Jump to content

Items Scnned 0

KitM

By KitM
in Resolved Malware Removal Logs

 Share

Recommended Posts

KitM

KitM

Posted
Posted

Stuff: Windows 7 Home Premium (yeah, yeah, I know) 64Bit.

There's a file "mlkumidi.log" in the Windows folder that when I scan it with MBytes, it scanned it for 1 min. 22 secs. and came up "Items Scanned 0" with "0"s on all the other notifications. I tried to read it but even though I've got Admin security privs, I'm not the owner and it can't/won't tell me who is - thus, I can't open it to tread it. Bitdefender says it scanned something for 00:01 secs and all "0"s. I know that it's probably part of the MusicLab app, but, for me, it's strange that I have no control over it and can't at least read it. Both MBytes and BDefend are up to date. Thanks in advance for your time and trouble. Your software and servicing are fantastic.

MBytes_Scan_Midi_log.jpg

BitDefend_Scan_Midi_log.jpg

Link to post
Share on other sites
KitM

KitM

Posted
  • Author
Posted

The setup is all 64Bit. All of the conditions that you enumerated had been done except for the TLS 1.1 & TLS 1.2 security settings and the KB4516065 update.

I had to edit the registry for the two TLS protocols. Interestingly, the SSL 2 was set as - DisableByDefault: 1. With the addition of the 2 TLSs, I've kept it disabled.

However, KB4516065 did not update. I got a "The update is not applicable to your computer" (attached).

I also found an "Unknown Account" with security access to my Docs folder and a couple of others but not any system files or folders.

By the way, thanks for your help. I was in IT for a decade or so and I do appreciate your time.

Not_Ap.jpg

UnknownAccount_Docs_C.jpg

Link to post
Share on other sites
KitM

KitM

Posted
  • Author
Posted

Thanks for the extremely quick response. I forgot to tell you that this problem happened after a few changes (There're also the BSODs of an unsigned Tascam driver - another story).

I had done a "fsutil dirty querey C:", (boot on a sys repair disk and then full chkdsk on the unmounted C:). Just after that, during the usual daily update of MalBytes and BDefend, I had to reboot after one or the other's update.

The DAW I use to compose with is still very jerky - its memory and disk access monitors don't show abnormal behavior.

When I run Borderlands, the mouse sticks like a brick.

Too much stuff to trace an exact through line, so I'm just hitnmissing this now.

Thanks again for your trouble. Take a few days off away from tech talk.

Enjoy the Holidays.

 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Please go ahead and run the following fix @KitM and see if it helps clean up some of your issues.

 

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.
NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords.

NOTE-3: As part of this fix it will also reset the network to default settings including the firewall. If you have custom firewall rules you need to save please export or save them first before running this fix.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

fixlist.txt

Thanks

 

Link to post
Share on other sites
  • 3 months later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites
KitM

KitM

Posted
  • Author
Posted

I ran the procedure. No hiccups until CHKDSK C: /F - See pic "No_CHKDSK_C.jpg".

Loaded Windows repair disk, ran CHKDSK E: /F (Boot from CD - C: drive reassigned to E:) - See pic "Repair_CHKDSK_C.jpg".

Also attached is the resultant "Fixlog.txt" - Check out the (to me) scary "周攠瑹灥映瑨攠晩汥...etc., etc., etc. - in two places - Yikes ...

No_CHKDSK_C.jpg

Repair_CHKDSK_C.jpg

Fixlog.txt

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

The Unicode characters are normal due to how the deletions are run, nothing to worry about.

The disk check looks good. It found and fixed some issues that could even prevent the booting of the computer.

This was also in the log which is a good thing too.

Windows Resource Protection found corrupt files and successfully repaired

 

Please get me new logs from the Farbar scanner.

 

 

 

Please do the following so that we can get started and see what's going on.


The Farbar Recovery Scan Tool is a free Windows utility designed to create troubleshooting logs for your computer. These logs help our Support team to identify and resolve issues with your computer.

There are two versions of the Farbar Recovery Scan Tool available for download: 32-bit and 64-bit.
To find which operating system is installed on your computer, refer to Microsoft's article: 32-bit and 64-bit Windows: Frequently asked questions

Download and launch Farbar Recovery Scan Tool

  1. Download the Farbar Recovery Scan Tool
    Do not click on any Ads.
     
  2. Locate the file you downloaded on your computer.
    Downloaded files are often saved to the Downloads folder.
     
  3. Double-click the downloaded file to run the Farbar Recovery Scan Tool.

    DOC-1318-1.png
     
  4. Windows protected your PC notification may appear. This notification is from the Windows Defender SmartScreen Filter which prevents unfamiliar apps from running on your PC.
    Disable smart screen ONLY if it interferes with software we may have to use:  What is SmartScreen and how can it help protect me?

         a.  Click More info.

    https://support.malwarebytes.com/hc/article_attachments/360051190254/DOC-1318-2.png
         b.  Click Run anyway.

    https://support.malwarebytes.com/hc/article_attachments/360051190294/DOC-1318-3.png
  5. When the User Account Control window appears, click Yes.

    image.png

     
  6. To accept the Disclaimer of warranty, click Yes.

    image.png

     
  7. Ensure only the boxes listed below are checked

    image.png

    Registry  Services  Drivers
    Processes  Internet  One month
    Addition.txt

    image.png

     

  8. Disable any Antivirus software you have installed ONLY if it stops software we may use from working.
    Please remember to re-enable any Antivirus software when we are finished running scans

    Click Scan. The scan may take a few minutes to complete.

    image.png
     

  9. When the scan completes, Farbar Recovery Scan Tool shows two messages:

  • Scan completed. FRST.txt is saved in the same directory FRST is located.

    image.png

  • Addition.txt is saved in the same directory FRST is located.

    image.png
     

  • Click OK to close each message window

 

Please attach both of those logs on your next reply, DO NOT copy/paste the contents of the logs directly

https://content.invisioncic.com/Mmalware/monthly_2018_10/_mb_attach.jpg.dbd89b8e360d3763b3bbe33ce83d680d.jpg

 

 

Thanks

 

 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Please disable Bitdefender and run the following fix

 

 

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.
NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords.

