Jump to content

Recommended Posts

Hello all, I had downloaded AVG and removed it but files are lingering. I used revo uninstaller but even still there are files around and I use Malwarebytes now so I don't want it on my pc. It acts like malware that just doesn't want to go away. I used the AVG clear tool too. The pc I'm on also had a lot of viruses at one time, I used mbam and adwcleaner which got rid of them but I think some may still be hidden so I downloaded the FRST64 Farbar recovery tool but I'm unsure how to really use it. I did see avg on the Addition list along with some other dodgy programs. Could someone here take a look at my Addition file and let me know what needs done please? I added it here. Thank you in advance for any help! 

Addition.txt

Link to post
Share on other sites

Sure thing and thank you for the quick reply! I have removed Zecter Zumo drive from my pc with Revo and a couple of other files since my last post so I re-ran the recovery tool and will provide the newest Addition file. I won't change anything else until we are done here. It looked like it had suspicious activity and I don't use it. I also noticed task scheduler has super anti spyware task which i don't use that program and removed it from programs and a roc_sys_task believed to be associated with avg or malware and an FGRUN from a game I don't use and is not in programs in control panel. I tried using ccleaner to disable these in task scheduler but get an error that it's unable to disable it, message says no mapping between account names and security id's was done. I noticed there are a ton of Firefox files but I don't have it installed and don't use it. I have other concerns but as this is a lot to process for now I will wait for your reply after going over these results, thanks again :)

FRST.txt Addition.txt

Link to post
Share on other sites

Hello thumpergirl,

Thank ks for those logs, continue:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries...

To get the log from Malwarebytes do the following:
 
  • Click on the Report tab > from main interface.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Please download AdwCleaner by Malwarebytes and save the file to your Desktop. https://downloads.malwarebytes.com/file/adwcleaner
  • Right-click on the program and select Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is ?updated.
  • Click Scan Now.
  • When finished, please click Clean & Repair.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Copy its content into your next reply. ?


Next,

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

https://www.microsoft.com/en-gb/download/malicious-software-removal-tool-details.aspx


Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.


Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....

Let me see those logs in your reply, also tell me if there are any remaining issues or concerns...

Thank you,

Kevin...

 

fixlist.txt

Link to post
Share on other sites

Hello, thank you for the reply and your assistance.... was wondering if you can let me know what this fix or fixes are? Also does it matter if I have ran another FRST scan since the last post? I ended up resetting my hosts file with adwcleaner since there were a lot of issues there and wanted to be sure it was fixed. I see 3 downloads so are there 3 fixes? I'm just truly interested to know what you gathered from my FRST log and Addition log and what will happen with this being done. Thanks for the info!

Link to post
Share on other sites

Hello thumpergirl,

The fixlist I created is specific to your system and no one elses, the number of downloads is nothing to worry about, more than likely other people just looking at what was created from your logs for reference...

Follow the instructions from reply #4 and post the produced logs, see how things after that..

Thank you,

Kevin

Link to post
Share on other sites

Hi Kevin, I went ahead and ran the fix. Here are the logs you requested.  I have a major concern though, now when I click on my toolbar in Windows it just dings...I can't click on anything so something was broken with this fix. It has never done this. I didn't have any malware prior to the fix according to MBAM and Adwcleaner since I ran scans yesterday. I do need to be able to use my toolbar since that is very important. Not sure yet what else may not be functioning properly but that was the 1st thing. Will the system restore created by the FRST undo all the changes and put my pc back to exactly how it was before? I saw some important services changed that were enabled before the fix also. That would be time consuming to investigate and change. AVG and Mozilla plugins are still in the registry as well. I do appreciate your help though. Hopefully I can get it back to working order after this.

# -------------------------------
# Malwarebytes AdwCleaner 7.4.0.0
# -------------------------------
# Build:    07-23-2019
# Database: 2019-07-22.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    07-30-2019
# Duration: 00:01:54
# OS:       Windows 7 Home Premium
# Scanned:  35618
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner_Debug.log - [288 octets] - [01/11/2018 22:10:44]
AdwCleaner[S00].txt - [1554 octets] - [04/11/2018 12:46:57]
AdwCleaner[C00].txt - [1683 octets] - [04/11/2018 13:07:08]
AdwCleaner[S01].txt - [1676 octets] - [05/11/2018 11:40:49]
AdwCleaner[C01].txt - [1805 octets] - [05/11/2018 12:11:00]
AdwCleaner[S02].txt - [1798 octets] - [07/11/2018 22:53:27]
AdwCleaner[S03].txt - [1859 octets] - [07/11/2018 23:52:49]
AdwCleaner[C03].txt - [1988 octets] - [07/11/2018 23:53:08]
AdwCleaner[S04].txt - [1981 octets] - [07/11/2018 23:57:11]
AdwCleaner[S05].txt - [2042 octets] - [08/11/2018 01:28:12]
AdwCleaner[S06].txt - [2103 octets] - [15/11/2018 15:07:15]
AdwCleaner[S07].txt - [2164 octets] - [25/11/2018 14:23:44]
AdwCleaner[C07].txt - [2293 octets] - [25/11/2018 14:44:02]
AdwCleaner[S08].txt - [2050 octets] - [25/11/2018 15:01:38]
AdwCleaner[S09].txt - [2111 octets] - [28/11/2018 23:51:36]
AdwCleaner[S10].txt - [2172 octets] - [03/12/2018 12:24:35]
AdwCleaner[S11].txt - [2233 octets] - [06/12/2018 01:10:50]
AdwCleaner[S12].txt - [2294 octets] - [06/12/2018 01:55:33]
AdwCleaner[S13].txt - [2355 octets] - [06/12/2018 04:18:12]
AdwCleaner[S14].txt - [2416 octets] - [06/12/2018 04:19:12]
AdwCleaner[S15].txt - [2477 octets] - [09/12/2018 15:16:27]
AdwCleaner[S16].txt - [2538 octets] - [09/12/2018 20:58:28]
AdwCleaner[S17].txt - [2599 octets] - [11/12/2018 03:52:24]
AdwCleaner[S18].txt - [2660 octets] - [12/12/2018 21:51:07]
AdwCleaner[S19].txt - [2721 octets] - [14/12/2018 05:37:51]
AdwCleaner[S20].txt - [2782 octets] - [17/12/2018 04:14:04]
AdwCleaner[S21].txt - [2843 octets] - [23/12/2018 15:08:43]
AdwCleaner[S22].txt - [2904 octets] - [30/12/2018 17:01:32]
AdwCleaner[S23].txt - [2965 octets] - [07/01/2019 01:39:30]
AdwCleaner[S24].txt - [3026 octets] - [09/01/2019 08:06:06]
AdwCleaner[S25].txt - [3087 octets] - [10/01/2019 03:51:32]
AdwCleaner[S26].txt - [3148 octets] - [15/01/2019 17:08:10]
AdwCleaner[S27].txt - [3209 octets] - [18/01/2019 01:44:41]
AdwCleaner[S28].txt - [3270 octets] - [18/01/2019 01:45:45]
AdwCleaner[S29].txt - [3331 octets] - [20/01/2019 01:42:27]
AdwCleaner[S30].txt - [3392 octets] - [27/01/2019 01:32:37]
AdwCleaner[S31].txt - [3453 octets] - [27/01/2019 04:57:23]
AdwCleaner[S32].txt - [3514 octets] - [27/01/2019 08:10:06]
AdwCleaner[S33].txt - [3575 octets] - [28/01/2019 18:13:39]
AdwCleaner[S34].txt - [3636 octets] - [03/02/2019 03:04:50]
AdwCleaner[S35].txt - [3697 octets] - [10/02/2019 15:18:42]
AdwCleaner[S36].txt - [4719 octets] - [08/03/2019 06:13:27]
AdwCleaner[C36].txt - [4668 octets] - [08/03/2019 06:25:41]
AdwCleaner[S37].txt - [3880 octets] - [08/03/2019 07:27:17]
AdwCleaner[S38].txt - [3941 octets] - [08/03/2019 08:09:37]
AdwCleaner[S39].txt - [4002 octets] - [08/03/2019 17:33:45]
AdwCleaner[S40].txt - [4063 octets] - [09/03/2019 20:44:58]
AdwCleaner[S41].txt - [4311 octets] - [19/03/2019 04:08:05]
AdwCleaner[C41].txt - [4440 octets] - [19/03/2019 04:09:11]
AdwCleaner[S42].txt - [4246 octets] - [19/03/2019 04:16:42]
AdwCleaner[S43].txt - [4307 octets] - [19/03/2019 23:22:07]
AdwCleaner[S44].txt - [4368 octets] - [20/03/2019 05:17:48]
AdwCleaner[S45].txt - [4429 octets] - [20/03/2019 12:37:49]
AdwCleaner[S46].txt - [4490 octets] - [20/03/2019 17:24:20]
AdwCleaner[S47].txt - [4551 octets] - [20/03/2019 17:25:24]
AdwCleaner[S48].txt - [4612 octets] - [21/03/2019 18:56:44]
AdwCleaner[S49].txt - [4673 octets] - [22/03/2019 04:34:57]
AdwCleaner[S50].txt - [4734 octets] - [22/03/2019 17:53:52]
AdwCleaner[S51].txt - [4795 octets] - [23/03/2019 02:15:47]
AdwCleaner[S52].txt - [4856 octets] - [23/03/2019 12:04:14]
AdwCleaner[S53].txt - [4917 octets] - [26/03/2019 02:48:10]
AdwCleaner[S54].txt - [4978 octets] - [03/04/2019 01:10:11]
AdwCleaner[S55].txt - [5039 octets] - [05/04/2019 01:49:10]
AdwCleaner[S56].txt - [5100 octets] - [13/04/2019 03:57:29]
AdwCleaner[S57].txt - [5161 octets] - [14/04/2019 03:57:59]
AdwCleaner[S58].txt - [6100 octets] - [22/06/2019 10:15:11]
AdwCleaner[C58].txt - [6157 octets] - [22/06/2019 10:33:52]
AdwCleaner[S59].txt - [5344 octets] - [24/06/2019 15:13:00]
AdwCleaner[S60].txt - [5405 octets] - [26/06/2019 06:55:23]
AdwCleaner[S61].txt - [5466 octets] - [27/06/2019 05:38:02]
AdwCleaner[S62].txt - [5527 octets] - [28/06/2019 08:02:11]
AdwCleaner[S63].txt - [5588 octets] - [01/07/2019 02:08:55]
AdwCleaner[S64].txt - [5649 octets] - [04/07/2019 08:45:47]
AdwCleaner[S65].txt - [5710 octets] - [04/07/2019 09:03:13]
AdwCleaner[S66].txt - [5771 octets] - [12/07/2019 12:25:50]
AdwCleaner[S67].txt - [5832 octets] - [15/07/2019 20:36:33]
AdwCleaner[S68].txt - [5893 octets] - [17/07/2019 02:33:40]
AdwCleaner[S69].txt - [5954 octets] - [17/07/2019 18:18:46]
AdwCleaner[S70].txt - [6015 octets] - [18/07/2019 23:30:43]
AdwCleaner[S71].txt - [6076 octets] - [21/07/2019 23:26:10]
AdwCleaner[S72].txt - [6137 octets] - [25/07/2019 05:58:21]
AdwCleaner[S73].txt - [6198 octets] - [26/07/2019 09:39:07]
AdwCleaner[S74].txt - [6545 octets] - [26/07/2019 09:45:31]
AdwCleaner[C74].txt - [6435 octets] - [26/07/2019 09:52:46]
AdwCleaner[S75].txt - [6595 octets] - [26/07/2019 10:05:27]
AdwCleaner[S76].txt - [6656 octets] - [27/07/2019 02:51:49]
AdwCleaner[S77].txt - [6503 octets] - [27/07/2019 19:34:09]
AdwCleaner[C77].txt - [6670 octets] - [27/07/2019 19:39:02]
AdwCleaner[S78].txt - [6701 octets] - [28/07/2019 09:45:29]
AdwCleaner[S79].txt - [6762 octets] - [28/07/2019 19:20:38]
AdwCleaner[S80].txt - [6747 octets] - [29/07/2019 15:00:50]
AdwCleaner[C80].txt - [6911 octets] - [29/07/2019 15:14:08]
AdwCleaner[S81].txt - [6945 octets] - [29/07/2019 18:17:28]
AdwCleaner[S82].txt - [7006 octets] - [30/07/2019 03:36:37]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S83].txt ##########

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/30/19
Scan Time: 11:04 AM
Log File: 5f2278a0-b2db-11e9-abbb-3cd92b2b2d50.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.613
Update Package Version: 1.0.11784
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Alice-HP\Music Bro

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 271363
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 21 min, 53 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

 

 

Microsoft Windows Malicious Software Removal Tool v5.74, July 2019 (build 5.74.16130.3)
Started On Tue Jul 30 09:29:25 2019

Engine: 1.1.16000.6
Signatures: 1.295.1362.0
MpGear: 1.1.15747.1
Run Mode: Interactive Graphical Mode
Successfully Submitted Heartbeat Report
Microsoft Windows Malicious Software Removal Tool Finished On Tue Jul 30 09:35:12 2019


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.74, July 2019 (build 5.74.16130.3)
Started On Tue Jul 30 11:33:18 2019

Engine: 1.1.16000.6
Signatures: 1.295.1362.0
MpGear: 1.1.15747.1
Run Mode: Interactive Graphical Mode
 


(end)

 

 

 

 


 

 

 

Fixlog.txt

Link to post
Share on other sites

Just wondering...are you a staff member? I didn't see you in the list is why I ask. I am open to any help from other staff members if possible since my pc is going crazy. My event viewer has a bunch of new errors 😐 event id 2007  LoadPerf cannot repair performance counters for .Net reinstall the counters manually. 3009 event id Installing the performance counter string for .net CLR networking failed. There are 4 of those. Event id 7032 service control manager Windows search service unexpected termination. These service control manager events showed up too, 7031, windows search service terminated unexpectedly,7034 TCP/IP services terminated unexpectedly and a VSS error event id 8194. What on Earth happened to my pc? Thank you for your expert advice!!

Link to post
Share on other sites

Which toolbar do you refer to..? The only reference to toolbar removal with FRST fix were incomplete remnants of BitDefender.

If you look to the signature of any reply I make you will see that i`m not employed by Malwarebytes, I am a volunteer and have been for many years. If you are unhappy with my help please just say so and i`ll ask someone else to take over..

What exactly do you mean by this sentence " What on Earth happened to my pc? Thank you for your expert advice!!" the exclamation marks at the end seem to indicate sarcasm...

Run this please so I can look at your events:

Please download VEW by Vino Rosso from HERE and save it to your Desktop.
 
  • Double-click VEW.exe. to start, Vista and Windows 7/8/10 users Right Click and select "Run as Administrator"
  • Under 'Select log to query...check the boxes for both Application and System.
  • Under 'Select type to list... select both Error and Critical.
  • Click the radio button for 'Number of events...Type 20 in the 1 to 20 box.
  • Then click the Run button.
  • Notepad will open with the output log. It will take a couple of minutes to generate the log, please be patient.


Please post the Output log in your next reply.

Thank you,

kevinf80

Edited by kevinf80
added extra script
Link to post
Share on other sites

I am referring to my taskbar. I have more errors in event viewer now also that I have never seen. I am wondering how to fix what has been done here is all. It doesn't show as volunteer on my end it says experts forum deity so  I automatically thought you were a staff member, my mistake. I am going to have to ask someone else what to do since my pc is having serious issues but I appreciate you taking your time to try and help. I don't even know where to start to fix all this honestly and unsure who to ask. Have a good day

Link to post
Share on other sites

  • Root Admin

The system had many things wrong with it @thumpergirl and Kevin has simply removed those items that should not be running on your computer.  There are many System Event entries after such a cleaning. Going back is going to put all those undesirable items back in place. Which includes policies that lock settings on your browsers as well.

I really think moving forward is the right thing to do, not going back.

 

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.