Ou_i_du_sausoir

adaware v13 + get rid of boot errors on usb disks & solvusoft/registry first aid/onesafe

Recommended Posts

Hi all,

 

i have two pc:

 

pc 1:

Samsung galaxy book (pc-tablet)

W10 x64

128 Gb storage

Antivirus: ad-aware total security

Antimalware: Comodo cis complete, usbfix

 

 

pc 2:

W8 x64

Compaq desktop pc

900 Gb storage

4 Gb ram

Antivirus: ad-aware total security

Antimalware: Comodo cis complete, usbfix

Firewall: comodo firewall paid version (cis complete with GeekBuddy)

 

 

 

the pcs are infected with registry first aid, and others adwares & malwares,

 

befor and after formatting the pcs & the disks, theses errors persists:

 

1: dualboot Cubuntu-Win 8 on desktop pc fails: error to make the grub and dualboot

 

2: virtualbox portable of Cubuntu on Cubuntu live usb crashes on Windows 8/10

 

3: error of boot on xfce/xubuntu usb disk:

SYSLINUX 6.03 EDD 2014-10-06 Copyright (C) 1994-2014 gH. Peter Anvin & Al

Failed to load ldlinux.c32

Boot failed: Please change disk and press a key to continue

 

4: boot error on Sardu multiboot live 14 Gb usb disk

 

5: boot error on 2 Gb framakey salix (no system detected, press any key to continue)

 

6: problem with internet on salix environment on 14 Gb framakey salix: the "firefox/thunderbird doesn't closed properly, another instance running, please restart firefox/thunderbird" error message persists

 

7: corrupted files on 1 TB micro sd card (video, executables, etc...), install and copy files on this card makes corrupted files

 

8: error of creation of recovery usb disk on 128 Gb samsung fit with cyberlink power2go 11 & power2go 12

 

i had , frst, adsfix, pre_scan, and others scans on usb/sd and two pc, and the logs is below,

 

adaware v13 coming soon in 2019,

my suggestions in AdAware v13 is:

-come-back of different colours per adaware version: orange: free, green: personnal, light blue: pro, dark blue: total, red: adblock, yellow: privacy toolbox, purple: browser, blue: web companion paid version

-come-back of Ad-Watch

-new notifications center

Thanks...

Rem-VBS.log usb micro sd tour compaq 2 janv 2019.txt

UsbFix-Report-01 usb micro sd tour compaq 2 janv 2019.txt

Pre_Scan_31_12_2018_17_47_14 xfce sfce galaxy book.txt

AdsFix_28_12_2018_11_57_04 galaxy book xfce sfce.txt

UsbFix-Report-01 xfce sfce galaxy book 29 12 2018.txt

Rem-VBS xfce sfce galaxy book 28 12 2018.log

Addition.txt

FRST.txt

Shortcut.txt

Pre_Scan usb micro sd tour coompaq 2 janv 2019.txt

AdsFix_02_01_2019_05_38_21 usb micro sd tour compaq.txt

Share this post


Link to post
Share on other sites

Hi again,

1. Is really UsbFix something to trust?
Please see review here: https://download.cnet.com/UsbFix/3000-2239_4-76475054.html
3.6 out of 5 is bad result: https://www.softpedia.com/get/Antivirus/Removal-Tools/UsbFix.shtml
Has probably destroyed Cubuntu:

Quote

Le volume dans le lecteur E s’appelle CUBUNTU
...
USB drive disinfected

and other the other drives that you mentioned.

 

2. Please activate the system restore function.
 

3. In the computer where you ran FRST:
Please uninstall these bad programs:
My Web Shield
Служба автоматического обновления программ (HKU\S-1-5-21-2722556486-2600372899-1548682961-1001\...\MailRuUpdater) (Version:  - Mail.Ru)

If you haven't installed DRIVERfighter yourself, uninstall it too (often seen bundled with other programs). If you use it, you should be aware of that it sometimes installs drivers that aren't suitable for the computer. I, and many computer experts, recommends to only use drivers fetched from Windows Update and the web sites of the hardware manufacturers.


4. Please, save AdwCleaner by Xplode on the desktop: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

Turn off all programs, including browsers.
Double-click on AdwCleaner to start the program.