NOTE-3: As part of this fix it will also reset the network to default settings including the firewall. If you have custom firewall rules you need to save please export or save them first before running this fix.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

fixlist.txt

Thanks

 

Link to post
Share on other sites
KitM

KitM

Posted
  • Author
Posted

Well, this has certainly shown me how long it's been since I was M$ certified - my certification was with Windows NT. Yeah, that old. Please excuse my information omissions.

1. The original problem was the inability to scan or open "mlkumidi.log". After the first scan procedure, it scanned and opened with no problem. It is a true text log file for MIDI file procedures.

2. When I did the last scan (yesterday), I only "allowed" the app through both MalB and BitD and didn't close them completely. Obviously, that was a "user" mistake - how far I've fallen.

The attached files are done with the correct protocols.

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Please temporarily disable Bitdefender and then run the following fix.

When it has been completed, please post back the FIXLOG.txt file.

 

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.
NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords.

NOTE-3: As part of this fix it will also reset the network to default settings including the firewall. If you have custom firewall rules you need to save please export or save them first before running this fix.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

fixlist.txt

Thanks

 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Thank you for the log. It looks good.

Please disable Bitdefender and exit out of Malwarebytes and run the following scan.

 

 

Microsoft Safety Scanner

Please make sure you Exit out of any other program you might have open so that the sole task is to run the following scan.   
That goes especially for web browsers, make sure all are fully exited out of and messenger programs are exited and closed as well
 

STEP 1

Please set File Explorer to SHOW ALL folders, all files, including hidden ones.  Use OPTION ONE or TWO of this article

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

STEP 2

I suggest a new scan for viruses & other malware. This may take several hours, depending on the number of files on the system and the speed of the computer.

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Look on the Scan Options & select the FULL scan.

Then start the scan. Have lots of patience. It may take several hours.

  • Once you see it has started, take a long long break;  walk away.  Do not pay credence if you see some intermediate early flash messages on the screen display.  The only things that count are the End result at the end of the run.
  • The scan will take several hours.  Leave it alone. It will remove any other remaining threats as it goes along.  Take a very long break, do your normal personal errands .....just do not use the computer during this scan.

This is likely to run for many hours as previously mentioned  ( depending on the number of files on your machine & the speed of the hardware.)

The log is named MSERT.log  and the log will be at C:\Windows\debug\msert.log

Please attach that log with your next reply.

Thank you

 

Link to post
Share on other sites
KitM

KitM

Posted
  • Author
Posted

Disabled both MalB & BitD & disabled my Net. Started the scan. Checked about 16 min. after start and saw that 77,000+ files had scanned and there was "1 file infected". I let it continue through the night. The next morning, it had completed, there was a notice (Safety_Scan) (paraphrasing) that there were no viruses and no problems.

I apologize, but that concerned me so I jumped ahead.

Next, I ran it as a quick scan and noticed that the "infected" file showed up in the 40,000+ count. After I saw the area of the problem, I canceled the scan. Again, the message "no problem". I ran the quick scan again and videoed it. I crawled the frames and found between file number 42861 and number 42865 - (pics) ....\AppData\ ... \adblockultimate@adblockultimate.net.xpi ...etc...etc.

Removed the extension and checked for residuals (folders, etc.). Even if it's a false positive - I don't care. It's gone.

Another thing - there was another file "PASSWD.LOG" in "debug". Don't know if it's part of the scan, but it does look important (attached).  The "msert.log" is dated 4/14/2022 5:01 PM and the "PASSWRD.LOG" is dated 4/14/2022 5:42. It appears to have started at 2:24 PM and cycled each hour at the same time.

And one more thing (please excuse). I've never had this happen ever. I've had to ask for a new password for the last three or four times I've logged in here. We'll see tomorrow.

Hope I didn't foul things up.

I'm going to run the full scan again tonight.

Thanks.

 

SafetyScan_2022_04_13.jpg

42861_Before.jpg

42865_After.jpg

msert.log PASSWD.LOG

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Microsoft Scanner needs to be online when it runs it's scan.

Failed to submit clean hearbeat MAPS report: 0x80072EFD

 

The detection during scan is normal and can be ignored. Microsoft is simply pieces together breadcrumbs of possible signs of infection. Then when done it submits it to the Cloud and runs it's Artificial Intelligence engine against what it finds to complete the scan.

 

Link to post
Share on other sites
KitM

KitM

Posted
  • Author
Posted

It's OK to leave the box open to the internet without protection during that MS hours long scan?

Also, concerning the PASSWD.LOG, nothing happens until the moment I enable the LAN. Then, it hits every hour until I shut down.

I'll redo the MS scan tonight naked (the cpu, not me).

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.