[preacherswife]

About a month ago, my computer was running extremely slow and I posted on the forum and one of the techs helped me tremendously and it was discovered, I had a Trojan Kovter.
 
The tech left me with some recommendations but unfortunately before I could make some changes, I am facing this same thing once again.
 
He has advised me to post once again in the forum and to post a new set of FRST logs. additions.txt and frst.txt.  With that said, I am working on that now.

Edited by JSntgRvr, 08 November 2017 - 01:40 PM.
Moderator's edit: Letter too loud.

[Advertisements]

I'm sorry are we having trouble posting the logs ?

[zep516]

I'm sorry are we having trouble posting the logs ?

[preacherswife]

Joe, I found FRST in my documents folder, right clicked and hit run as administrator.  It popped up on my screen for a  couple of seconds not leaving enough of time to hit scan. 

We had this same problem before and you gave me a work around on how to fix it but I can't remember.   

[zep516]

Hello,

I don't like FRST in the documents folder. I want FRST on the desktop, Lets run delfix and get rid of any left over tools from last time.

Download DelFix by Xplode and save it to your desktop.

• Run the tool by right click on the icon and Run as administrator option.
• Make sure that these ones are checked:
  • Remove disinfection tools
  • Purge system restore
  • Reset system settings
• Push Run.
• The program will run for a few seconds and display a notepad report.
  Paste it for my review.

[preacherswife]

# DelFix v1.010 - Logfile created 08/11/2017 at 22:11:37
# Updated 26/04/2015 by Xplode
# Username : Dorraine - DORRAINE-PC
# Operating System : Windows 10 Home  (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner

~ Cleaning system restore ...

Deleted : RP #13 [Windows Update | 10/18/2017 15:26:40]
Deleted : RP #16 [Scheduled Checkpoint | 10/25/2017 22:40:07]
Deleted : RP #17 [Scheduled Checkpoint | 11/02/2017 03:44:16]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

[zep516]

Next

Lets set up Firefox so it downloads everthing to the desktop. It's a lot easier this way.

To do that

1. Click the "Open Menu" button in the upper right-corner of the browser. It's the one with 3 Horzontal lines.

2.Choose Options. In the downloads section, (Files and applications) click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.


Tell me when that's done.

Then we will then download a fresh copy of FRST (Farber recovery scan tool) I'll provide the instruction for that.

[preacherswife]

Got it!

[zep516]

Lets download the 64Bit version of FRST and see how it goes from there.

Everything gets download to the desktop and tools are "Run as administrator."

Please download Farbar Recovery Scan Tool and save it to your Desktop.
(64 Bit Version for you)

• Right click to run as administrator When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from. (Desktop)
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe).(Desktop) Please also paste that along with the FRST.txt into your reply.
• [/list]

[preacherswife]

I have no idea what is going on Joe.  Each time I try to download the Farbar Recovery Scan Tool, it bumps me offline.  I have double clicked and right clicked and each time, it am knocked offline. 

[zep516]

Hello,

Can you run adwcleaner ?

Download AdwCleaner from here. Save the file to the desktop.
NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.
Close all open windows and browsers.

• XP users: Double click the AdwCleaner icon to start the program.
• Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  You will see the following console:

• Click the Scan button and wait for the scan to finish.
• After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
• Click the Clean button.
• Everything checked will be moved to Quarantine.
• When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

• On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

[preacherswife]

ARGH!  I d/led AdwCleaner and clicked to run as administrator but once again, it flashes on the screen for a couple of seconds and then it's gone.  I have no way to run the program. 

[zep516]

Hello,

Lets see if FRST will run in the safe mode.

How to boot to safe mode in Win 10

https://support.micr...pc-in-safe-mode

[preacherswife]

In safe mode, I did not see FRST on the desktop but AdwCleaner was there and I was able to run that.  Here are the results...

 

# AdwCleaner 7.0.4.0 - Logfile created on Mon Nov 13 17:24:39 2017
# Updated on 2017/27/10 by Malwarebytes
# Database: 10-28-2017.1
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

PUP.Optional.SearchAssist, Plugin found: SearchAssist Incognito -


***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************



########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

[preacherswife]

Joe, are you still helping me?  I am still having a problem.

 

Thank you

[zep516]

Yes, looks like I missed the last post Nov 13 never got the e mail notification. Sorry about that.

Do you have FRST on the desktop ? You said you did not see it in safe mode. Do you see it in regular mode ? we need to get that to run so you can post the logs from it.