path Exclusions like whole disk C and D. Please delete them. Rename FRST.exe (FRST64.exe) to **uninstall.exe**...

We can additionally check your system by several different anti virus tools. Lets start from [DoesNotBelong](https://www.safezone.cc/resources/doesnotbelong.270/download) Download it, run as administrator and get me resulting log, please.

Hi, You don't have to insert logs right in your message. Please attach it only. (HiJackThis log is included in CollectionLog pack, so no need to do it again). I...

Hi, Lets see more logs: Please download [Farbar Recovery Scan Tool](https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) and save it to your Desktop. **Note**: You need to run the version compatible with your system. If you...

Temporarily turn off any antivirus. Highlight following code: ``` Start:: CloseProcesses: SystemRestore: On CreateRestorePoint: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction

Thanks for the log. Fix ran well. There is no obvious signs of infection. What we have done is only cleaning some of the trash records. In my opinion you...

Hi, I do not see any obvious signs of infection so far. Waiting for your description. And please do these logs: Please download [Farbar Recovery Scan Tool](https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) and save it...

Please attach these log to your next message (lik you already did in your first post here) rather than inserting them.