Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Scammed: Pressed Microsoft Icon / R: Part 2

This is a discussion on Scammed: Pressed Microsoft Icon / R: Part 2 within the Resolved HJT Threads forums, part of the Tech Support Forum category. https://www.techsupportforum.com/for...r-1235472.html I apologize for the delay. When others assist free of charge, their time should not be wasted. Illness prevent


 
 
Thread Tools Search this Thread
Old 04-07-2019, 08:38 AM   #1
tdb
TSF Enthusiast
 
Join Date: Feb 2008
Location: U.S.A
Posts: 548
OS: Linux Mint: 19.2 & 18.3; Apple Sierra/Majave;



https://www.techsupportforum.com/for...r-1235472.html

I apologize for the delay. When others assist free of charge, their time should not be wasted. Illness prevent me from do what was requested but I have done it now, Info is in an attachment. Thank you for your assistance.

Another thing... on own my router verses by neighbor's router, I had no issues in connecting... we couldn't access the Internet with any other devices like smartphones or tablets. Will I have to do something at the router? This computer was the one connect to via Ethernet and its the computer he pressed Microsoft icon and R. Thanks
Attached Files
File Type: txt FRST.txt (24.4 KB, 4 views)
tdb is offline  
Sponsored Links
Advertisement
 
Old 04-07-2019, 09:56 AM   #2
Security Team
Moderator
 
icotonev's Avatar
 
Join Date: Jan 2011
Location: Bulgaria
Posts: 152
OS: win 10 Pro 1903



Quote:
  • It will produce logs called FRST.txt and Addition.txt in the same directory the tool is run from.
  • Copy and paste the contents of FRST.txt/Addition.txt into your next reply.
Hi, Welcome to the TSF Malware Removal forum...!

You have attached only one FRST.txt file. The Addition.txt file is missing, and it is required for the correct system analysis. Please attach the file Addition.txt. Thank you..!
icotonev is offline  
Old 04-07-2019, 10:59 AM   #3
tdb
TSF Enthusiast
 
Join Date: Feb 2008
Location: U.S.A
Posts: 548
OS: Linux Mint: 19.2 & 18.3; Apple Sierra/Majave;



Quote:
Originally Posted by icotonev View Post
Hi, Welcome to the TSF Malware Removal forum...!

You have attached only one FRST.txt file. The Addition.txt file is missing, and it is required for the correct system analysis. Please attach the file Addition.txt. Thank you..!
Opps. Just saved one file, didn't know the Addition was in "download" folder.

I thinks this is all of it.
Attached Files
File Type: txt Addition.txt (51.6 KB, 4 views)
tdb is offline  
Sponsored Links
Advertisement
 
Old 04-07-2019, 11:36 AM   #4
Security Team
Moderator
 
icotonev's Avatar
 
Join Date: Jan 2011
Location: Bulgaria
Posts: 152
OS: win 10 Pro 1903



Hello again..!

Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to check mark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.




Download AdwCleaner and save it to your Desktop.
  • Right-click on AdwCleaner.exe and select Run as Administrator
  • Accept the EULA (I accept), then click on Scan.
  • Let the scan complete. If no objects are detected, close the AdwCleaner window.
  • If any objects are detected, make sure that all the boxes are checked and click on the Clean and Repair button.
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer. Allow it to do so.
  • After the restart, an AdwCleaner window will open. Click on View Log File, and the log will open in notepad. Copy and paste the contents of the log into your next reply.
Note: the AdwCleaner log is also saved to C:\AdwCleaner\Logs\AdwCleaner[CXX].txt (where XX is two numbers).


