Jump to content

Recommended Posts

Hi there,

I'm dumb and wasn't paying attention and now I have IdledBuddy woes. I found a post where Ron requested information from a user and I thought I might try to streamline the process by presenting this information upfront.

It might be helpful to mention that I am running Malware Bytes Premium v 3.8.3

Thanks for any help you can provide in advance!

Step 2 output: 

# -------------------------------
# Malwarebytes AdwCleaner 7.4.0.0
# -------------------------------
# Build:    07-23-2019
# Database: 2019-07-22.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    07-27-2019
# Duration: 00:00:00
# OS:       Windows 10 Home
# Cleaned:  0
# Failed:   1


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

Not Deleted   palikan.com

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2594 octets] - [27/07/2019 19:11:38]
AdwCleaner[C00].txt - [2595 octets] - [27/07/2019 19:14:23]
AdwCleaner[S01].txt - [1459 octets] - [27/07/2019 19:35:42]
AdwCleaner[S02].txt - [1520 octets] - [27/07/2019 19:36:05]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########
 

step1.txt step3.1.txt step3.2.txt

Link to post
Share on other sites

Hello spitfir3x and welcome to Malwarebytes,

I do not see any reference to IdledBuddy in your logs, do this please...

Run FRST one more time:

Type or copy/paste the following into the edit box after "Search:".

*IdledBuddy*

Click Search Registry button and post the log (Search.txt) it makes to your reply.

Thank you,

Kevin..

Link to post
Share on other sites

Hey Kevin- 

Thanks for taking a look! I have been able to remove most entries of IdledBuddy from my registry (took a long time and a few reboots-- the idlebuddyserver was the hardest), but something always pops back up when I reboot. It's nested in A LOT of different places...hot damn!

Anyway, here is the search result (I also attached it):

Farbar Recovery Scan Tool (x64) Version: 15-07-2019 01
Ran by Shadow (28-07-2019 19:32:08)
Running from C:\Users\Shadow\Downloads
Boot Mode: Normal

================== Search Registry: "IdledBuddy" ===========

[HKEY_USERS\S-1-5-21-959147878-177299395-986142918-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07282019192650937\Software\IdledBuddy]

====== End of Search ======

Thanks again!

SearchReg.txt

Link to post
Share on other sites

Hello spifir3x,

Thanks for that log, continue:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.


Let me know if there are any remaining issues or concerns....

Thank you,

Kevin...

fixlist.txt

Link to post
Share on other sites

Ran the fix successfully! I ran a quick search of my registry and it didn't find any entries for IdledBuddy. Thanks so much for you help!!

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-07-2019
Ran by Shadow (29-07-2019 10:17:15) Run:1
Running from C:\Users\Shadow\Downloads
Loaded Profiles: Shadow (Available Profiles: defaultuser0 & Shadow)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Unlock: HKEY_USERS\S-1-5-21-959147878-177299395-986142918-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07282019192650937\Software\IdledBuddy
reg: reg delete HKEY_USERS\S-1-5-21-959147878-177299395-986142918-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07282019192650937\Software\IdledBuddy

*****************

Restore point was successfully created.
Processes closed successfully.
Unlock: HKEY_USERS\S-1-5-21-959147878-177299395-986142918-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07282019192650937\Software\IdledBuddy => Error: No automatic fix found for this entry.
reg: reg delete HKEY_USERS\S-1-5-21-959147878-177299395-986142918-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07282019192650937\Software\IdledBuddy => Error: No automatic fix found for this entry.


The system needed a reboot.

==== End of Fixlog 10:17:27 ====

Link to post
Share on other sites

Ok, if issue is cleared clean up as follows:

Right click on FRST here: C:\Users\Shadow\Downloads\FRST64.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator"

If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST64 to uninstall

That action will remove FRST and all created files and folders...

Next,

Run Windows Disk Clean Up Utility - https://neosmart.net/wiki/disk-cleanup/

From there you should be good to go...

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.