PieterC Posted September 21, 2020 ID:1408741 Share Posted September 21, 2020 Hello Maurice, The same problems as Ethan are bugging me also. Can I use the same fix file ? Of course I need to insert my Username instead of Ethan's but maybe there is more to it? Thanks in advance for your reply. PieterC Link to post Share on other sites More sharing options...
PieterC Posted September 21, 2020 Author ID:1408742 Share Posted September 21, 2020 Hello again Maurice, hereby attached the result files of FRST64. FYI I hope to hear from you soon. PieterC Addition.txtFRST.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 21, 2020 ID:1408782 Share Posted September 21, 2020 @PieterC Hi, My name is Maurice. I will be helping and guiding you, going forward on this case. Let me know what first name you prefer to go by. Please follow my directions as we go along. Please do not do any changes on your own without first checking with me. Please only just attach all report files, etc that I ask for as we go along. Please know I help here as a volunteer. and that I am not on 24 x 7. Do be aware that Windows update failures are not necessarily due to malware. This is just one starter procedure. We will be needing to do multiple exchanges on this case. I would also like to have the following 2 reports, please. [ 1 ] Download Farbar's Service Scanner utilityhttp://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ and Save to your Desktop. Right-Click on fss.exe and select Run As Admisnitrator. Answer Yes to ok when prompted. If your firewall then puts out a prompt, again, allow it to run. Once FSS is on-screen, be sure the following items are checkmarked: Internet Services Windows Firewall System Restore Security Center/Action Center Windows Update Windows Defender Other services Click on "Scan". It will create a log (FSS.txt) in the same directory the tool is run. Attach the report file FSS.txt into your reply. [ 2 ] Please download MiniToolBox save it to your desktop and run it. Reply YES when prompted by Windows to Allow the program to run. Reply YES when prompted by the tool to proceed. Checkmark the following check-boxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log Click Go and post the result ( MTB.txt ). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using Reset FF Proxy Settings option Firefox should be closed. [ 3 ] SecurityCheck by glax24 I would like you to run a tool named SecurityCheck to inquire on the current-security-update status of some applications. Download SecurityCheck by glax24 from here https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe and save the tool on the desktop. If Windows's SmartScreen block that with a message-window, then Click on the MORE INFO spot and over-ride that and allow it to proceed. This tool is safe. Smartscreen is overly sensitive. Right-click with your mouse on the Securitycheck.exe and select "Run as administrator" and reply YES to allow to run & go forward Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file. Attach it with your next reply. You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt We will do more later. 1 Link to post Share on other sites More sharing options...
PieterC Posted September 22, 2020 Author ID:1408918 Share Posted September 22, 2020 MTB.txt SecurityCheck.txt FSS.txt Link to post Share on other sites More sharing options...
PieterC Posted September 22, 2020 Author ID:1408920 Share Posted September 22, 2020 Delay = Timezone I installed AVG Antivirus to be somewhat protected. The Defendeer problem dates from before that install. regards, PieterC Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 22, 2020 ID:1408986 Share Posted September 22, 2020 Personally, I wished you would not have installed AVG antivirus. First because AVG adds more addons & of late, makes for more friction. The MS Windows Defender can be put back in good shape if you decide to uninstall AVG. I look forward to your decision & action on that aspect ( uninstalling AVG). . I am going to highlight significant sections from the SecurityCheck tool report. The elevation prompt for administrators disabled The elevation prompt for users disabled^It is recommended to enable (default): Win+R typing UserAccountControlSettings and Enter^ I need for you to Enable that capability so that you can run a proper run for the System File Checker tool. Other note, from SecurityCheck tool PrivaZer v.4.0.7.0 Warning! Suspected demo version of anti-spyware, driver updater or optimizer. If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware. Possible you became a victim of fraud or social engineering. 1 Link to post Share on other sites More sharing options...