Thanks..!
icotonev is offline  
Old 04-07-2019, 11:45 AM   #5
tdb
TSF Enthusiast
 
Join Date: Feb 2008
Location: U.S.A
Posts: 548
OS: Linux Mint: 19.2 & 18.3; Apple Sierra/Majave;



Followed instructions scanning with Malwarebytes Anti-Malware now. I'll be ASAP after scan is over. Thanks!
tdb is offline  
Old 04-07-2019, 01:26 PM   #6
tdb
TSF Enthusiast
 
Join Date: Feb 2008
Location: U.S.A
Posts: 548
OS: Linux Mint: 19.2 & 18.3; Apple Sierra/Majave;



Here's the Malwarebits report.
Attached Files
File Type: txt malwarebits results.txt (129.2 KB, 4 views)
File Type: txt AdwCleaner[S00].txt (2.5 KB, 2 views)
tdb is offline  
Old 04-08-2019, 08:47 AM   #7
Security Team
Moderator
 
icotonev's Avatar
 
Join Date: Jan 2011
Location: Bulgaria
Posts: 152
OS: win 10 Pro 1903



Hello again..! The scan results indicate that your system is infected with browser hijackers


More info can be found here:


https://blog.malwarebytes.com/detect...nal-mindspark/
https://blog.malwarebytes.com/detect...al-mapsvoyage/
https://blog.malwarebytes.com/detect...searchencrypt/https://blog.malwarebytes.com/detect...-driverupdate/


Because you have not taken any action:


Quote:
No Action By User
..start again Malwarebytes, but this time:


  • If potential threats are detected, ensure to check mark all the listed items, and click the Quarantine Selected button.


Please post the log for my review...!


======================


Delete everything found by AdwCleaner...!




Quote:
  • If any objects are detected, make sure that all the boxes are checked and click on the Clean and Repair button.
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer. Allow it to do so.
  • After the restart, an AdwCleaner window will open. Click on View Log File, and the log will open in notepad. Copy and paste the contents of the log into your next reply.
icotonev is offline  
Old 04-08-2019, 03:50 PM   #8
tdb
TSF Enthusiast
 
Join Date: Feb 2008
Location: U.S.A
Posts: 548
OS: Linux Mint: 19.2 & 18.3; Apple Sierra/Majave;



Info in attachments. Thanks.
Attached Files
File Type: txt report.txt (125.6 KB, 4 views)
File Type: txt reprot2.txt (1.2 KB, 3 views)
tdb is offline  
Old 04-09-2019, 09:07 AM   #9
Security Team
Moderator
 
icotonev's Avatar
 
Join Date: Jan 2011
Location: Bulgaria
Posts: 152
OS: win 10 Pro 1903



Hello again! What problems do you observe ..?


Please prepare fresh diaries:


Download FRST and save it to your desktop from here

Note: You need to run the version compatible with your system.
If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system; that will be the right version.


Double-click FRST then click the 'Scan' button to run the tool.
When done, FRST will save 2 logs to your desktop.
  1. FRST.txt
  2. Addition.txt
icotonev is offline  
Old 04-09-2019, 11:25 AM   #10
tdb
TSF Enthusiast
 
Join Date: Feb 2008
Location: U.S.A
Posts: 548
OS: Linux Mint: 19.2 & 18.3; Apple Sierra/Majave;



I never had an issue with accessing the Internet when I connected my neighbor's desktop to my Internet. I guess the proof will be in the puddling when I reconnect their desktop via the Ethernet to their router.

Here's the info....
Attached Files
File Type: txt FRST.txt (56.5 KB, 5 views)
File Type: txt Addition.txt (55.2 KB, 4 views)
tdb is offline  
Old 04-09-2019, 03:35 PM   #11
tdb
TSF Enthusiast
 
Join Date: Feb 2008
Location: U.S.A
Posts: 548
OS: Linux Mint: 19.2 & 18.3; Apple Sierra/Majave;



They still can't connect computer devices via the Internet, there must be malware on the router.
tdb is offline  
Old 04-10-2019, 08:38 AM   #12
Security Team
Moderator
 
icotonev's Avatar
 
Join Date: Jan 2011
Location: Bulgaria
Posts: 152
OS: win 10 Pro 1903



Quote:
Originally Posted by tdb View Post
They still can't connect computer devices via the Internet, there must be malware on the router.

