Grenpara
-
Posts
157 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Grenpara
-
-
7 minutes ago, AdvancedSetup said:
Please at least temporarily uninstall Kaspersky antivirus. The built-in Windows Defender will take over as the default antivirus.
Then run a new FRST scan and make sure you place a checkmark in the Additions.txt check box and post back both new logs.
Please download Farbar Recovery Scan Tool and save it to your desktop.
Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit- Double-click to run it. When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
- The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.
Hey Ron,
Thanks will do that shortly.
I will let you know that what ever is happening is causing system corruption.
sfc /scannow has found problems and repaired them.I will post logs as soon as I can.
Thanks in advance
Fred
-
35 minutes ago, AdvancedSetup said:
Hi Fred,
If you're having trouble with other Antivirus you might want to read the following article and make up your own mind how you want to protect your system.
If you do need further assistance please let me know.
Ron
Hey Ron.
Not Anti Virus either.
I cant access system restore at all.
Computer is still acting weird and shutting of all kinds of files and drives have started to do mass access. (Lots of Activitity more than normal.)
Is there an advanced tool to verify MAlwarbytes is working and has not been effected?
I am now sure there is something on the system.
I had to switch to MS Edge to contact forum as firefox was dead and I had to remove it.
Please help and advise.
Thanks in advance
Fred
-
Hello Ron,
Well My computer might still be possessed but I am on it now and appears to be working again, for now.
I am not sure if it is malware on my system as I had to do something when I got partial access again.
I had to use Kaspersky Clean Remove tool to totally remove Kaspersky from system.
I then reinstalled it and I was then able to access websites again and my programs reappeared in the start menu.
Kaspersky has no answer for this as I spent time in chat with them.
I think in near future KAspersky will be removed from my system and I'll go with eset.
USA, Canada and others all stopped allowing its use in Government.So right now how can I be sure there is no malware?
Malwarebytes Threat scan shows as clean and trendmicro free online scan showed as clean before I used revo to get rid of any files left by it.I dont know what other programs to use to scan for malware except Malwarbytes and now that it is working again shows clean.
Please let me know.
ThanksFred
-
16 hours ago, AdvancedSetup said:
Okay. I'll keep your post open a couple more days and if you run into any issues please let me know.
Thanks Fred
Ron
Help Please,
I am losing control of computer.
I am losing access to programs and even websites are being blocked.
Malwarebytes will no longer turn on with protection.
And I am unable to do much of anything.
This is a new computer and I installed only trusted items fresh from websites.
I was not able to access my computer again and my drives are all doing funky things like non-stop access.
Even my cd drive opened and closed one.
Can't log into windows properly it simply refuses.
Even Firefox apps cant connect to there servers like lastpass.
Need help please
Thanks in advance
Fred
-
Hey Ron,
I did many restarts today and no problem like yesterday/earlier.
Not sure what was up but maybe the Wacom drives dont like 10 or they want the tablet always connected.Things running smooth right now.
Thanks
Fred
-
Hello Ron,
Well I am still on pc trying to find out what is going on.
Ran Malwarebytes Threat scan with latest version and it came back clean. (Log Attached)
KAspersky is still running and will let you know in this same message. (Log attached shows clean)
I opened Windows Event Log and there are errors listed.
At least one error recent is about Malwarebytes Self PRotection failing to run.
It was off when I installed Malwarebytes but turned it on after I got the origional messgae about powershell.
I have disabled it again just in case.Next error are about the tablet error (WTabletServicePro)
That could be my fault as yesterday I installed latest Wacom Tablet drives for my tablet but have not connected it yet.
I uninstalled drive to be safe until I am sure all is ok.Also before that earlier today I downloaded your antiroot kit software and ran it.
But it did not find anything.There are also some other errors and warnings in events log on the 7th.
I know some were my fault.
I installed a paid version of a program but company went under so I cant register it.
And I did not know if it could be used on windows 10 so I ran in sandboxie and it did not like that.ALso Malwarebytes has a couple events of trojan website being blocked outbound from me.
That makes no sense and I have also attached a log export of one so you can see it.
I googled that and it seems malwarebytes picks that up often and has others stumped too.
If I even type the ip and hit enter I Mbam blocks it.I ran a program called Fiddler 4 to see what is talking to the net and I see nothing strange at all.
Thou i could be wrong I know most of what is shown as safe.Running SFC /scannow from elevated command prompt now. (found no violations)
Oh and one other note I did download a program I have only used once before but online scan showed clean.