PieterC Posted September 23, 2020 Author ID:1409107 Share Posted September 23, 2020 All recomandations are executed: UserAccountControlSettings to maximum PrivaZer (months ago installed by me) and AVG removed with Revo Uninstaller Scan performed with Malwarebytes, no problems Reboot Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 23, 2020 ID:1409154 Share Posted September 23, 2020 Good morning. Thank you for the status update. I am enclosing a very special custom script. The main goal here is to get the MS Windows 10 Windows Defender back in place as a service & to attempt to run a quick scan in batch mode. It will also run the System File Checker tool & the MS Windows DISM tool to check the system. Just be sure to close all open apps, documents, work files, etc before starting this next run. This custom script is for PieterC only / for this machine only. Close and save any open work files before starting this procedure. If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached, please disconnect any of those. I am sending a custom Fix script which is going to be used by the FRST64 tool. They will both work together as a pair. Please RIGHT-click the (attached file named) FIXLIST and select SAVE link AS and save it directly ( as is) to the Downloads folder The tool named FRST64 .exe tool is already on the Downloads folder Start the Windows Explorer and then, to the Downloads folder. RIGHT click on FRST64 and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run. to run the tool. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick. If you receive a message that a reboot is required, please make sure you allow it to restart normally. The tool will complete its run after restart. When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run. Please attach the FIXLOG.txt with your next reply later, at your next opportunity Please know this will do a Windows Restart. Just let it do its thing. Fixlist.txt 1 Link to post Share on other sites More sharing options...
PieterC Posted September 23, 2020 Author ID:1409167 Share Posted September 23, 2020 Thank you Maurice for your help so far. I did as requested and the fixlog file is attached. Fixlog.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 23, 2020 ID:1409193 Share Posted September 23, 2020 Thank you for that report. You did well. The check with the Windows System File Checker tool found no problem. The checks with the Windows DISM tool are good. What is not clear is the state of the Windows Defender. I'd like some fresh reports please. Using File Explorer, go to the Downloads folder. Find the file FRST64.exe Do a right-click on it with the mouse & select RENAME and renamed it to FRSTENGLISH.exe and tap Enter-key to apply the name change. This will help me so that important notations are in English for my benefit. Right-click on FRSTENGLISH iand select Run as Administrator to start the tool , and reply YES to allow it to proceed and run. _Windows 8 or 10 users will be prompted about Windows *SmartScreen protection* - click line More info information on that screen and click button Run anyway on next screen._ Click YES when prompted by Windows U A C prompt to allow it to run. Note: If you are prompted by Windows SmartScreen, click More info & followup & choose Run anyway. Approve the Windows UAC prompt on Windows Vista and newer operating systems by clicking on Continue or Yes. Click Yes when the* disclaimer* appears in FRST. The tool may want to update itself - in that case you'll be prompted when the update is completed and ready to use. Make sure that Addition options is checked - listed under Optional scan on the FRST screen and click the box "90 day files " Press Scan button and wait. The tool will produce three logfiles on your desktop: _FRST.txt_ , _Addition.txt Click OK button when it shows up. Close the Notepad windows when they show on screen. The tool saves the files. Please attach these 2 files to your next reply. [ 2 ] Find the FSS.exe that you saved from before. Right-Click on fss.exe and select Run As Admisnitrator. Answer Yes to ok when prompted. If your firewall then puts out a prompt, again, allow it to run. Once FSS is on-screen, be sure the following items are checkmarked: Internet Services Windows Firewall System Restore Security Center/Action Center Windows Update Windows Defender Other services Click on "Scan". It will create a log (FSS.txt) in the same directory the tool is run. Attach the report file FSS.txt into your reply. 1 Link to post Share on other sites More sharing options...
PieterC Posted September 23, 2020 Author ID:1409206 Share Posted September 23, 2020 Addition.txt FRST.txt FSS.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 24, 2020 ID:1409253 Share Posted September 24, 2020 Thank you for those reports. I have here a new custom Fixlist So, first, I want you to find the prior saved file named Ficxlist.txt that is on the Downloads folder. Next, do this next custom run Please RIGHT-click the (attached file named) FIXLIST and select SAVE link AS and save it directly ( as is) to the Downloads folder The tool named FRSTENGLISH .exe tool is already on the Downloads folder Start the Windows Explorer and then, to the Downloads folder. RIGHT click on FRSTENGLISH and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run. to run the tool. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick. If you receive a message that a reboot is required, please make sure you allow it to restart normally. The tool will complete its run after restart. When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run. Please attach the FIXLOG.txt with your next reply later, at your next opportunity Please know this will do a Windows Restart. Just let it do its thing. Then when the system is settled back in, I would like you to try 2 things. 1. Do a new Microsoft Windows Update run 2. Do a scan with Microsoft Windows Defender Fixlist.txt 1 Link to post Share on other sites More sharing options...
