laceejay24 Posted March 29, 2021 Report Share Posted March 29, 2021 Need help cleaning my computer Link to post Share on other sites
flashh4 Posted March 29, 2021 Report Share Posted March 29, 2021 Howdy Lacee and welcome to BestTechie !!! My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer. Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !! If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !! Perform all actions in the order given. Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up ! Do Not Remove anything or run any tools/programs until advised to do so ! Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections. If you think you have similar problems, please post a log in the Malware Removal forum and wait for help. =================================== Run these programs & post the logs for me !! Download and run AdwCleaner * Download AdwCleaner from here and save it to your desktop. >>> https://www.bleepingcomputer.com/download/adwcleaner/ * run AdwCleaner by clicking on Scan Now * when it has finished, leave everything that was found checked, (ticked), then click on Clean and Repair * if it asks to reboot, allow the reboot * on reboot, click on View Log File; please attach the content of the log to your next reply. ================ Run Malwarebytes Anti-Malware * You may have Malwarebytes Anti-Malware installed but if not, you can download it from here: >>> https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ * run the program * click on the ‘Dashboard’ to make sure everything is up to date, (it is not necessary to upgrade to the premium version of MBAM) * click on the ‘Scan’ tab, (directly below the Dashboard tab) * select the Threat Scan option * slick the Scan Now button * Threat Scan will begin * when the scan has completed and if malware was found, click the Quarantine Selected button to allow MBAM to quarantine what was found * if prompted to restart the computer, close all other programs and click Yes to restart your computer * once you are back at your desktop, open MBAM once more * click on the ‘Reports’ tab * double-click on the most recent Scan Report * click on Export, then Copy to Clipboard * Logs to include with the next post: ======================== If you have trouble with the logs ! Open Malwarebytes Anti-Malware * click the Settings tab,at the top choose Protection and tick Scan for rootkits. * Click the Dashboard tab, choose Scan, Threat Scan is checked and click Start Scan. * If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes. * Upon completion of the scan (or after the reboot), click the Reports tab. * Double-click the Scan Log. * At the bottom click Export and choose Text file. * Save the file to your desktop and include its content in your next reply. * You can access the logs by going in the "Reports" tab, clicking on the latest "Scan" entry (the one with detections), then clicking on the "Export" button in the bottom-left corner and select "Copy to clipboard". After that, all you have to do is paste it here. ======================= Run Farbar Recovery Scan Tool * It is very IMPORTANT to save to desktop ...... Please download Farbar Recovery Scan Tool and save it to your Desktop. >>> https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ * Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. * right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. * press Scan button * it will produce a log called Frst.txt in the same directory the tool is run from * please copy and paste log back here. * the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Frst.txt into your reply. * Logs to include with next post: Frst.txt Addition.txt Thanks Chuck Link to post Share on other sites
laceejay24 Posted March 29, 2021 Author Report Share Posted March 29, 2021 # ------------------------------- # Malwarebytes AdwCleaner 8.2.0.0 # ------------------------------- # Build: 03-22-2021 # Database: 2021-03-29.