Hello again! Please follow the instructions from this link:


https://setuprouter.com/networking/h...t-your-router/


Please only for this part:


Quote:
How to Reboot your Router

Rebooting a router means cycling the power to it. If you want to reboot your router, follow these steps:
  • Unplug the power connector from the back of the router and plug it back in.
  • Wait about 30 seconds for the router to reboot.
  • Your internet connection will drop when your router is rebooted. If someone is using a computer on your network to access the internet, you may want to warn them.
=======================================



Then:


  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST/FRST64.exe

    NOTE: Both FRST/FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.

Code:
start
CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Toolbar: HKLM - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} -  No File
Toolbar: HKLM-x32 - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} -  No File
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx

Task: {D507FDC5-65F8-4A0E-93DE-5EFE77157DCB} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION

FirewallRules: [{AF52C0C0-DC6A-4DD6-8BE7-B9B70EEE8206}] => (Allow) C:\Users\JAMES\AppData\Local\Temp\7zS63AA\HPDiagnosticCoreUI.exe No File
FirewallRules: [{E151807A-0AF7-43C1-8788-CF76587559A3}] => (Allow) C:\Users\JAMES\AppData\Local\Temp\7zS63AA\HPDiagnosticCoreUI.exe No File
FirewallRules: [{D2859D0B-0B1D-4274-B46F-1DD0A7218653}] => (Allow) C:\Users\JAMES\AppData\Local\Temp\7zS62A8\HPDiagnosticCoreUI.exe No File
FirewallRules: [{7D6C85D3-579D-4EF3-8A3D-558CA6D66718}] => (Allow) C:\Users\JAMES\AppData\Local\Temp\7zS62A8\HPDiagnosticCoreUI.exe No File
FirewallRules: [TCP Query User{162A35EB-6363-46A6-9523-3F4C8614F037}C:\users\james\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\james\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe No File
FirewallRules: [UDP Query User{0E865664-6DDF-43D5-A311-E6A5D24FEB72}C:\users\james\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\james\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe No File
FirewallRules: [{3EB6F15D-566E-46FD-A351-E09188B0EC33}] => (Allow) C:\Users\JAMES\AppData\Local\Temp\7zS6E11\HP.EasyStart.exe No File
FirewallRules: [{9E28E8CA-3EC5-4DF3-B9D4-AC54075FCE22}] => (Allow) C:\Users\JAMES\AppData\Local\Temp\7zS7356\HP.EasyStart.exe No File
FirewallRules: [{EBC7BB2B-9B57-4C3D-8C94-9BEB229C534A}] => (Allow) C:\Users\JAMES\AppData\Local\Temp\7zS7FF7\HP.EasyStart.exe No File
FirewallRules: [{B631B08B-DA7E-4959-AB02-FD39E4B45422}] => (Allow) C:\Users\JAMES\AppData\Local\Temp\7zS2171\HPDiagnosticCoreUI.exe No File
FirewallRules: [{D8BDEF9A-AC37-4735-B463-D90B9A88ECEB}] => (Allow) C:\Users\JAMES\AppData\Local\Temp\7zS2171\HPDiagnosticCoreUI.exe No File
FirewallRules: [{71C6C22D-1DB2-4A4A-8697-946E1FB66B43}] => (Allow) C:\Users\JAMES\AppData\Local\Temp\7zSAC5B.tmp\SymNRT.exe No File
FirewallRules: [{2046D349-1117-4905-B0E2-844FED9494C5}] => (Allow) C:\Users\JAMES\AppData\Local\Temp\7zSAC5B.tmp\SymNRT.exe No File

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers

Removeproxy:

reboot:
end
  • Double-click FRST/FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
icotonev is offline  
Old 04-12-2019, 10:51 PM   #13
Security Team
Moderator
 
icotonev's Avatar
 
Join Date: Jan 2011
Location: Bulgaria
Posts: 152
OS: win 10 Pro 1903



Hi..! If you still need help, please respond to this thread or it will be closed in 24 hours.

Thanks...!
icotonev is offline  
Old 04-13-2019, 06:52 AM   #14
tdb
TSF Enthusiast
 
Join Date: Feb 2008
Location: U.S.A
Posts: 548
OS: Linux Mint: 19.2 & 18.3; Apple Sierra/Majave;



Quote:
Originally Posted by icotonev View Post
Hi..! If you still need help, please respond to this thread or it will be closed in 24 hours.

Thanks...!

Hey hey icotonev! Thanks for all of your assistance. My neighbors told me to say thank you for them also.

Everthing is up and working. They are having issues with their email and iPhones, hence they assume their network wasn't working. But once I connected the Desktop, change their access code and Nework password... always right.


Thanks you for your assistance and patience. Is issue is solved.

tab
tdb is offline  
Old 04-13-2019, 12:42 PM   #15
Security Team
Moderator
 
icotonev's Avatar
 
Join Date: Jan 2011
Location: Bulgaria
Posts: 152
OS: win 10 Pro 1903



Hi...That's great!

....but still, please post in your next reply:


Quote:
When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply
Тhanks...!
icotonev is offline  
Old 04-13-2019, 04:16 PM   #16
tdb
TSF Enthusiast
 
Join Date: Feb 2008
Location: U.S.A
Posts: 548
OS: Linux Mint: 19.2 & 18.3; Apple Sierra/Majave;



LOL OK; I got a tad too excited and forgot about Fixlog.txt.

I'll have to see when my neighbors are at home but I'll post those result quickly. thanks again.
tdb is offline  
Old 04-18-2019, 08:35 AM   #17
Security Team
Moderator
 
icotonev's Avatar
 
Join Date: Jan 2011
Location: Bulgaria
Posts: 152
OS: win 10 Pro 1903



Hello, tab! ..! I'm moving your topic to: Resolved HJT Threads


If you wish to continue, please let me know by private message.


Regards
Ico



icotonev is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
win 7 won't start after virus removal
A couple weeks ago my laptop was infected by the windows security 2012 virus. I followed the steps and cleaned out my system, so I thought. Yesterday I noticed that my CPU usage was running at 100% and the cause of it was ping.exe, also at that time I noticed that my firewall was disabled and I...
whiteboy75 Virus/Trojan/Spyware Help 13 01-25-2012 01:55 PM
Rootkit Zero Access Trojan / Virus
System Dell Duo inspiron 1090 Windows 7 Home Premium Machine has been infected by above mentioned virus this was deduced by running task manager and the top process read something 778686798.123456.exe then browsing google to see what I could find it couldn't be stopped and it has disabled all virus...
bigfoot57 Resolved HJT Threads 78 11-30-2011 02:31 PM
PC won't boot after restart after finding av.exe
On April 1, I started getting browser popups to sites: Amazon, Mate1, and others. I ran a full scan using Avira free (installed 6 months ago, and updated daily). It found only one thing, which I quarantined. The next day I started getting Antivirus 2010 XP popups with scans. Having just run a...
Arclite Resolved HJT Threads 143 05-03-2010 04:32 AM
Another World of Warcraft issue...stumped
Hello all! I'm new to these board, and like many I've come seeing the wisdom of the fine folks here...and a hearty "thanks" in advance to any assistance. I'm having a particular problem with my WoW program - an issue that I haven't until the recent update to the game. I sought assistance on...
sword3274 PC Gaming Support 10 12-31-2009 05:45 AM
Slow motion video playback and strange noise distortion when using Mozzila/IE
Hi I have a Toshiba Satelite M70 laptop and a few days now I realise that the video (youtube and any sort of videos) playback speed is really slow liike slow motion (my interenet speed is fine) eventhough the video downloads in normal speed and there is a really creepy kind metal noise when...
neo12 Windows XP Support 49 08-25-2009 07:18 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 07:19 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts