Jump to content

Weatherbug Removal Attempt 02-12-2015


Recommended Posts

Hi, From attempting a diagnostic in the PC Help section for a damaged hard drive, I reformatted the hard drive and installed the factory settings from a mirror image. Putting the diagnostic attempts on hold, as five freshly burned DVD-Rs kept producing an error message, I asked for help streamlining the installed softwares to make them as lean as possible. That was when CWB spotted Weatherbug. Now, I need help to remove Weatherbug.

 

Advanced Setup instructed me to post here. AdvancedSetup, are you there?

 

Link to previous topic:

 https://forums.malwarebytes.org/index.php?/topic/163441-repair-harddrive/page-7
Link to post
Share on other sites
  • Replies 52
  • Created
  • Last Reply

Top Posters In This Topic

Hi there.

Okay let's start off by getting some new logs please.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply as well.
Link to post
Share on other sites

Please visit the following link and run the tool to have Microsoft fix your Windows Search which is broken.

 

https://support.microsoft.com/mats/windows_search/en-us

 

Then run the following fix and restart the computer. Then look in your Control Panel, Programs and you should now see a Weatherbug Gadget that you can click to uninstall.

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

fixlist.txt

Link to post
Share on other sites

May I ask a question before I start your instructions?

 

My laptop force shut down to do updates. Here are the updates:

post-96106-0-48947400-1423966241_thumb.j

 

When I rebooted, a popup made me run Windows Defender.

 

Also, JAVA poped up from system tray to request running an update, which I did.

 

Then HP.

 

If you like, I could run the FARBAR one more time, in view of the updates.

 

That is the question.

 

Edited to say, I ran FRST. Here are the attachments.

 

Now, proceed to your instructions?

FRST.txt

Addition.txt

Link to post
Share on other sites

The Fixit for Windows Desktop Search which link I clicked on and ran only said, no error found. Here is the report from the Fixit:

 

Windows Search Troubleshooter Publisher details

 

Issues found
No Error found
Some problems with Windows Search cannot be detected such as registry key settings, permissions, and corrupted settings.
Fixed
 
Reset Windows Search
Succeeded
 

 

Issues checked
Windows Search is crashing or failing
Windows Search crashes or fails after it has started. Additionally, an event ID 7042, 100, or 1000 is logged in the Windows event log, or the Windows Search service is not running.
Checked
 
Windows Search does not start and gives an error message
Windows Search does not show any search results and there is an error message on startup. An Event ID 1006 or 3024 is logged in the Windows event log, or Windows Search service is not running.
Checked
 
Windows Search does not show any results
Windows Search does not show any results. Additioanlly, an event ID 7040 is logged in the Windows event log, or Windows Search service is not running.
Checked
 
Issues found Detection details
6
No Error found Fixed
 
Some problems with Windows Search cannot be detected such as registry key settings, permissions, and corrupted settings.
Reset Windows Search
Succeeded
Frequently, resetting the Search database and restarting Windows Search which enables Windows to re-index all files and resolve this problem.
Issues checked Detection details
6
Windows Search is crashing or failing Checked
 
Windows Search crashes or fails after it has started. Additionally, an event ID 7042, 100, or 1000 is logged in the Windows event log, or the Windows Search service is not running.
Reset Windows Search
Not Run
 
This resolver will reset the search database and restart the Windows Search service. This enables Windows to re-index all files and resolve this problem.
6
Windows Search does not start and gives an error message Checked
 
Windows Search does not show any search results and there is an error message on startup. An Event ID 1006 or 3024 is logged in the Windows event log, or Windows Search service is not running.
Reset Windows Search
Not Run
 
This resolver will reset the search database and restart the Windows Search service. This enables Windows to re-index all files and resolve this problem.
6
Windows Search does not show any results Checked
Windows Search does not show any results. Additioanlly, an event ID 7040 is logged in the Windows event log, or Windows Search service is not running.
Reset Windows Search
Not Run
 
This resolver will reset the search database and restart the Windows Search service. This enables Windows to re-index all files and resolve this problem.
Detection details
Collection information Computer Name: LOUISE-PC Windows Version:
6.0
Architecture:
x86
Time:
2/17/2015 3:37:10 PM
Publisher details
Windows Search Troubleshooter Automatically repair Windows Search problems, such as database corruption, crashes and startup failures. Package Version:
1.2
Publisher:
Microsoft Corporation
Link to post
Share on other sites

The Search repair did reset Windows Search so hopefully that did fix it.

 

The Weatherbug uninstall was hidden, the fix should have made it visible to see.

 

Please run the following and we'll recheck what you have going on there.

 

 

STEP 1

 

Create an Autoruns Log:

  • Please download Sysinternals Autoruns from here.
  • Save Autoruns.exe to your desktop and double-click it to run it.
  • Once it starts, please press the Esc key on your keyboard.
  • Now that scanning is stopped, click on the Options button at the top of the program and select Verify Code Signatures
  • Once that's done press the F5 key on your keyboard, this will start the scan again, this time let it finish.
  • When it's finished, please click on the File button at the top of the program and select Save and save the Autoruns.arn file to your desktop and close Autoruns.
  • Right click on the Autoruns.arn file on your desktop and hover your mouse over Send To and select Compressed (zipped) Folder
  • Attach the Autoruns.zip folder you just created to your next reply

 

 

 

STEP 2

 

Run a new FRST scan and make sure you place a check mark in the Additions.txt check box and post back both new logs.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply as well.


 

Thanks

 

Link to post
Share on other sites

Well weatherbug appears to be gone now. Please run the following for me and then restart your computer and let me know what if any other issues you think you still have going on.

 

 

Please go into Control Panel, Add/Remove and uninstall ALL versions of Java and then run the following.
 
Please download JavaRa-1.16 and save it to your computer.

  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.

Next:
 
Please Run TFC by OldTimer to clear temporary files:


  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 
 

 

Thanks again

 

Link to post
Share on other sites
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.

There was no logfile produced. It didn't, "pop up," and it didn't appear in a search.

 

The TFC took at least 1/2 hour to run, to clean some 630 MB.

 

It didn't require a reboot, but I rebooted, anyway.

 

When I started IE, the history still gave me the websites I visited in a pull-down menu, when I started typing in, forums.malwarebytes,

 

post-96106-0-56642000-1424481872_thumb.j

 

and I am still logged in to this forum. I didn't need to log in, again.

 

 

post-96106-0-40824900-1424482042_thumb.j

 

 

The JavaRa file didn't appear and was't found on search; my preferences were still set in Google, the history is still there on a pull-down menu, and I am still logged in to malwarebytes . . . Is my computer sick?

 

I think I still have weatherbug somewhere in the hidden files, because it appeared in Addition after my last FRST run.

 

What gives with that? If you delete temporary files, doesn't that reset all that info?

Link to post
Share on other sites

No browser history and settings are not in the temp folders.

Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.

If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer

How to reset Internet Explorer settings

Firefox

Click on Help / Troubleshooting Information then click on the Reset Firefox button.

Chrome

Start by disabling Sync

How To Delete Your Google Chrome Browser Sync Data

Chrome - Reset browser settings

If that fails then Uninstall Google Chrome and do not reinstall until sure the system is clean.

Next,

Please download the correct version of SystemLook for your computer and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

SystemLook 32-bit x86 | or | SystemLook 64-bit x64

  • If using Windows XP just double click on SystemLook.exe to run it.
  • For all other versions of Windows, right click over SystemLook.exe or SystemLook_x64.exe and choose Run as administrator to run it
  • Copy the contents of the following code box into the main text field - including the colon characters.

    :filefind*weatherbug*:folderfind*weatherbug*:regfindweatherbug
  • Click the Look button to start the scan
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • Note: The log can also be found on your Desktop named SystemLook.txt
Link to post
Share on other sites

Well there is a little bit left from Weatherbug but not much. Looks like it came as part of the HP installation. This will remove most of it. Anything left over at this point isn't really worth bothering about.

Please download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Link to post
Share on other sites

The Yahoo search bar was uninstalled on the other thread.

 

If I enter a url without http://, sometimes, still defaults to Yahoo search, and there is a Yahoo Search field in the system tray.

post-96106-0-33262100-1424721498_thumb.j

 

There is HP Total Care Advisor in my programs. If it is offering updates, then I think it is good.

 

There was a Windows Sidebar. Maybe I deleted it. I thought, I don't want it anymore. It came pre-installed.

 

If I reboot the computer with the power plugged in, a control widget pops up at the top, called HP Advisor. When I unplug the power, it disappears. Attached is an image of the desktop, before changes, with HP Advisor at the top. The sidebar doesn't appear any longer. The HP Advisor must be power draining, because it disappears if I unplug the power. I never use the Advisor. I don't know what it is for. Maybe I should uninstall it?

 

The image appears default in this post. If you click on it, you see the yahoo search bar on the bottom, and the sidebar on the right, which no longer appears. Maybe I uninstalled it.

post-96106-0-92944800-1424721994_thumb.j

Link to post
Share on other sites

Well up to you. Personally I do not use anyone's toolbar (if I want or need a specific search I click on the search page I want to use) I don't like installing anything Yahoo or Google on my own computers but that's me. If you want or like the Yahoo toolbar then go ahead and reinstall it from Yahoo. As for the HP Updates, yes normally I would recommend letting them do the updates but I'd still review the details and see what it is they're wanting to update. As for the Widgets that's up to you as well. Some people like them some don't. They're cute at first but I turn them off pretty quickly as I find I don't typically need instant information at the cost of running them daily. If I need such information it's only a click away (how fast do we really need things, we are an impatient species).

 

You're MBAM is showing as one of the modules does not look to be started. Did you turn it off ?

 

Might be good to do a clean removal and reinstall now that other things are cleaned up a bit.

 

 

Please uninstall your current version of MBAM and reinstall the latest version. MBAM Clean Removal Process 2x

 

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.