[tsheffie1016]

Hello,  Hope this email finds you having a good day.  As for me, I am a bit perplexed.  I do work through a site called upwork.com and had a interview posted to me.  I opened the attached word document and found it was not legit and seemed to have done some nasty things to my system.  The system I opened it on is doing some strange things like not allowing me to log into my account for Microsoft Azure.  I have another machine and I can get into it just fine.  

 

I have Kaspersky Total Security installed and ran it.  It did find a couple of files which were quarantined however it did not resolve the issue above.  I have also run Window Defender and Avast as well with no resolution.

 

Surely hope this will help.  UpWork recommended I contact you.

 

Look forward to hearing back from you.

 

Sincerely,

 

Tom. 

Attached Files

•  Addition.txt   50.15KB   329 downloads
•  FRST.txt   182.7KB   209 downloads

[Advertisements]

Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

Programs to uninstall

• Yahoo! Powered
• Avast. We do not want 2 Anti virus programs running.
  
  Next
  A few items to fix
  NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  Open notepad (Start =>All Programs => Accessories => Notepad).
  Copy/Paste the contents of the code box below into Notepad.
  

  start
  CloseProcesses:
  CreateRestorePoint:
  HKLM-x32\...\Run: [] => [X]
  HKU\S-1-5-21-360436827-3996425457-3586709047-1001\...\Run: [Zoom] => [X]
  GroupPolicy: Restriction <======= ATTENTION
  SearchScopes: HKU\S-1-5-21-360436827-3996425457-3586709047-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
  HKU\S-1-5-21-360436827-3996425457-3586709047-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp:///
  U3 aswbdisk; no ImagePath
  C:\Windows\Tasks\{53C8D8D2-22A1-B782-5140-0645F770ECF7}.job
  C:\PROGRA~2\COMMON~1\53C8D8~1
  CustomCLSID: HKU\S-1-5-21-360436827-3996425457-3586709047-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-48C73FA1CB50}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
  CMD: ipconfig /flushdns
  CMD: netsh winsock reset all
  CMD: netsh int ipv4 reset
  CMD: netsh int ipv6 reset
  CMD: netsh advfirewall reset
  CMD: netsh advfirewall set allprofiles state Off
  Emptytemp:
  

• Click Format and ensure Wordwrap is unchecked.
• Save as Fixlist.txt to your Desktop (Must be in this location)
• Run FRST/FRST64 and press the Fix button just once and wait.
• If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
• The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

Next
Please download adwCleaner to your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click the Scan button and wait for the process to complete.
• Click the logfile button and the log will open in Notepad.
• Click on the Clean button follow the prompts.
• A log file will automatically open after the scan has finished and the PC has rebooted.
• Please post the content of that log file with your next answer.
• The report will be saved in the C:\AdwCleaner folder.
  
  Next
• Please download Junkware Removal Tool to your Desktop.
• Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
• Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete, depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
• Please post the contents of JRT.txt into your reply.

Please post the following logs in your next reply to me

• Fixlog.txt
• Adwcleaner log.
• JRT log report.

[zep516]

Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

Programs to uninstall

• Yahoo! Powered
• Avast. We do not want 2 Anti virus programs running.
  
  Next
  A few items to fix
  NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  Open notepad (Start =>All Programs => Accessories => Notepad).
  Copy/Paste the contents of the code box below into Notepad.
  

  start
  CloseProcesses:
  CreateRestorePoint:
  HKLM-x32\...\Run: [] => [X]
  HKU\S-1-5-21-360436827-3996425457-3586709047-1001\...\Run: [Zoom] => [X]
  GroupPolicy: Restriction <======= ATTENTION
  SearchScopes: HKU\S-1-5-21-360436827-3996425457-3586709047-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
  HKU\S-1-5-21-360436827-3996425457-3586709047-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp:///
  U3 aswbdisk; no ImagePath
  C:\Windows\Tasks\{53C8D8D2-22A1-B782-5140-0645F770ECF7}.job
  C:\PROGRA~2\COMMON~1\53C8D8~1
  CustomCLSID: HKU\S-1-5-21-360436827-3996425457-3586709047-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-48C73FA1CB50}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
  CMD: ipconfig /flushdns
  CMD: netsh winsock reset all
  CMD: netsh int ipv4 reset
  CMD: netsh int ipv6 reset
  CMD: netsh advfirewall reset
  CMD: netsh advfirewall set allprofiles state Off
  Emptytemp:
  

• Click Format and ensure Wordwrap is unchecked.
• Save as Fixlist.txt to your Desktop (Must be in this location)
• Run FRST/FRST64 and press the Fix button just once and wait.
• If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
• The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

Next
Please download adwCleaner to your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click the Scan button and wait for the process to complete.
• Click the logfile button and the log will open in Notepad.
• Click on the Clean button follow the prompts.
• A log file will automatically open after the scan has finished and the PC has rebooted.
• Please post the content of that log file with your next answer.
• The report will be saved in the C:\AdwCleaner folder.
  