I even sent it to Kaspersky to check and they say it clean and Malwarebytes scanned it clean.
I got it since the program I used wont work and has a trial period I am using it to keep program on trial.
I own the program I am using it on, but as said above I can no longer register it as company went under.
The program I am using to keep software on trial is https://www.nirsoft.net/utils/run_as_date.html
It forces date into software and I will use it until I can find a decent Home Inventory Software that will meet my home needs.
In event log under System is a bunch of error for today around the time of the big crash/loss of control.
Most say the following:
"- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="0">10016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2018-10-09T07:55:49.619453200Z" />
<EventRecordID>6703</EventRecordID>
<Correlation />
<Execution ProcessID="1476" ThreadID="4844" />
<Channel>System</Channel>
<Computer>DESKTOP-G8AI09A</Computer>
<Security UserID="S-1-5-19" />
</System>
- <EventData>
<Data Name="param1">application-specific</Data>
<Data Name="param2">Local</Data>
<Data Name="param3">Activation</Data>
<Data Name="param4">{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}</Data>
<Data Name="param5">{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}</Data>
<Data Name="param6">NT AUTHORITY</Data>
<Data Name="param7">LOCAL SERVICE</Data>
<Data Name="param8">S-1-5-19</Data>
<Data Name="param9">LocalHost (Using LRPC)</Data>
<Data Name="param10">Unavailable</Data>
<Data Name="param11">Unavailable</Data>
</EventData>
</Event>"I check the PID 1476 and have attached picture of it in task manager.
Not sure if that means anything.
Thanks in advance for the help.
And sorry for the long email.
Fred -
Hey Ron,
My new computer is screwed up somehow and it must be a virus, thou I dont know how.
During restart computer booted but windows was acting nuts and opening and closing windows I had no control at all.
I had to hard power down the system and tried for 20 minutes to get into it and I finally did.
Here are the new logs you requested.
I got a weird message about tablet drive or something and not sure whats up with that.
I am running a full scan with malwarebytes again as well as kaspersky.
I am then trying sfc /scannow.
Thanks in advance
Fred
-
Hello Ron,
Thanks for the help attached is the new additions.txt.
But I have a questions which is why would Malwarebytes block it if it was caused by Onenote Update?
Thanks in advance
Fred -
Hey Ron,
Sorry for the multiple replies but I have more info.
I think the powershell blocking is a false positive thou not 100% sure and heres why.
I check Windows update and no updates today.
But My virus i can see what ran each day and I see something did run.
And around the same time as first malwarebytes message A Windows update did happen thou not in the windows update section.When I went to add and remove programs in windows 10 I did get an update or (2).
I find it strange it did not show up in the windows update section but attached is a picture of the 2 items that ran.
As you can see they ran and Onenote I think like microsoft products does access onenote or am i wrong?
Please let me know
Thanks in advance
Fred -
2 minutes ago, Grenpara said:
Hello Ron,
Thanks for the fast reply to my issue.
Attached are the files you asked for.
While doing them I got a popup from Malwarebytes saying website blocked because of trojan.
I was only on Malwarebytes site and Farbar site.
Not sure what is up.Thanks in advance
Fred
Sorry let me add some info.
The Trojan warning was outbound and not inbound. and it was blocked.
Also the software I installed was from Reallusion and Windows store appsa dn a couple others.
Thanks
Fred
-
Hello Ron,
Thanks for the fast reply to my issue.
Attached are the files you asked for.
While doing them I got a popup from Malwarebytes saying website blocked because of trojan.
I was only on Malwarebytes site and Farbar site.
Not sure what is up.Thanks in advance
Fred
-
Hey Guys & Gals,
I installed some trusted software yesterday I have had for years and today every few minutes I get malwarebytes popping up saying exploit blocked.
I am getting lots of them, I scan with Malwarebytes on Threat scan and it finds nothing.
Also the logs dont tell me what is causing it.I have attached 2 exported logs as text files as I have no clue.
KAspersky also sees nothing.
The computer is only 2 weeks old and I am sure not to install bad software.Can anyone lend a hand or clue me in as to what is causing this issue?
Thanks in Advance
Gren
-
22 hours ago, AdvancedSetup said:
I wanted some updated logs but looking over them it probably would not matter. Nothing obvious in the logs to show a cause for your issue. Resetting Firefox is probably what it will need to fix.