PieterC Posted September 24, 2020 Author ID:1409282 Share Posted September 24, 2020 The result of the exercise was depressing: Updating gave only optional updates (see file 1) Attempt to start Defender resulted in error: Service has stopped (see file 2) Attempt to start again: "Unexpected error", like so many times before... (see file 3) I enclosed te fixlog too. Fixlog.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 24, 2020 ID:1409307 Share Posted September 24, 2020 Good morning. Regret to read some of this. However, I would encourage you to keep up your patience and have faith in your helper. This situation is one that can be overcome. As the saying goes, hang on. It seems to me, that Microsoft Windows Update is listing and offering 4 hardware driver updates. I suggest you accept those & proceed to run the update with them. Can you please do a new run with Windows Update & accept & apply the 4 items, apply them and then do a Windows Restart. On screen captures, since they are apparently in Dutch I am going to need extra measures to get other means to translate out to English. On the very first screen message-capture, just when did that message appear? I mean, from what does that belong ? I take it that the lines say this "Unexpected error. it appears that a problem has occurred. Please try again later" Let me know about those 2 things. . What we may try doing is to get the Windows normal "Administrator" account enabled & have you set a new password for it & then possibly Logoff & log back in with it and then try some other adjustments. Lets be sure that we do not mention out in the open any value of any password. The current login-account you are using is one that has administrator rights, and we will not be diminishing it or making changes to it. My guess is that perhaps it is not having success with some aspects of registry updates. . To Get the elevated command prompt, press Windows-key + X key and then selected Command prompt ( Admin ) On that command prompt, Copy & Paste this command net user administrator /active:yes and tap Enter key. Watch and document the result of this. Hopefully this will succeed. If so, the next thing we want to do is assign a new passwrod for this min administrator account. Again do not mention that value in your replies. Just only if it is a success. Copy & Paste this command to start to change the password net user administrator * and press Enter key. Then You will get a password prompt. Type the desired password and confirm the same. Let me know how all this goes. Have faith and patience. Please also run a new fresh report with the FRSTENGLISH report tool . Right-click on FRSTENGLISH iand select Run as Administrator to start the tool , and reply YES to allow it to proceed and run. _Windows 10 users will be prompted about Windows *SmartScreen protection* - click line More info information on that screen and click button Run anyway on next screen._ Click YES when prompted by Windows U A C prompt to allow it to run. Note: If you are prompted by Windows SmartScreen, click More info & followup & choose Run anyway. Approve the Windows UAC prompt on Windows Vista and newer operating systems by clicking on Continue or Yes. Click Yes when the* disclaimer* appears in FRST. The tool may want to update itself - in that case you'll be prompted when the update is completed and ready to use. Make sure that Addition options is checked - listed under Optional scan on the FRST screen and click the box "90 day files " Press Scan button and wait. The tool will produce three logfiles on your desktop: _FRST.txt_ , _Addition.txt Click OK button when it shows up. Close the Notepad windows when they show on screen. The tool saves the files. Please attach these 2 files to your next reply. 1 Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 24, 2020 ID:1409317 Share Posted September 24, 2020 By the way, let me know if you have the Premium ( licensed ) Malwarebytes for Windows. If that is ao, we can set it to be the antivirus agent ( resident) on Windows. 1 Link to post Share on other sites More sharing options...
PieterC Posted September 24, 2020 Author ID:1409331 Share Posted September 24, 2020 Good Morning Maurice, However for me it's dinnertime Re: driver updates: installed Re: Dutch: Your Dutch is better than my English because your translation is correct (viva Google?) the first screen capture is the result of: - go to Settings/Windows Security/Open Windows-Security/Virus and threat/New start I have only the free Malwarebytes version FRST.txt Addition.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 24, 2020 ID:1409335 Share Posted September 24, 2020 Go enjoy dinnertime. I am not going to hold you back. There is no need to rush. I will post back later on. Thanks for the reports. 😀 1 Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 24, 2020 ID:1409351 Share Posted September 24, 2020 Very good. I see that the main system "administrator" account is enabled. Now a small bit of preparation. Look on your drive C I want you to create a new folder with a name like FRST-tool Then into that folder, copy into it these files FRSTENGLISH.exe fss.exe FIXLIST.txt Now do a Windows RESTART to get int a whole new session, and this time, I need for you to be sure to login with the account Administrator. Please be sure to do that. we want to stay with and keep logged in with "Administrator" . Then we should be able to do a new custom run, like this. Start the Windows File Explorer and then, to the FRST-tool folder. RIGHT click on FRSTENGLISH and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run. to run the tool. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick. If you receive a message that a reboot is required, please make sure you allow it to restart normally. The tool will complete its run after restart. When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run. Please attach the FIXLOG.txt with your next reply later, at your next opportunity NOTE, we want to stay with and keep logged in with "Administrator" ( until we close the case or I otherwise give other advice, later). Take your time. No rush. I would like you to go careful, have confidence. We can do other things as needed. 1 Link to post Share on other sites More sharing options...
