Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help needed removing unknown virus FSRT logs are attached


  • This topic is locked This topic is locked
13 replies to this topic

#1 perryja

perryja

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 30 December 2015 - 09:02 AM

Running Windows 10

Had a virus & did the following to remove it.

1. From safe Mode deleted a number of files that had been loaded in days related to the virus showing up.

2. Used Norton Virus tool to clean the bad files.

3. Used Norton Power Eraser as well to remove files.

4. Used Zemana Antimalware to remove some more files.

5. Used AdwCleaner & Junkware Removal Tool.

Each Step above made improvements.

 

Remaining notable Issues.

 

1. one RunDLL messages show up after login. "The specified modules could not be found" cvvlyy.dll.

2. Message window shows up after login *Validate Copy of Your Windows License!..." with a no. to call

 

Thanks for helping. 

Jeff

Attached Files



BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:05 PM

Posted 30 December 2015 - 11:25 AM

Hi and welcome to the Virus/Trojan/Spyware/Malware Removal forum,

I am thcbytes and I am here to help you!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.

In the upper right hand corner of the topic you will see a button called Watch this topic. Click on this then choose Immediate E-Mail notification and then Proceed and you will be advised when I respond to your topic by email.

Please try to complete the steps and reply at least every 24 hours. If you find that your delayed just post a quick reply here and let me know!! After 5 days if your topic is not replied I will assume it has been abandoned and I will close it.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

<<<<<<<<<<

Lastly if you have not already done so you should consider backing up your important data - pictures, documents, etc... Worse case scenario is need for a wipe and reinstall your operating system to its factory settings. Therefore your precious data will be salvaged. There are both free and paid applications available.

Cobian Backup
DriveImage XML
CrashPlan

<<<<<<<<<<

I will be back in a short while with you next steps.

Kind regards,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:05 PM

Posted 30 December 2015 - 02:12 PM

Hello again,

 

This next please...

Jeff (S-1-5-21-1297237322-4228492742-2711617901-1000 - Administrator - Enabled) => C:\Users\Jeff
Nancy (S-1-5-21-1297237322-4228492742-2711617901-1003 - Administrator - Enabled) => C:\Users\Nancy.Perry-HP

I need you to log into both Admin accounts before we start the clean up. Just log off and then log into the other account and do not reboot.

<<<<<<<<<<

Is this familiar to you?

Follow Component (HKU\S-1-5-21-1297237322-4228492742-2711617901-1000\...\{46AA3B7A-D435-2A8A-B827-C87A0F0F2C64}) (Version: 1.8.4 - Car Extension corp)

<<<<<<<<<<

FRST fix:

  • Save Attached File  fixlist.txt   15.8KB   5 downloads to the same location that you have FRST
Running from C:\Users\Jeff\Downloads

Note: It's important that both files, FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.

Please copy and paste the log in your next reply.

How is your computer running now? What problems remain?

Kind regards,
thcbytes


Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#4 perryja

perryja
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 30 December 2015 - 03:56 PM

Currently backing up my files onto a external hard drive. But have a couple of questions.

 

Section 1 Question. You want me to log into both accounts but you state to log out of one & into the other. Did you mean to "signout" of one & into the other before running the FRST.exe to Select the Fix Button. 

 

Section 2 Follow Component is not familiar to be other than I'm getting a "RunDLL" Error message when logging in to my account. 



#5 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:05 PM

Posted 30 December 2015 - 04:09 PM

When you boot up W10 you will get the blue splash screen with the Window to the right, the user in the middle of the screen and the available accounts in the lower left.  Simple take a moment to 'sign in' to both admin accounts one at a time so both are loaded.  Then run the fix from either (not both) of the accounts.  Make sense?

 

Follow Component is not familiar to be other than I'm getting a "RunDLL" Error message when logging in to my account

 

Ok.  Thanks.  :)


Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#6 perryja

perryja
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 31 December 2015 - 08:41 AM

Ran The FRST fix Option as you noted. Attached is the Fixlog.txt file.

 

All of the visual issues appear to be removed. Is that anything else we can do to make sure the computer is virus free?

 

Attached Files



#7 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:05 PM

Posted 31 December 2015 - 10:58 AM

Hello,
 

All of the visual issues appear to be removed

 
Great.
 
<<<<<<<<<<<
 

Is that anything else we can do to make sure the computer is virus free?

 
 
Yes.  Of course.  We are not done yet.
 
<<<<<<<<<<
 
Download Malwarebytes Anti-Malware (MBAM) to your desktop.

  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detection's, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'

Paste the contents of the clipboard into your reply.

<<<<<<<<<<

ESET Online Scanner

  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

Copy and paste the log for my review

<<<<<<<<<<

Specialized FRST Scan:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:
start
CMD: sfc /scannow
CMD: findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >> "%userprofile%\desktop\sfcdetails.txt"
end
  • Save the file to your desktop and name it as fixlist.txt
  • Run FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.

Please copy and paste the log in your next reply.

<<<<<<<<<<

Please let me know how the computer is running now.

Regards,
thcbytes


Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#8 perryja

perryja
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 31 December 2015 - 05:02 PM

Ran MBAM & it found 2 threats that it fixed with out needing to restart the computer.

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/31/2015
Scan Time: 12:31 PM
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.12.31.05
Rootkit Database: v2015.12.26.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Jeff
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 452543
Time Elapsed: 14 min, 14 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 2
PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\bvxvaxxvyd, Quarantined, [366b36753457082e0c380f03d92b5da3], 
PUP.Optional.MyBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\IBUpd2, Quarantined, [940d47645239aa8c499ea07a9c6832ce], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Ran ESET Attached File  ESET12-31-15.txt   11.56KB   3 downloads
 
Also Ran the Specialized FRST Scan: Attached File  Fixlog.txt   70.14KB   3 downloads
 
Computer still seem to be work as it should. 
 
 
 


#9 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:05 PM

Posted 31 December 2015 - 05:33 PM

Looking good. Let me take a look at fresh logs.

Re-run FRST, check the Addition.txt box, press SCAN and copy/paste the 2 logs in your next reply.

Thanks and happy new year :)
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#10 perryja

perryja
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 31 December 2015 - 06:54 PM

Thanks for all your help. 

 

The FRST file logs:

Attached File  FRST.txt   141.39KB   1 downloads

Attached File  Addition.txt   55.97KB   1 downloads

 

& Happy New Years to you too.

Jeff



#11 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:05 PM

Posted 31 December 2015 - 08:04 PM

I think your all set Jeff.
Do you have any questions?
Is there anything else your concerned about that I can help with?

<<<<<<<<<<

Please take the time to carefully review this info contained below. Its invaluable.

Answers to common security questions - Best Practices

<<<<<<<<<<

bwebb7v.jpgDownload Delfix from here and save it to your desktop.
  • Ensure Remove disinfection tools is checked.
  • Also place a checkmark next to:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click the Run button.
When the tool is finished, a log will open in notepad. Please copy and paste the log in your next reply.

Happy and safe New Year,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#12 perryja

perryja
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 01 January 2016 - 09:53 AM

# DelFix v1.011 - Logfile created 01/01/2016 at 09:46:09
# Updated 18/08/2015 by Xplode
# Username : Jeff - PERRY-HP
# Operating System : Windows 10 Home  (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Jeff\Desktop\esetsmartinstaller_enu.exe
Deleted : C:\Users\Jeff\Downloads\Addition.txt
Deleted : C:\Users\Jeff\Downloads\FRST.txt
Deleted : HKLM\SOFTWARE\AdwCleaner
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #15 [Installed DirectX | 12/30/2015 19:28:45]
Deleted : RP #16 [Windows Backup | 12/30/2015 20:00:33]
Deleted : RP #17 [Windows Backup | 12/31/2015 00:01:49]
 
New restore point created !
 
########## - EOF - ##########
 
Thanks for your help.
 
Should I save a new backup & system image on my external hard drive now?


#13 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:05 PM

Posted 01 January 2016 - 10:54 AM

Hi Jeff,
 

Should I save a new backup & system image on my external hard drive now?

 

 

Yes.  Then purge the old backup.

 

Take care,

thcbytes


Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#14 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:05 PM

Posted 01 January 2016 - 10:55 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users