On the other hand, I'm amazed you can even use this computer. You're running Windows 8.1 which was never all that popular and a bit slow compared to the future OS builds. You also have more software installed and so much running on Start up it has to be slow. I've seen computers with more software installed but not too many and a few with more items starting on startup but again, not many. I would highly recommend that you reset Firefox and then review the software you have installed and if you no longer use it consider uninstalling it. Then also review all the items starting and decide if you really need all of them starting up every time the computer starts and remove those from starting that don't really need to run each time. Please do not use MSCONFIG
Please read the following article concerning the use of MSCONFIG
Msconfig Is Not A Startup ManagerThe following fix will remove some alternate data streams as well as clean temp files and general clean up
Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.
Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.Note: If the tool warned you about an outdated version please download and run the updated version.
Then reset Firefox and let me know how things are working now
Internet Explorer
How to reset Internet Explorer settingsFirefox
Click on Help / Troubleshooting Information then click on the Refresh Firefox button.Ron
Hello,
Refreshing Firefox worked, browser now runs fine and I re-added plugins one at a time to see if any of them was the issue.
Still all running good now. so I am happy again.As for My computer, I am aware of the startups and I am working on disabling some to manual start.
As for my OS I wanted to switch but some software I have will not run on 10 unless I buy upgrades for many of them.
I am unable to work so cash is very tight so it takes me a long time for some to get the $$$ for each one.
Also some are free as long as I dont upgrade as I got them from the legit Software Giveaway sites. (all scanned by multiple virus sites and programs.)I want to buy a new system and have been looking to see if I can find one that suites my needs and budget.
I for me i need a good cross between gaming and graphics.
Anyways I digress, as I said above the refresh worked on firefox.
i did not run the FRST64 as I wanted to try refresh first.
I was worried about the fix as i had run ADWCleaner and somehow it screwed up my vpn where i had to reinstall it.Thanks for your help and time.
Have a great day.
Grenpara
-
On 9/1/2018 at 2:17 AM, AdvancedSetup said:
Hello @Grenpara and
Please run the following steps and post back the logs as an attachment when ready.
STEP 01- If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
- If you don't have Malwarebytes 3 installed yet please download it from here and install it.
- Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
- Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply.
- If Malwarebytes won't run then please skip to the next step and let me know on your next reply.
STEP 02
Please download AdwCleaner by Malwarebytes and save the file to your Desktop.
-
Right-click on the program and select
Run as Administrator to start the tool.
- Accept the Terms of use.
- Wait until the database is updated.
- Click Scan.
- When finished, please click Clean.
- Your PC should reboot now if any items were found.
- After reboot, a log file will be opened. Copy its content into your next reply.
RESTART THE COMPUTER Before running Step 3
STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.
Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit- Double-click to run it. When the tool opens, click Yes to disclaimer.
- Press the Scan button.
- It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
- The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
- Please attach the Additions.txt log to your reply as well.
Thanks
Ron
Hey Ron,
I did Step one and 2 before i posted Malwarebytes found nothing.
ADWcleaner found 3 items if I recall and cleaned them.
Farbar is done already they were attached to my 2nd reply to my thread.
I can re-post them if needed.
Thanks in advance
Grenpara
-
Hello,
Here is the Farbar files as scan is done now.
Thanks in advance
Grenpara -
Just adding Threat scan finished.
Malwarebytes
www.malwarebytes.com-Log Details-
Scan Date: 8/28/18
Scan Time: 4:21 PM
Log File: 65fc16e4-ab08-11e8-b742-00ffc239f2ed.json-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.421
Update Package Version: 1.0.6541
License: Premium-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: VASHTA-CPPC\grend_000-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 1728646
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 1 hr, 0 min, 9 sec-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect-Scan Details-
Process: 0
(No malicious items detected)Module: 0
(No malicious items detected)Registry Key: 0
(No malicious items detected)Registry Value: 0
(No malicious items detected)Registry Data: 0
(No malicious items detected)Data Stream: 0
(No malicious items detected)Folder: 0
(No malicious items detected)File: 0
(No malicious items detected)Physical Sector: 0
(No malicious items detected)WMI: 0
(No malicious items detected)
(end)Seemed the threat scan only did drive C and none of the rest.
Just thought I would post the result of the scan.
Thanks
Grenpara
-
Hello Guys and Gals,
My Firefox has been strange for a couple days.
Every time I open google and then search google closes and bing opens.
I have check with Mozilla and tried what they suggested and now told me to try you.I have run multiple virus scans and nothing.
I ran Malwarebytes quick scan and found nothing and am currently doing a full threat scan.