PieterC Posted September 24, 2020 Author ID:1409376 Share Posted September 24, 2020 The folder FRST-tool is made and filled as per order. The restart as Administrator resulted in a black screen with a very short notice that looked like: "Your administrator has configured diagnostic mode as obligatory" (in Dutch of course) The exact text was too swiftly gone to reproduce, but the words "diagnostic mode" and "obligatory"are certain. I waited 10 minutes, but nothing further happened except a small message stating that I should use Windows Defender (yea!) Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 24, 2020 ID:1409378 Share Posted September 24, 2020 Sorry to hear that. That message is entirely unexpected. It may be some sort of leftover from AVG / AVast Go ahead and power off the machine, wait about 30 seconds. Power mchine back ON and then login with your regular windows-login Then lets run this tool from Malwarebytes Please read all of these lines first so that it is all clear to you about our plan. I need a one time run of MBAR like listed here, please. Please download Malwarebytes Anti-Rootkit (MBAR) from this link here and save it to your desktop. Doubleclick on the MBAR file and allow it to run. •Click OK on the next screen, to allow the package to extract the contents of the file to its own folder named mbar. •mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open. •After reading the Introduction, click 'Next' if you agree. •On the Update Database screen, click on the 'Update' button. •Once you see 'Success: Database was successfully updated' click on 'Next', then click the Scan button. With some infections, you may see two messages boxes: 1.'Could not load protection driver'. Click 'OK'. 2.'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions. •If malware is found, press the Cleanup button when the scan completes. . Please attach the log it produces, you'll find the log in that mbar folder as MBAR-log-<date and time>***.txt . Please attach that to your next reply. Your continued patience is appreciated. I will have you follow up with more scans in the next rounds. 1 Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 24, 2020 ID:1409387 Share Posted September 24, 2020 Additional important note: when you get the chance, there are 2 files that should be deleted. They had been identified by Windows Defender as trojans D:\DOWNLOADS\StartIsBack ++ 2.9.2\StartIsBack ++ 2.9.2\SiBActivatorX.exe D:\DOWNLOADS\Malwarebytes PREMIUM 4.1.2.73\LicenseMalwareBytes.exe 1 Link to post Share on other sites More sharing options...
PieterC Posted September 24, 2020 Author ID:1409421 Share Posted September 24, 2020 Did the deeds. No infections. (That used to be good news. Now not so much..) see log file. mbar-log-2020-09-24 (21-57-35).txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 24, 2020 ID:1409423 Share Posted September 24, 2020 Ok. That is still a good thing, that result. Lets do this next Please download RogueKiller (x64) using the link below. → http://download.adlice.com/api?action=download&app=roguekiller&type=x64 Save the file first, Close any running programs that you started on your own ( if any). Please disconnect any USB or external drives from the computer before you run this scan! Double-click RogueKillerx64.exe to run the program. Follow the prompts. If a browser window opens, close the window. In the HOME tab, click Scan button Next, on the Quick scan pane, click om the Start button to proceed. . Upon completion, a browser window may open. Close this window. Important: Please do not have RogueKiller remove any detected items. Click the HISTORY tab followed by Scan Reports. Double-click the scan log. Click Export TXT, enter a filename and save the file to your Desktop. Please attach the file in your next reply. 1 Link to post Share on other sites More sharing options...
PieterC Posted September 24, 2020 Author ID:1409426 Share Posted September 24, 2020 RogueKiller results below. No problems. RogueKillerResults.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 24, 2020 ID:1409434 Share Posted September 24, 2020 Thanks. That too is a good thing. I would like you to do a manual run with the Microsoft Software Removal tool latest version ( its updated each month as part of the regular MS Windows Update cycle ). This tool is a limited one. It targets some specific "common" malicious threats. It is a tool run typically once a month when your Windows does a Windows Update check. I would just like a one time on demand run. Point your browser to this MS website link https://www.microsoft.com/en-us/download/malicious-software-removal-tool-details.aspx Look to see it matches your language & your version of Windows in terms of 64-bit or 32-bit Download and save the tool. Then go to the folder where saved ( should be the Downloads folder). Double click the tool and allow it to Run. It should not take more than 12 - 15 minutes. You could if you want run a FULL scan but that will take a longer run time. We will do more later. 1 Link to post Share on other sites More sharing options...
Recommended Posts