Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

AVG, MBAM disabled in Win 7 after momenatry blue screen [Solved]


  • This topic is locked This topic is locked

#76
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Awesome. Let's continue with the cleanup.

 

Step#1 - Remove Z drive from Disk Management

1. Go back to Disk Management.

2. Right-click on the (Z:) drive and select Change Drive Letter and Paths...

3. Click the Remove button.

4. Click Yes to any confirmation messages that may come up.

5. Reboot your machine

 

Step#2 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool. Click I agree if you agree with the terms of use.
4. Click on Scan.
5. After the scan is complete click on "Cleaning"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[C1].txt as well.

 

Step#3 - Re-Install newest Malwarebytes

  • Download Malwarebytes to your desktop from here and install.

 

Step#4 - ESET Online Scanner and Post Results
Before running this scan, please temporarily disable your antivirus software to avoid conflicts. You can re-enable once it's done. Instructions for doing this on many AVs are here. This scan can take hours to run but is necessary to ensure we don't miss anything. Plan accordingly.

 

  • Please go here and click on 1.JPG
  • Note: This site is optimized for Internet Explorer. Please use it for this scan. If you wish to use Firefox or Chrome you will be asked to download the ESET Smart Installer first (esetsmartinstaller_enu.exe). Go ahead and download and run this file.
  • Please accept the ESET Online Scanner EULA and click Start.
  • If prompted, allow the Add-On/Active X to install. If you have problems with this step please see this link.
  • Make sure Enable detection of potentially unwanted applications is selected.
  • Click the Advanced Settings link.
  • Make sure Remove found threats is NOT checked.
  • Make sure Scan archives IS checked.
  • Make sure Scan for potentially unsafe applications IS checked.
  • Make sure Enable Anti-Stealth technology IS checked
  • 2.JPG
     
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed, if anything was detected please click the List of found threats link.
  • ThreatsFound.JPG
     
  • Then click the Copy to Clipboard link and paste this information into your next reply.
  • CopyToClipboard.JPG

     

     

  • Then you may click the Back button.
  • Check Uninstall Application on Close before clicking finish.

 
Items for your next post

1. AdwCleaner log
2. Contents of the ESET log file

 

 


  • 0

Advertisements


#77
broadcastec

broadcastec

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts

Will be away from the office for the next couple of days....will return shortly and provide the information you requested.


  • 0

#78
broadcastec

broadcastec

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts

I followed your suggestions/instructions on "Z", did the reboot and it is still there, as if it was not eliminated. Have moved onto ADW cleaner...any workaround on Z before I do the Esset?


  • 0

#79
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

I followed your suggestions/instructions on "Z", did the reboot and it is still there, as if it was not eliminated

 

That's weird. Try the same instructions again after Adwcleaner and ESET are run. Thanks.


  • 0

#80
broadcastec

broadcastec

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts

I did the remove Z exercise again and this is what I came up with after reboot.  Normal?  Possibly, first time, did not run as administrator.

 

Attached Thumbnails

  • Dsktop.jpg

  • 0

#81
broadcastec

broadcastec

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts

Unable to download adwcleaner from bleeping computer...received this message many times...

 

Error 522 Ray ID: 221ee4abe66b04ef • 2015-09-07 02:13:29 UTC

Connection timed out

something about a "cloud flare". The exact ,message is...."There is an unknown connection issue between CloudFlare and the origin web server. As a result, the web page can not be displayed"


  • 0

#82
broadcastec

broadcastec

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts

finally able to download adwcleaner.  Once started, it did a scan and just the letter "N" showed up in the list after about two minutes.  I hit "clean" and  immediately (the whole adw program) disappeared and then the AVG antivirus showed up with a notice that it eliminated ADW, calling it a virus.  Perhaps best to run this adwcleaner with AVG on inactive status?


  • 0

#83
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

I did the remove Z exercise again and this is what I came up with after reboot.  Normal?  Possibly, first time, did not run as administrator.

 

Yes, this is what it is supposed to look like. No drive letter. You can delete the F:\ partition as well if you like or at the very least remove the drive letter.