I checked for adaware and Web companion and dont see them on my system.
The Malwarebytes quick scan found nothing you AdwCleaner did find and clean 2 register entries. It found 3 but one is always there as it is a program i use so dont ever clean it.Any help would be great.
Thanks in advance
Grenpara -
Hey Guys,
Attached is the FRST & addition files.
I could not get Malwarebytes to complete a threat scan and spent hours with it trying.
I am now running a online eSet scan and will post when it is complete.
For the attached logs my system users were edited by me I removed my last name and replaced it with xxxxxx's.
Hope that was ok? did not want my name floating around.I will say one thing It seems whatever is happening to my system it has deleted or corrupted my Logitech Gaming software.
Every one of my gaming profiles is missing so nothing is shown in it.EDIT:
I should note even windows and my mouse are acting up bad today.
It is seeming to double click when I am in explore trying to open folders.
If I click a file it goes right to the name change and does not let me select anything to open it.
I tried a 2nd mouse and it has same issue. mice work fine on other systems.Hope that makes sense.
Also just so you know I ran the latest Microsoft Malicious Software Removal on quick scan and it found nothing.
Also I ran SFC /scannow from cmd as admin and it found no issues.
Thanks in advance
Fred -
Hey Guys,
I think I am infected with a virus that i got a few hours ago.
I went to bed and it took 30 minutes to shut down.
And today when I turned on computer i can't access many items and computer is laggy (bad).Malwarebytes 3 keeps crashing when I try a threat scan.
I tried to run chameleon and it says it can find Mbam and says it will download and to restart.
When I restart nothing happens and it takes 10 minutes to restart.
I have been able to run a free online scan from Eset and it has not found anything yet.Not sure how i got a virus as i run Kaspersky and Malwarebytes licensed version.
Help would be greatly appreciated.
Thanks in advance
Fred
-
Hey Guys,
Got it working I had to cycle the Context setting to off then back to on.
So it now shows up again, I see if it stays like that after system is powered off then back on.
Thanks
Gren -
Hello,
Yesterday Malwarebytes 3 updated to version 3.4.4 on 3 different computers and I thought it went well.
I was wrong and it seems now on all 3 computers Malwarebytes is no longer listed in the windows context menu.
How do I get it to show back up again?
Thanks in advance
Gren
-
3 hours ago, Ried said:
Hello Grenpara - could you please attach the AdwCleaner log that shows the detection? You can find the logs in the C:\Adwcleaner folder.
Thanks!
Hello Ried,
Thanks for the fast reply to my issue.
I have attached one of the logs as requested.
To test on your system Download dap and install.
Then run dap and exit as it creates folders and files.
At that point run AdwCleaner and it will detect the same thing my logs show.
I have tested it multiple times.Thanks in Advance
Gren -
7 hours ago, MKDB said:
Hi,
it sounds like an FP.
I'm sure that fr33tux will fix it afap.
Hello,
Thanks for the fast reply to my issue.
I am pretty sure it was a FP as I know the company and software.
Plus as I said it was the folder itself giving the warning and not a program or file.
Thanks again for the confirmation.
Gren -
Hey Guys,
I think AdwCleaner is giving me a false positive from a program I installed.
I went to this site http://www.mediachance.com/dap/photo-to-painting.html
and I installed trial version Dynamic Auto Painter also known as DAP.
Now when i ran dap it works fine but yesterday I ran AdwCleaner and it gave me this message Trojan.Buzus, C:\Users\xxxxxxxxx\Documents\DAP
The xxx is my username that I erased out of post.
I scanned my system with MBAM and Kaspersky and several tools from Mcafee and all show my system is clean.
So I deleted the folder using adwcleaner and then i ran DAP again.
i then ran Adwcleaner and it gave me the same message as before when it recreated that folder.So is this a false positive as there is no reason for the folder to be flagged as Trojan.Buzus?
Can anyone please confirm if they have same issue?
Dap is new on my system and it is authentic directly from the site and I know the company is safe software.
I have done a test installing a couple items after dap to see if Trojan would appear for other programs and no other issues except the DAP folder.Thanks in advance
Gren
Run as Administrator to start the tool.
Malware Question
in Resolved Malware Removal Logs
Posted
Hey Ron,
Ok Kaspersky is gone and did a restart and ran FRST as said.
Attached are the 2 files you asked for.
I would like to thank you again for all the help and time.
Sincerely
Fred
Addition.txt
FRST.txt