Positron Posted September 15 ID:1661012 Share Posted September 15 Hello, I finally perfomed, as a last resort, another Restore from my System Image Disk dated in March, 2024. (Last week my windows suddenly says not genuine.) After Restoring, my win is genuine again (has been for the past 8 years since my purchase.) I thought I had all Ccleaner out of my computer, but no so. I found two listings of Ccleaner when checking my msconfig "Startup". The second one just came up this evening. No where else that I could find.. Both Ccleaners were unchecked but I want to rid of them. Here is some info. 1st listing. CCleaner Smart Cleaning Manufacturer Unknown Dated May 11, 2023 "C:\ProgramFiles\CCleaner\CCleaner64.exe" /Monitor HKCU\software\microsoft\windows\currentversion\run I checked under Program files and Program files 86x and found no listing of ccleaner. 2nd Listing ccleaner_emergency_update Manufacturer Unknown Dated May 11, 2023 "C:\Program Files|CCleaner\ccupdate611_free.exe" /S /INSTDIR="C:\Program Files\Cleaner\" HKCU\software\microsoft\windows\currentversion\runonce Again, I found no listing of ccleaner under Program files or Program files 86x. Is there a way of permanently ridding of ccleaner remnants? Thanks pos Link to post Share on other sites More sharing options...
Porthos Posted September 15 ID:1661013 Share Posted September 15 (edited) @Positron Click the following link and run a Scan with Farbar Recovery Scan Tool Attach the 2 logs. Edited September 15 by Porthos Link to post Share on other sites More sharing options...
Positron Posted September 15 Author ID:1661015 Share Posted September 15 Thanks Porthos. Attached are the two files you requested. I looked at the txt and saw avast, which I also cannot get out. I am attaching the msconfig "Start" for your inspection. Sorry about the quality, cheap phone. FRST.txt Addition.txt Link to post Share on other sites More sharing options...
JSntgRvr Posted September 15 ID:1661041 Share Posted September 15 Welcome I'll be helping you with your computer. Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding. Please take note of the guidelines for this fix: Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated. First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer. Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me. Please read ALL instructions carefully and perform the steps fully and in the order they are written. If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean. Continue to read and follow my instructions until I tell you that your machine is clean. If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed. Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. Let's begin... Best way to deal with this problem is to reset all your passwords from another computer that it is not compromised. There is no evident malware in these logs. Let run a script to review some of the settings: The following Fix will empty these folders: Windows Temp Users Temp folders Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Discord cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin Hosts file will be reset Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns, please ask before running this fix. The system will be rebooted after the fix has run. FRST64 was saved as C:\Users\Owner\Desktop\FRSTEnglish.exe Download the enclosed file Fixlist.txt Save it in the same location FRST64 is saved. (FRSTEnglish.exe) Start FRST (FRST64) with Administrator privileges This time around Press the Fix button and wait When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from. Please attach this file in your next reply. After the fix, restart the computer and enable all Startup programs and Services. Then re-scan with FRST64.exe. Post new logs. Link to post Share on other sites More sharing options...
Positron Posted September 15 Author ID:1661043 Share Posted September 15 9 minutes ago, JSntgRvr said: Welcome I'll be helping you with your computer. Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding. Please take note of the guidelines for this fix: Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated. First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer. Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me. Please read ALL instructions carefully and perform the steps fully and in the order they are written. If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean. Continue to read and follow my instructions until I tell you that your machine is clean. If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed. Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. Let's begin... Best way to deal with this problem is to reset all your passwords from another computer that it is not compromised. There is no evident malware in these logs. Let run a script to review some of the settings: The following Fix will empty these folders: Windows Temp Users Temp folders Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Discord cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin Hosts file will be reset Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns, please ask before running this fix. The system will be rebooted after the fix has run. FRST64 was saved as C:\Users\Owner\Desktop\FRSTEnglish.exe Download the enclosed file Fixlist.txt Save it in the same location FRST64 is saved. (FRSTEnglish.exe) Start FRST (FRST64) with Administrator privileges This time around Press the Fix button and wait When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from. Please attach this file in your next reply. After the fix, restart the computer and enable all Startup programs and Services. Then re-scan with FRST64.exe. Post new logs. "enable all startup programs and services". Does this imply I stop Malwarebytes premium, glary, and other programs in the bottom tray first, or does FRST automatically disable these programs? Thanks. pos Link to post Share on other sites More sharing options...
Positron Posted September 15 Author ID:1661098 Share Posted September 15 I ran the program and attached the fixlog.txt. Three things to note so far. "Turn on Windows Security Center" came up Firefox make Update. I clicked no. "This copy of Windows is not genuine." What is next? Fixlog.txt Link to post Share on other sites More sharing options...
Positron Posted September 15 Author ID:1661117 Share Posted September 15 Attached are the latest FRST.txt and Addition.txt files. FRST.txt Addition.txt Link to post Share on other sites More sharing options...
JSntgRvr Posted September 15 ID:1661154 Share Posted September 15 Windows Resource Protection found corrupt files but was unable to fix some of them. FRST64 was saved as C:\Users\Owner\Desktop\FRSTEnglish.exe Download the enclosed file Fixlist.txt Save it in the same location FRST64 is saved. (FRSTEnglish.exe) Start FRST (FRST64) with Administrator privileges This time around Press the Fix button and wait The Windows Script Host will popup. Can you tell me what it says? Click OK on the host window to finish the fix. When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from. Please attach this file in your next reply. Link to post Share on other sites More sharing options...
Positron Posted September 15 Author ID:1661160 Share Posted September 15 Here is what happened. I opened FRSTEnglish and a message popped up saying "eror product key not found". Then it wanted to restart windows, so I clicked ok and it rebooted Then a message says "want to enter key" FRST opens up, I click ok and it finishes with txt message The Firefox update starts windows finally opens and a message pops up asking if I want to update Firefox. I clicked "dismiss" Windows is open, but it says it is not genuine. Attached is the fixlog.txt Fixlog.txt Link to post Share on other sites More sharing options...
JSntgRvr Posted September 16 ID:1661175 Share Posted September 16 Do you have a product key? It should be a label attached to the computer. Link to post Share on other sites More sharing options...
Positron Posted September 16 Author ID:1661178 Share Posted September 16 PM sent with key JS. Thanks pos Link to post Share on other sites More sharing options...
JSntgRvr Posted September 16 ID:1661180 Share Posted September 16 Let me know how the suggestion goes. Link to post Share on other sites More sharing options...
Positron Posted September 16 Author ID:1661182 Share Posted September 16 (edited) I had to try a different method as the page did not have an "activate windows" link. I tried "Start" and typed "activate Windows" and it actually opened up. I entered the key and it worked. Is there anything more we need to do, or is it ok to start checking Audio Forums again? pos ps. (I designed exceedingly high quality vacuum tube stereo sound components, although retired now. In fact the first perfectly accurate stereo Preamplifier in the world, musical output sounds exactly like the musical input.) Edited September 16 by Positron Link to post Share on other sites More sharing options...
JSntgRvr Posted September 16 ID:1661196 Share Posted September 16 How is the computer doing? Link to post Share on other sites More sharing options...
Positron Posted September 16 Author ID:1661199 Share Posted September 16 Except for having to start in safe mode and then restarting to get into normal mode (some sort of files corruption from what I understand) everything seems working just fine. Evidently, the corrupt files are outside the realm of System Image Backup, and I don't have the installation disk. But I can get along as is. I know I need to wait for the all clear, so will wait until you give the go ahead, and problem solved. Thanks for your help JS. pos Link to post Share on other sites More sharing options...
JSntgRvr Posted September 16 ID:1661249 Share Posted September 16 Open Msconfig. Click on the boot tab and select Boot log. Click Ok and restart the computer. Attempt to logon and recreate the issue. Once the issue is recreated, open the c:\Windows\ntbtlog.txt and save it to the desktop. Attach the file to a reply. Scan with Security Check and attach its report. Link to post Share on other sites More sharing options...
Positron Posted September 19 Author ID:1661856 Share Posted September 19 (edited) My computer went down, sorry I am late responding but I had to have a company format my computer, so I got a win 7 installation thumbdrive, installed win 7 ultimate from scratch, got on the internet but having problems installing Malwarebytes, says Windows 2019-09 security Update lacking. I don't know which file(s) they mean, help as I need to get malwarebytes reinstalled. pos Edited September 19 by Positron Link to post Share on other sites More sharing options...
Porthos Posted September 19 ID:1661858 Share Posted September 19 6 minutes ago, Positron said: don't know which file(s) they mean, help as I need to get malwarebytes reinstalled. Link to post Share on other sites More sharing options...
Positron Posted September 19 Author ID:1661859 Share Posted September 19 (edited) I found a version that I could download and install but my key does not work. I think it is because I did not deactivate before having the format performed. I shall give them a call. pos Edited September 19 by Positron Link to post Share on other sites More sharing options...
Porthos Posted September 19 ID:1661861 Share Posted September 19 4 minutes ago, Positron said: My computer is 64 bit but the files have all different dates. Which ones? You paid a company to reinstall and guess they did not finish the job? Lets see where they left the system. Click the following link and run a Scan with Farbar Recovery Scan Tool Attach the 2 logs. Link to post Share on other sites More sharing options...
Positron Posted September 19 Author ID:1661872 Share Posted September 19 (edited) First Pathos, thanks for your patience with me. Somehow, I don't know how, I found a link that said if I cannot install the windows update I could download this link and install malwarebytes. I also found a place to give my malwarebytes email address and password and got the 6 digit number, entered it, and Malwarebytes now says I am protected. I never did download the windows 7 update, but then I could not find an actual link to download the update from. pos Edited September 19 by Positron Link to post Share on other sites More sharing options...
Positron Posted September 19 Author ID:1661884 Share Posted September 19 Hi Pathos, i have some info attachments to give you. pos FRST.txt Addition.txt Malware 9-18.txt Link to post Share on other sites More sharing options...
Porthos Posted September 19 ID:1661885 Share Posted September 19 @Positron Your Malwarebytes is way out of date. Please install the current version. https://downloads.malwarebytes.com/file/mb5-windows Link to post Share on other sites More sharing options...
Positron Posted September 19 Author ID:1661937 Share Posted September 19 (edited) I just finished upgrading/updating Malwarebytes and ran a scan. Below are the results. I just checked msconfig and noticed that under "General" the check mark went from "Normal Startup" when I first installed Windows 7, to now "Selective Startup". Is this normal? Thanks. pos Malwarebytes Scan Report 2024-09-19 135607.txt Edited September 19 by Positron Link to post Share on other sites More sharing options...
JSntgRvr Posted September 19 ID:1662016 Share Posted September 19 That installation seems incomplete. FRST64 was saved as C:\Users\pcdr\Desktop\FRST64.exe Download the enclosed file Fixlist.txt Save it in the same location FRST64 is saved. (FRSTEnglish.exe) Start FRST (FRST64) with Administrator privileges This time around Press the Fix button and wait The Windows Script Host will popup. Can you tell me what it says? Click OK on the host window to finish the fix. When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from. Please attach this file in your next reply. Link to post Share on other sites More sharing options...
Recommended Posts