 

finally able to download adwcleaner.  Once started, it did a scan and just the letter "N" showed up in the list after about two minutes.  I hit "clean" and  immediately (the whole adw program) disappeared and then the AVG antivirus showed up with a notice that it eliminated ADW, calling it a virus.  Perhaps best to run this adwcleaner with AVG on inactive status?

 

What I would suggest is that you uninstall AVG completely. Then go ahead and run AdwCleaner. Do you still wish to use AVG as your AV? If so we can then re-download and install the newest version.


  • 0

#84
broadcastec

broadcastec

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts

AdW Cleaner log; Eset running now. I noticed it deleted my WeatherBug taskbar temp icon plus access to the weather service.  Is the WeatherBug ability considered a problem?

 

 

 

# AdwCleaner v5.006 - Logfile created 06/09/2015 at 21:49:43
# Updated 06/09/2015 by Xplode
# Database : 2015-09-04.4 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : - - ---
# Running from : C:\Users\-\Desktop\adwcleaner_5.006.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\FreeFixer
[-] Folder Deleted : C:\Program Files\Earth Networks
[-] Folder Deleted : C:\Program Files (x86)\CuTThePPriice
[-] Folder Deleted : C:\ProgramData\SecTaskMan
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WeatherBug®
[-] Folder Deleted : C:\Users\-\AppData\Local\FreeFixer
[-] Folder Deleted : C:\Users\-\AppData\Roaming\FreeFixer

***** [ Files ] *****

[-] File Deleted : C:\Users\-\AppData\Roaming\Microsoft\Windows\Start Menu\WeatherBug®.lnk

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKU\.DEFAULT\Software\AVG SafeGuard toolbar
[-] Key Deleted : HKU\.DEFAULT\Software\AVG Secure Search
[-] Key Deleted : HKU\.DEFAULT\Software\IGearSettings
[-] Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
[-] Key Deleted : HKCU\Software\APN PIP
[-] Key Deleted : HKCU\Software\Avg Secure Update
[!] Key Not Deleted : [x64] HKCU\Software\APN PIP
[!] Key Not Deleted : [x64] HKCU\Software\Avg Secure Update

***** [ Web browsers ] *****

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2407 bytes] ##########
# AdwCleaner v5.006 - Logfile created 06/09/2015 at 22:21:06
# Updated 06/09/2015 by Xplode
# Database : 2015-09-04.4 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : - - ---
# Running from : C:\Users\-\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3114 bytes] ##########
# AdwCleaner v5.006 - Logfile created 07/09/2015 at 22:09:05
# Updated 06/09/2015 by Xplode
# Database : 2015-09-07.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : - - ---
# Running from : C:\Users\-\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3801 bytes] ##########


  • 0

#85
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

I noticed it deleted my WeatherBug taskbar temp icon plus access to the weather service.  Is the WeatherBug ability considered a problem?

 

This program used to be considered adware but isn't any longer. The reason it's removed by many tools is because this program gets installed by other programs unknowingly so is a PUP (Potentially Unwanted Program). Once you are given the all clear, feel free to re-install this program if you wish to use it.


  • 0

Advertisements


#86
broadcastec

broadcastec

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts

Eset results

 

C:\MGtools\Process.exe Win32/PrcView potentially unsafe application
C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\WeatherBugSetup.res a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\All Users\{FA77A43D-F6ED-4924-87B5-517C061388C6}\WeatherBugSetup.res a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Windows\Installer\MSI257E.tmp a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
 


  • 0

#87
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Excellent. What did you decide about AVG? Did you just disable it or uninstall it at this point? If you didn't uninstall it please disable it for the next step.

 

Please zip up the C:\FRST folder on your computer and then upload to SendSpace and PM me the link. I don't want the link out on the public forum since it contains malware.

 

Thanks.


  • 0

#88
broadcastec

broadcastec

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts

On the C: \FRST, you want the entire folder from the C directory and not run a new scan...just what is existing in the folder?


  • 0

#89
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Yes, the entire folder. We will be deleting this folder shortly but currently it contains every file and registry entry that we removed that was either considered malware or adware.


  • 0

#90
broadcastec

broadcastec

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts

When I run the compression program, I get a notice that includes several symbol letters which apparently prevent the zip program from working. Thus, I can either send up the uncompressed folder...or, is there a sub directory (or sub directories) in the folder you particularly want?


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP