Jump to content

Recommended Posts

Hello @andremelo90

The log shows that you did not allow Malwarebytes to remove this item

Adware.InstallCore, C:\USERS\ANDRE\DOWNLOADS\WINDADDONS-1.5.23.EXE, No Action By User, 497, 658314, 1.0.21698, , ame,

Also, the computer looks to possibly be infected or Kaspersky is doing some type of on the fly update, scan that doesn't seem normal but could be. Is this a legitimate version of Kaspersky or possibly a hacked version of illegal key for one? Just asking to make sure

 

 

 

Link to post
Share on other sites

thanks for the fast feedback!!!
nope, this kaspersky internet security is genuine, ill send a sshot  of my kaspersky devices management page.
but there is something to mention, ive got infected early... then i reinstalled windows, so maybe kaspersky, as u mentioned, is doing some update since it was installed this afternoon.
thanks again!!! also i suspect my laptop also got infected, so ill be posting its logs soon.

my.kaspersky.com.png

Link to post
Share on other sites
Posted (edited)

ahh also about this
Adware.InstallCore, C:\USERS\ANDRE\DOWNLOADS\WINDADDONS-1.5.23.EXE, No Action By User, 497, 658314, 1.0.21698, , ame,
yep i can confirm i did not let it remove it, its supposed to be a false positive, can u confirm that it could be?

Edited by AdvancedSetup
corrected font issue
Link to post
Share on other sites

It's a bundle type application. The best thing to do is upload it to https://virustotal.com and let them scan it. The post back the link they give you.

Go ahead and finish your Kaspersky scan if it's going on. Then restart the computer.

Then temporarily disable Kaspersky realtime and run the following. We'll see what else if anything we can find.

 

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

  • If you're already running Malwarebytes then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and select Scan and let it run.
  • Once the scan is completed click on the View Report button, then the Export button and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know in your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan Now.
  • When finished, please click Clean & Repair.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Attach or Copy its content into your next reply.

 

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a checkmark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Link to post
Share on other sites

The logs look pretty good overall. No malware

There are some normal Windows issues that may or may not really be much of an issue. You may want to research them and see if they warrant spending further time to correct or not. It's possible they're only there due to our scanning efforts. If they do continue to return though then I'd try to get them resolved.

 

System errors:
=============
Error: (03/31/2020 03:57:51 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
Access is denied.

Error: (03/31/2020 03:57:36 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
Access is denied.

Error: (03/31/2020 03:42:22 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (03/31/2020 03:39:35 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Printer Extensions and Notifications service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (03/31/2020 07:35:17 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IP Helper service terminated with the following error: 
The device is not ready.

Error: (03/31/2020 07:35:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The netprofm service terminated with the following error: 
The device is not ready.

 

There was a few entries for VSS in the logs. It could simply be due to restarting and scanning but if they do return or you have issues creating a System Restore Point manually then please review the following.

 

 

Please download and run the following  Volume Shadow Copy Service (VSS), Diagnostic Tool, from Acronis

Acronis VSS Doctor

Free tool for diagnosing and repairing Volume Shadow Copy Service issues. Download link on the bottom of the page.
Download - Acronis VSS Doctor

In many cases, it can correct the issues on its own. If not, then it will give details on what may be causing the issues. Please save the report in text format and post back that log on your next reply.


You can also try the tool from Macrium Reflect if the Acronis tool did not work.

Macrium Reflect Volume Shadow Copy Service (VSS) Repair Tool


Once you've run the repair tool you need to restart your computer.
Then check your Event Logs to see if the error was corrected. You can post new logs from FRST which will also show the Event Log entries 

If you don't have System Restore enabled then please take this time to enable it. If possible choose 10% of your C drive to store Restore Points.

System Restore disabled or greyed out? Turn On System Restore in Windows 10
 

Thank you

 

Link to post
Share on other sites

I would doubt it. The ScRegSetValueExW entries are "probably" due to a block from your antivirus. Possible it's another reason but I've seen AV block apps from writing to the registry before.

The VSS is an easy no brainer for me. Easy to run. If nothing found no harm. If it does find something wrong then it hopefully should be able to repair it.

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.