  Next
• Please download Junkware Removal Tool to your Desktop.
• Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
• Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete, depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
• Please post the contents of JRT.txt into your reply.

Please post the following logs in your next reply to me

• Fixlog.txt
• Adwcleaner log.
• JRT log report.

[tsheffie1016]

I was able to finally get Yahoo! Powered to uninstall but it wasn't as easy as other programs.  Also uninstalled Avast as well.  Attached are the logs you instructed me to send back.   I tried to log into Azure again and it is still not allowing me on this computer.  However I can on another computer just fine.  Still have an issue here....

 

Tom.

Attached Files

•  JRT.txt   759bytes   169 downloads
•  Fixlog.txt   4.34KB   220 downloads
•  AdwCleanerC2.txt   1.1KB   175 downloads
•  AdwCleanerS1.txt   1.27KB   171 downloads

[tsheffie1016]

Here are two more Adwcleaner txt files I didn't include because the date didn't make sense

Attached Files

•  AdwCleanerC0.txt   4.17KB   166 downloads
•  AdwCleanerS0.txt   4.44KB   361 downloads

[zep516]

Hello,

Thanks for those logs, now run a malwarebytes scan

Make sure that in Malwarebytes Anti-Malware the option to “Scan for rootkits” is checked under “Settings” > “Detection and Protection” before you start the “Scan”.

• Please download Malwarebytes Anti-Malware to your desktop.
• Double-click mbam-setup-version.exe and follow the prompts to install the program.
• Launch Malwarebytes Anti-Malware
• Then click Finish.
• If an update is found, you will be prompted to download and install the latest version.
• Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
• When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
• Reboot your computer if prompted.
  
  
  Posting the Malwarebytes log.
  
  
• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the Scan Log which shows the Date and time of the scan just performed.
• Click 'Export'.
• Click 'Text file (*.txt)'
• In the Save File dialog box which appears, click on Desktop.
• In the File name: box type a name for your scan log.
• A message box named 'File Saved' should appear stating "Your file has been successfully exported".
• Click Ok
• post that saved log to your next reply.
• 
  

[tsheffie1016]

Attached is the MBAM Log as requested.

Attached Files

•  MBAM Log.txt   1.64KB   179 downloads

[zep516]

Hello,

Can you log into the account you were having issue with now.

[tsheffie1016]

No still no luck from this computer

[tsheffie1016]

Even tried other browsers on this computer and still no luck.  My secondary system can log in.

[zep516]

Hello,

What error do you get when attempting to log in ?

Have you tried un-plugging the modem / router for a few mins. Then re-plugging them back in.

[tsheffie1016]

The login window says the password is not correct even though it works on the other computer using the same login.  

 

I did do a complete reboot of the network and if it was in the modem/router, wouldn't it effect both machines?

[zep516]

Not necessarily we always reboot the router / modem in a case like this.

A Few things to do

We better run the clean tool for avast
https://www.avast.co...install-utility
Download and run to make certain all Avast files and drivers are gone.

Is this the site you cannot access
https://azure.microsoft.com/en-us/


Lets try booting to safemode with networking and try logging in from there
To do that see link. 4 ways to boot to safemode
http://www.digitalci...mode-windows-10

[tsheffie1016]

I ran the uninstall and still no change.  The site is https://login.microsoftonline.com

[zep516]

On that page where it says "Cant access my account" Did you check there for any ideas ? Perhaps we should reset the password even though it works on the other machine. It's all I can think of for now, the log files are clean of Malware.



What other sites are causing log-in problems ?

[tsheffie1016]

I don't have permission to change that specific site.  I have also seen issues where things that I did have just vanished.  I would do a search and they would show up as recent but them not anywhere on the system.  I have decided to just start over from scratch.  I had replaced the hard drive with an SSD prior to this issue happening so I am just going to re-clone the drive.  I am at a loss with where this bugger is hiding, so I am just going to "nuke" the planet. LOL