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 03-29-2021 # Duration: 00:00:46 # OS: Windows 10 Home # Cleaned: 72 # Failed: 0 ***** [ Services ] ***** Deleted WtuSystemSupport ***** [ Folders ] ***** Deleted C:\Program Files (x86)\Common Files\AVG Secure Search Deleted C:\Program Files (x86)\avg web tuneup Deleted C:\Program Files\Common Files\AVG Secure Search Deleted C:\Program Files\avg web tuneup Deleted C:\ProgramData\AVG_UPDATE_0116TB Deleted C:\ProgramData\AVG_UPDATE_0215TB Deleted C:\ProgramData\AVG_UPDATE_0415TB Deleted C:\ProgramData\AVG_UPDATE_0615TB Deleted C:\ProgramData\AVG_UPDATE_0616TB Deleted C:\ProgramData\AVG_UPDATE_0715TB Deleted C:\ProgramData\AVG_UPDATE_0716TB Deleted C:\ProgramData\AVG_UPDATE_0915TB Deleted C:\ProgramData\AVG_UPDATE_1015TB Deleted C:\ProgramData\AVG_UPDATE_1114TB Deleted C:\ProgramData\AVG_UPDATE_1214TB Deleted C:\ProgramData\AVG_UPDATE_1215TB Deleted C:\ProgramData\AVG_UPDATE_1216TB Deleted C:\ProgramData\avg web tuneup Deleted C:\Users\Lacee\AppData\LocalLow\AVG SafeGuard toolbar Deleted C:\Users\Lacee\AppData\Local\MessengerTime Deleted C:\Users\Lacee\AppData\Local\Packages\windows_ie_ac_001\AC\AVG Web TuneUp Deleted C:\Users\Lacee\AppData\Local\avg web tuneup Deleted C:\Users\Lacee\AppData\Roaming\MessengerTime Deleted C:\Users\Lacee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MessengerTime Deleted C:\Users\Lacee\AppData\Roaming\OpenCandy ***** [ Files ] ***** Deleted C:\Users\Lacee\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\MessengerTime.lnk Deleted C:\Users\Public\Desktop\eBay.lnk ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** Deleted C:\Windows\Tasks\0116TBUPDATEINFO.JOB Deleted C:\Windows\Tasks\0215TBUPDATEINFO.JOB Deleted C:\Windows\Tasks\0415TBUPDATEINFO.JOB Deleted C:\Windows\Tasks\0615TBUPDATEINFO.JOB Deleted C:\Windows\Tasks\0715TBUPDATEINFO.JOB Deleted C:\Windows\Tasks\0915TBUPDATEINFO.JOB Deleted C:\Windows\Tasks\1015TBUPDATEINFO.JOB Deleted C:\Windows\Tasks\1114TBUPDATEINFO.JOB Deleted C:\Windows\Tasks\1214TBUPDATEINFO.JOB Deleted C:\Windows\Tasks\1215TBUPDATEINFO.JOB ***** [ Registry ] ***** Deleted HKCU\Software\AppDataLow\Software\MessengerTime Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\land.pckeeper.software Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pckeeper.software Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\s.thebrighttag.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\land.pckeeper.software Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pckeeper.software Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\s.thebrighttag.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Start Page Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Deleted HKLM\Software\AVG Secure Search Deleted HKLM\Software\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Deleted HKLM\Software\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Deleted HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Deleted HKLM\Software\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7} Deleted HKLM\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Deleted HKLM\Software\Classes\WtuServer.WtuServerObj Deleted HKLM\Software\Classes\WtuServer.WtuServerObj.1 Deleted HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|MessengerTime Deleted HKLM\Software\Wow6432Node\AVG Tuneup Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3} Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615} Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7} Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Deleted HKLM\Software\Wow6432Node\\Google\Chrome\NativeMessagingHosts\avgsh Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|MessengerTime Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\MessengerTime Deleted HKLM\System\Setup\FirstBoot\Services\WtuSystemSupport ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Hosts File Entries ] ***** No malicious hosts file entries cleaned. ***** [ Preinstalled Software ] ***** No Preinstalled Software cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [13479 octets] - [29/03/2021 16:36:41] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ########## Link to post Share on other sites
flashh4 Posted March 30, 2021 Report Share Posted March 30, 2021 Hey Lacee, just a bunch of junk which can slow down a computer !! Let's see what else we find ! After we run the Farbar program i will type you up a fix so you can run it !! Do you still use/have Avg. as an antivirus ??? Reason i ask is Windows10 which you have has a built in antivirus protection/scanner it is all that i use ! Chuck Link to post Share on other sites
flashh4 Posted April 2, 2021 Report Share Posted April 2, 2021 Lacee, we have a 5 day response to our Malware Removal section before it is locked !! I will give you one more day to respond before i lock this topic !! Please respond if you still need help !! Chuck Link to post Share on other sites
flashh4 Posted April 4, 2021 Report Share Posted April 4, 2021 This topic is now closed & locked ! If you need it opened again please PM me a message ! Thanks Chuck Link to post Share on other sites
Recommended Posts