Click on the Scan button.
Wait until the search has finished.

Click on the Log file button.
Select the tab Scan and double-click on the top and latest log file.
A report will be displayed, copy its content and paste into your reply.
If the report isn't displayed, it's available as C:\AdwCleaner\AdwCleaner[S1].txt.
 

Share this post


Link to post
Share on other sites
1 hour ago, CeciliaB said:

Hi again,

1. Is really UsbFix something to trust?
Please see review here: https://download.cnet.com/UsbFix/3000-2239_4-76475054.html
3.6 out of 5 is bad result: https://www.softpedia.com/get/Antivirus/Removal-Tools/UsbFix.shtml
Has probably destroyed Cubuntu:

and other the other drives that you mentioned.

 

2. Please activate the system restore function.
 

3. In the computer where you ran FRST:
Please uninstall these bad programs:
My Web Shield
Служба автоматического обновления программ (HKU\S-1-5-21-2722556486-2600372899-1548682961-1001\...\MailRuUpdater) (Version:  - Mail.Ru)

If you haven't installed DRIVERfighter yourself, uninstall it too (often seen bundled with other programs). If you use it, you should be aware of that it sometimes installs drivers that aren't suitable for the computer. I, and many computer experts, recommends to only use drivers fetched from Windows Update and the web sites of the hardware manufacturers.


4. Please, save AdwCleaner by Xplode on the desktop: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

Turn off all programs, including browsers.
Double-click on AdwCleaner to start the program.

Click on the Scan button.
Wait until the search has finished.

Click on the Log file button.
Select the tab Scan and double-click on the top and latest log file.
A report will be displayed, copy its content and paste into your reply.
If the report isn't displayed, it's available as C:\AdwCleaner\AdwCleaner[S1].txt.
 

usbfix is something to trust,

 

my web shield and driverfighter installed

 

the adwcleaner log is below;

and also the two quickdiag and defogger logs for XFCE SFCE Xubuntu live USB and the Galaxy Book PC

 

Thanks...

AdwCleaner[S00].txt

QuickDiag_02_01_2019_01_58_37.txt

defogger_disable.log

Share this post


Link to post
Share on other sites

You're welcome.

Why did you run Defogger?
I can't see that you use any CD emulation programs nor that you need to run any rootkit scanners.

If I shall be able to help you, you've to stop install and run programs than I haven't asked you to install or run. It makes e.g. your uploaded logs from FRST unusable since they 're no longer shows the current situation. Please uninstall Advanced System Care, OneSafe PC Cleaner and other programs that you've installed since you ran FRST. They make the situation worse instead of better. It's more adware in the log of AdwCleaner than in the logs of FRST.

Now you've to start from the beginning with new FRST logs, please.

10 hours ago, Ou_i_du_sausoir said:

usbfix is something to trust, 

How can you trust a program that has destroyed your Linux distributions?

Share this post


Link to post
Share on other sites
5 hours ago, CeciliaB said:

You're welcome.

Why did you run Defogger?
I can't see that you use any CD emulation programs nor that you need to run any rootkit scanners.

If I shall be able to help you, you've to stop install and run programs than I haven't asked you to install or run. It makes e.g. your uploaded logs from FRST unusable since they 're no longer shows the current situation. Please uninstall Advanced System Care, OneSafe PC Cleaner and other programs that you've installed since you ran FRST. They make the situation worse instead of better. It's more adware in the log of AdwCleaner than in the logs of FRST.

Now you've to start from the beginning with new FRST logs, please.

How can you trust a program that has destroyed your Linux distributions?

i ran defogger to disable a malicious virtual cd/dvd contain malicious files

 

the mbar/adwcleaner/quickdiag of the desktop pc/usb & micro sd drives, and the frst of january 3rd, 2019 of galaxy book is below,

 

usbfix has don't destroy cubuntu and others linus distributions

 

advanced systemcare/driverfighter/onesafe are deleted/uninstalled on the two pc,

but portables versions of OneSfae, WinThruster, PC Optimizer Pro, Anvisoft apps, is installed on external micro sd, cubuntu/xfce sfce xubuntu/sardu multiboot/framakey salix drives,

and a mbam log of september and a rkill log below

Thanks...

mbar-log-2019-01-02 (07-42-45).txt

Addition.txt

AdwCleaner[C01].txt

FRST.txt

Shortcut.txt

QuickDiag_03_01_2019_13_41_29.txt

rapport mbam 7 septembre 2018.txt

Rkill.txt

Share this post


Link to post
Share on other sites

Please take one computer at a time, continue with the computer with Windows 10 until it's clean.

4 hours ago, Ou_i_du_sausoir said:

but portables versions of OneSfae, WinThruster, PC Optimizer Pro, Anvisoft apps, is installed on external micro sd

1. Please don't use such programs. They usually create problems instead of solving them and are not useful for removing malware and adware.
 

Quote

AV: adaware antivirus (Disabled - Up to date) {3AF56CA3-CA5A-215C-108D-CECA729D293A}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: adaware antivirus (Disabled - Up to date) {81948D47-EC60-2ED2-2A3D-F5B8091A6387}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

2. Why are adaware antivirus disabled? You need to have a running antivirus program.
 

3. Please uninstall OneSafe PC Cleaner and WebDiscover Browser, the usual way, don't use any uninstaller programs.


4. Please remove all left-overs of Avast antivirus by following this instruction: https://www.avast.com/uninstall-utility


5. Turn off all programs, including browsers.
Double-click on AdwCleaner to start the program.

Click on the Scan button.
Wait until the search has finished.

Click on the Log file button.
Select the tab Scan and double-click on the top and latest log file.
A report will be displayed, copy its content and paste into your reply.
If the report isn't displayed, it's available as C:\AdwCleaner\AdwCleaner[S "largest number"].txt.

 

Share this post


Link to post
Share on other sites
9 hours ago, CeciliaB said:

Please take one computer at a time, continue with the computer with Windows 10 until it's clean.

1. Please don't use such programs. They usually create problems instead of solving them and are not useful for removing malware and adware.
 

2. Why are adaware antivirus disabled? You need to have a running antivirus program.
 

3. Please uninstall OneSafe PC Cleaner and WebDiscover Browser, the usual way, don't use any uninstaller programs.


4. Please remove all left-overs of Avast antivirus by following this instruction: https://www.avast.com/uninstall-utility


5. Turn off all programs, including browsers.
Double-click on AdwCleaner to start the program.

Click on the Scan button.
Wait until the search has finished.

Click on the Log file button.
Select the tab Scan and double-click on the top and latest log file.
A report will be displayed, copy its content and paste into your reply.
If the report isn't displayed, it's available as C:\AdwCleaner\AdwCleaner[S "largest number"].txt.

 

3 onesafe & webdiscover uninstalled

4 i can't launch avastclear in safe and/or normal mode, because of error message, see capture of that error below

5 the adwcleaner log is below

 

Thanks...

Capture avastclear error.PNG

AdwCleaner[S01].txt

Share this post


Link to post
Share on other sites

1. Please, turn off all programs, including browsers.
Double-click on AdwCleaner to start the program.

Click on the Clean button.

Click on OK.
Click on OK on any message that pops up.
The computer will be restarted.

A report will be displayed, copy its content and paste into your reply.
If the report isn't displayed, it exist as C:\AdwCleaner\AdwCleaner[C"highest number"].txt
 

2. Start FRST.
Select Addition.txt.
Scan the computer.
Attach the two new log files.

Share this post


Link to post
Share on other sites
22 minutes ago, CeciliaB said:

1. Please, turn off all programs, including browsers.
Double-click on AdwCleaner to start the program.

Click on the Clean button.

Click on OK.
Click on OK on any message that pops up.
The computer will be restarted.

A report will be displayed, copy its content and paste into your reply.
If the report isn't displayed, it exist as C:\AdwCleaner\AdwCleaner[C"highest number"].txt
 

2. Start FRST.
Select Addition.txt.
Scan the computer.
Attach the two new log files.

pc 1: galaxy book:

1: heres the adwcleaner clean & frst logs at bottom of this post of this topic

 

pc 2: compaq desktop pc:

2: unfortunally, i saved adwcleaner, onesafe setup, winthruster setup and others malware setup directly on "My computer" target, causes now this exe files is on "network drives" and thèses exe of onesafe, adwcleaner and others malwares (and a corrupted/incomplete "winthruster" file" (partial download of winthruster)) reognized like "network emplacements", please see the screen capture at bottom of my reply here 

 

pc 3: portabilized "Windows To Go workspace"

installed on 60 GB Kingston DataTraveller Workspace -> portabilized Win 10 X64 installed by the "WinToUSB Application"

Antivirus on this portable Windows on that USB disk: Slimware Antivirus, Windows Firewall

 

pc 4: android device: Huawei Y6 2018 smartphone

Operating System: Android Oreo

Antivirus: Lookout

Problem encountered on this Android Huawei Smartphone: Problem on switching on "Sandisk Connect Wireless Stick" and switch Wifi on this "Sandisk Wireless Connect Stick" because is switching automatically back to Livebox, i rebooted my smartphone but the problem persists

 

pc 5:

Raspberry PI

 

pc 6: iPod Touch:

Operating system: iOs 12

Antivirus installed on this iPod Touch: Comodo Ad-Blocker

 

Thanks...

AdwCleaner[C01].txt

FRST.txt

Shortcut.txt

Addition.txt

Capture  apps emplacement réseau.PNG

Share this post


Link to post
Share on other sites

1. Please uninstall IObit Software Updater since no other IObit programs are installed.
 

2. Please, start Notepad.
Copy all text that is in the box:

CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
BootExecute: autocheck autochk * aswBoot.exe /M:2077e08c /wow /dir:"c:\program files\avast software\avast"
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
S2 AdvancedSystemCareService12; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [X]
U2 agp440; pas de ImagePath
U0 Compbatt; pas de ImagePath
U2 ERSvc; pas de ImagePath
U2 IAStorDataMgrsvc; pas de ImagePath
S3 iobit_monitor_server; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win10_x64.sys [X]
S1 mwescontroller; \??\C:\Windows\system32\drivers\mwescontroller.sys [X] <==== ATTENTION
R1 NGQ1MTBmY; \??\C:\Windows\system32\drivers\NGQ1MTBmY [X]
U2 NIHardwareService; pas de ImagePath
U2 NVSvc; pas de ImagePath
U2 Parvdm; pas de ImagePath
U2 srService; pas de ImagePath
U2 wudfsvc; pas de ImagePath
2019-01-03 13:22 - 2019-01-03 13:22 - 000000000 ____D C:\ProgramData\Fighters
2018-12-31 09:57 - 2018-12-31 09:57 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2018-12-31 09:56 - 2018-12-31 17:56 - 000004264 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-12-31 09:56 - 2018-12-31 09:56 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-12-31 09:54 - 2019-01-03 21:31 - 000000000 ____D C:\ProgramData\AVAST Software
2018-12-31 09:54 - 2018-12-31 09:54 - 000000000 ____D C:\Program Files\AVAST Software
2018-12-31 09:56 - 2018-12-31 17:56 - 000004264 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-12-31 09:56 - 2018-12-31 09:56 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-12-31 09:54 - 2019-01-03 21:31 - 000000000 ____D C:\ProgramData\AVAST Software
2018-12-31 09:54 - 2018-12-31 09:54 - 000000000 ____D C:\Program Files\AVAST Software
Task: {28FE9F4E-7CB2-4B29-8837-888123623420} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-12-31] (AVAST Software)
Task: {2C4972F2-E2DD-4B90-A533-CE18D451F113} - System32\Tasks\Software Updater SkipUAC(jean-) => C:\Program Files (x86)\IObit\Software Updater\SoftwareUpdater.exe [2018-12-27] (IObit) <==== ATTENTION
Task: {2DCB182B-834C-4E80-9AAD-4950D8186459} - System32\Tasks\fountainsfountains => C:\Program Files (x86)\filigreed\filigreed.exe [2018-12-31] ()
Task: {2FA1284D-B54F-4E9E-B0CE-98F11FC25201} - \rightist-subrotorightist-subroto -> Pas de fichier <==== ATTENTION
Task: {3EB07767-C844-470C-92E0-68390475BC28} - \meshwork_regardmeshwork_regard -> Pas de fichier <==== ATTENTION
Task: {554A5336-7251-45BC-86BE-20364AA8B203} - \Online Application V2G5 -> Pas de fichier <==== ATTENTION
Task: {5AF42AB2-D1DC-4E73-BEA9-56A9032CB861} - \Online Application V2G6 -> Pas de fichier <==== ATTENTION
Task: {847A74AE-E60C-441E-A057-91B9F4011E66} - \kisan vocoderkisan vocoder -> Pas de fichier <==== ATTENTION
Task: {A3CA6A53-0BF7-467D-93EE-05B166D8CCDE} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: {C8C31E98-3D3E-440E-A936-152AA05B5705} - \FreeDownloadManagerNetworkMonitor -> Pas de fichier <==== ATTENTION
Task: {E8E13DB5-9DE9-4F09-9099-3C2DC80F550F} - System32\Tasks\ASC12_SkipUac_jean- => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe
Task: {FB05ECD7-AE5D-40BC-883D-EE9706FF9B79} - System32\Tasks\Software Updater Scheduler => C:\Program Files (x86)\IObit\Software Updater\SUInit.exe [2018-12-27] (IObit Software updater) <==== ATTENTION
Reboot:

and paste in Notepad. Check that no files have been split on two lines.
Save the file as fixlist.txt on the desktop.

Exit all programs.
Start FRST, please.
Click the Fix button.
Wait until the tool has finished.

It creates a log file, called Fixlog.txt, on the desktop.
Please, paste the content of that file in your reply.

 

3. From where did you download adaware installation file?

Share this post


Link to post
Share on other sites
10 hours ago, CeciliaB said:

1. Please uninstall IObit Software Updater since no other IObit programs are installed.
 

2. Please, start Notepad.
Copy all text that is in the box:

CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
BootExecute: autocheck autochk * aswBoot.exe /M:2077e08c /wow /dir:"c:\program files\avast software\avast"
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
S2 AdvancedSystemCareService12; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [X]
U2 agp440; pas de ImagePath
U0 Compbatt; pas de ImagePath
U2 ERSvc; pas de ImagePath
U2 IAStorDataMgrsvc; pas de ImagePath
S3 iobit_monitor_server; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win10_x64.sys [X]
S1 mwescontroller; \??\C:\Windows\system32\drivers\mwescontroller.sys [X] <==== ATTENTION
R1 NGQ1MTBmY; \??\C:\Windows\system32\drivers\NGQ1MTBmY [X]
U2 NIHardwareService; pas de ImagePath
U2 NVSvc; pas de ImagePath
U2 Parvdm; pas de ImagePath
U2 srService; pas de ImagePath
U2 wudfsvc; pas de ImagePath
2019-01-03 13:22 - 2019-01-03 13:22 - 000000000 ____D C:\ProgramData\Fighters
2018-12-31 09:57 - 2018-12-31 09:57 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2018-12-31 09:56 - 2018-12-31 17:56 - 000004264 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-12-31 09:56 - 2018-12-31 09:56 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-12-31 09:54 - 2019-01-03 21:31 - 000000000 ____D C:\ProgramData\AVAST Software
2018-12-31 09:54 - 2018-12-31 09:54 - 000000000 ____D C:\Program Files\AVAST Software
2018-12-31 09:56 - 2018-12-31 17:56 - 000004264 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-12-31 09:56 - 2018-12-31 09:56 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-12-31 09:54 - 2019-01-03 21:31 - 000000000 ____D C:\ProgramData\AVAST Software
2018-12-31 09:54 - 2018-12-31 09:54 - 000000000 ____D C:\Program Files\AVAST Software
Task: {28FE9F4E-7CB2-4B29-8837-888123623420} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-12-31] (AVAST Software)
Task: {2C4972F2-E2DD-4B90-A533-CE18D451F113} - System32\Tasks\Software Updater SkipUAC(jean-) => C:\Program Files (x86)\IObit\Software Updater\SoftwareUpdater.exe [2018-12-27] (IObit) <==== ATTENTION
Task: {2DCB182B-834C-4E80-9AAD-4950D8186459} - System32\Tasks\fountainsfountains => C:\Program Files (x86)\filigreed\filigreed.exe [2018-12-31] ()
Task: {2FA1284D-B54F-4E9E-B0CE-98F11FC25201} - \rightist-subrotorightist-subroto -> Pas de fichier <==== ATTENTION
Task: {3EB07767-C844-470C-92E0-68390475BC28} - \meshwork_regardmeshwork_regard -> Pas de fichier <==== ATTENTION
Task: {554A5336-7251-45BC-86BE-20364AA8B203} - \Online Application V2G5 -> Pas de fichier <==== ATTENTION
Task: {5AF42AB2-D1DC-4E73-BEA9-56A9032CB861} - \Online Application V2G6 -> Pas de fichier <==== ATTENTION
Task: {847A74AE-E60C-441E-A057-91B9F4011E66} - \kisan vocoderkisan vocoder -> Pas de fichier <==== ATTENTION
Task: {A3CA6A53-0BF7-467D-93EE-05B166D8CCDE} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: {C8C31E98-3D3E-440E-A936-152AA05B5705} - \FreeDownloadManagerNetworkMonitor -> Pas de fichier <==== ATTENTION
Task: {E8E13DB5-9DE9-4F09-9099-3C2DC80F550F} - System32\Tasks\ASC12_SkipUac_jean- => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe
Task: {FB05ECD7-AE5D-40BC-883D-EE9706FF9B79} - System32\Tasks\Software Updater Scheduler => C:\Program Files (x86)\IObit\Software Updater\SUInit.exe [2018-12-27] (IObit Software updater) <==== ATTENTION
Reboot:

and paste in Notepad. Check that no files have been split on two lines.
Save the file as fixlist.txt on the desktop.

Exit all programs.
Start FRST, please.
Click the Fix button.
Wait until the tool has finished.

It creates a log file, called Fixlog.txt, on the desktop.
Please, paste the content of that file in your reply.

 

3. From where did you download adaware installation file?

[olor=olive]Hi ceciliaB & adaware forum helpers,

 

the incriminated pc for problems and logs is:

Compaq desktop pc, Galaxy book,

portabilized Win10 Windows to go Workspace on Kingston Data Traveller and my Android smartphone:

 

pc 1: galaxy book:

1: heres the fixlog log at bottom of this post of this topic

 

PC 2: compaq desktop pc:

problem on dual-boot with Cubuntu

Xfce, Sardu, 1 Tb micro sd, cubuntu live, Samsung fit & the two Framakey salix all plugged on it

 

pc 3: portabilized "Windows To Go workspace"

installed on 60 GB Kingston DataTraveller Workspace -> portabilized Win 10 X64 installed by the "WinToUSB Application"

Antivirus on this portable Windows on that USB disk: Comodo Cloud Antivirus~iobit malware fighter giveaway

Portable Version of Solvusoft WinSweeper installed on root of the Kingston Windows To Go,

and Xfce, Sardu, 1 Tb micro sd, cubuntu live, Samsung fit & the two Framakey salix all plugged on it (in Windows to go workspace's explorer)

and heres the logs of usbfix, adwcleaner and pre_scan of this Portable  Windows To Go Workspace (on Kingston) and of thèses disks at bottom of this reply

 

pc 4: android device: Huawei Y6 2018 smartphone

Operating System: Android Oreo

Antivirus: Lookout

Problem encountered on this Android Huawei Smartphone: Problem on switching on "Sandisk Connect Wireless Stick" and switch Wifi on this "Sandisk Wireless Connect Stick" because is switching automatically back to Livebox, i rebooted my smartphone but the problem persists

and for these bugs of "Sandisk Wireless Connect Stick" the usbfix & usbfile resc at bottom of this reply

 

 

Traduction (j'habite en France):

Bonjour Cecilia B & autres helpers du forum Adaware,

 

voici les quatres PC incriminés:

-tour compaq

-galaxy book

-Windows portabilisé sur Kingston Datatraveller Workspace

-Mon smartphone Huawei Android

 

Machine 1: Galaxy Book

-Voici le fixlog ci-dessous

-Adaware pris sur le site officiel

 

machine 2: Tour Compaq:

-les clés usb Xubuntu, Cubuntu Live, Samsung fit (futur disque récup. systême CyberLink Power2go via Microsoft ADK), sardu multiboot, les deux framakey salix de 16 Go & 1,80 Go, & micro sd de 1 To branchés dessus

-erreur création dualboot win8/Cubuntu & création grub

 

machine 3: Windows 10 Portabilisé (Windows to go workspace) sur KingSton DataTraveller de 60 Go:

-Antivirus: Comodo Cloud et iobit malware fighter pro

-WinSweeper version portable installé sur le dossier racine de Windows Portabilisé (Kingston)

--les clés usb Xubuntu, Cubuntu Live, Samsung fit (futur disque récup. systême CyberLink Power2go via Microsoft ADK), sardu multiboot, les deux framakey salix de 16 Go & 1,80 Go, & micro sd de 1 To branchés dessus (via le Windows explorer de Windows to go workspace de la clé usb Kingston)

-les rapports usbfix, adwcleaner & pre_scan de ce Windows portabilisé et de ces clés usb et micro sd sont ci-dessous

 

machine 4: smartphone Huawei Y6 2018:

-problême de connexion au Sandisk Connect Wireless Stick sur mon smartphone dans les options Wi-Fi: retour auto à la Livebox,

donc les rapport de usbfix et de USB File Resc de cette Sandisk Connect Wireless Stick pour ce bug au smartphone sont ci-dessous[/color]

 

il n'y auras pas de BSoD sur mes PC et mon smartphone, je suis heureux,

 

Merci...

 

Traduction:

Thanks...

Fixlog.txt

AdwCleaner[C00] kingston workspace.txt

Pre_Scan kingston workspace.txt

UsbFix_Report sandisk connect stick.txt

USB_File_Resc--Reporte-(8553) sandisk connect.txt

Share this post


Link to post
Share on other sites

1. From where did you download adaware installation file?
At the same time as the installation of adaware antivirus, some strange files were created.
 

2. I only deal with one Windows computer at a time, otherwise I might think that a log file is from another computer than it really is and give an inappropriate answer. I don't deal with computers with other operation systems than Windows nor with mobile phones since this is a forum owned by adaware software with the purpose of helping people with problems related to their products.
I don't speak French.


3. In computer with Windows 10, please run FRST again and post the two new logs.
Do you have any problems related to malware, adware or adaware antivirus in this computer now?

Share this post


Link to post
Share on other sites
5 hours ago, CeciliaB said:

1. From where did you download adaware installation file?
At the same time as the installation of adaware antivirus, some strange files were created.
 

2. I only deal with one Windows computer at a time, otherwise I might think that a log file is from another computer than it really is and give an inappropriate answer. I don't deal with computers with other operation systems than Windows nor with mobile phones since this is a forum owned by adaware software with the purpose of helping people with problems related to their products.
I don't speak French.


3. In computer with Windows 10, please run FRST again and post the two new logs.
Do you have any problems related to malware, adware or adaware antivirus in this computer now?

i downloaded adaware on officiel site,

i have any problems relqted to malware, adware & adaware antivirus,

the 3 logs of frst is below,

 

thanks...

Addition.txt

FRST.txt

Shortcut.txt

Share this post


Link to post
Share on other sites

1. Upload these files to http://www.virustotal.com/ (select reanalyze if asked) and post back the links to the scan reports:
C:\Program Files\MThhOD\OGI5OWM3NDU3M.exe
C:\Users\jean-\AppData\Local\Noisiest.exe
C:\Program Files (x86)\Katherine\Noisiest.exe
C:\Windows\oymoi.oymki
C:\Windows\b64300785
C:\Windows\clintonites.exe
C:\Windows\system32\Drivers\NGQ1MTBmY


2. Please run avastclear now and report if it was successful.


3. Please, start Notepad.
Copy all text that is in the box:

CreateRestorePoint:
CloseProcesses:
Folder: C:\ProgramData\ALLPlayer
Folder: C:\ProgramData\{F86B0233-9A85-4589-8AAF-524CC4F8211B}
Folder: C:\Windows\Tasks\ImCleanDisabled
Folder: C:\ProgramData\{E0224FF9-7AE3-4F9E-991A-2F004F7E3952}
Folder: C:\Program Files (x86)\whe
Folder: C:\Program Files (x86)\relined
Folder: C:\Program Files (x86)\Mousetrap
Folder: C:\Program Files (x86)\Gundel
Folder: C:\Users\jean-\AppData\Local\Michael
Folder: C:\Program Files (x86)\Katherine
Folder: C:\Program Files (x86)\filigreed
Folder: C:\Users\jean-\AppData\Roaming\SystemLocation
Folder: C:\ProgramData\MZa
Folder: C:\Program Files\MThhOD
Folder: C:\Users\jean-\AppData\Local\AdvinstAnalytics

and paste in Notepad. Check that no files have been split on two lines.
Save the file as fixlist.txt on the desktop.

Exit all programs.
Start FRST, please.
Click the Fix button.
Wait until the tool has finished.

It creates a log file, called Fixlog.txt, on the desktop.
Please, paste the content of that file in your reply.

Share this post


Link to post
Share on other sites
13 hours ago, CeciliaB said:

1. Upload these files to http://www.virustotal.com/ (select reanalyze if asked) and post back the links to the scan reports:
C:\Program Files\MThhOD\OGI5OWM3NDU3M.exe
C:\Users\jean-\AppData\Local\Noisiest.exe
C:\Program Files (x86)\Katherine\Noisiest.exe
C:\Windows\oymoi.oymki
C:\Windows\b64300785
C:\Windows\clintonites.exe
C:\Windows\system32\Drivers\NGQ1MTBmY


2. Please run avastclear now and report if it was successful.


3. Please, start Notepad.
Copy all text that is in the box:

CreateRestorePoint:
CloseProcesses:
Folder: C:\ProgramData\ALLPlayer
Folder: C:\ProgramData\{F86B0233-9A85-4589-8AAF-524CC4F8211B}
Folder: C:\Windows\Tasks\ImCleanDisabled
Folder: C:\ProgramData\{E0224FF9-7AE3-4F9E-991A-2F004F7E3952}
Folder: C:\Program Files (x86)\whe
Folder: C:\Program Files (x86)\relined
Folder: C:\Program Files (x86)\Mousetrap
Folder: C:\Program Files (x86)\Gundel
Folder: C:\Users\jean-\AppData\Local\Michael
Folder: C:\Program Files (x86)\Katherine
Folder: C:\Program Files (x86)\filigreed
Folder: C:\Users\jean-\AppData\Roaming\SystemLocation
Folder: C:\ProgramData\MZa
Folder: C:\Program Files\MThhOD
Folder: C:\Users\jean-\AppData\Local\AdvinstAnalytics

and paste in Notepad. Check that no files have been split on two lines.
Save the file as fixlist.txt on the desktop.

Exit all programs.
Start FRST, please.
Click the Fix button.
Wait until the tool has finished.

It creates a log file, called Fixlog.txt, on the desktop.
Please, paste the content of that file in your reply.

https://www.virustotal.com/#/file/5b4f8a06da563bd2ce5e846350c26f5071a7de3254ff5b446f8b3d682d1c5d77/detection

 

 

 

https://www.virustotal.com/#/file/5b4f8a06da563bd2ce5e846350c26f5071a7de3254ff5b446f8b3d682d1c5d77/detection

https://www.virustotal.com/#/file/40a380c98a16b6dc49e9f74d7f545e26fa7f0d948b72c85632c6d38467c35b62/detection

https://www.virustotal.com/#/file/40a380c98a16b6dc49e9f74d7f545e26fa7f0d948b72c85632c6d38467c35b62/detection

https://www.virustotal.com/#/file/0b8eb2496cb9814fba5eb4dd704d2e9f42783cb47ad30a0dfde3baaf1186690b/detection

https://www.virustotal.com/#/file/40a380c98a16b6dc49e9f74d7f545e26fa7f0d948b72c85632c6d38467c35b62/detection

 

https://www.virustotal.com/#/file/6a9fc60419490c2c3b123e070266731e49bbd4d7e824b3f08a2cc4ef5015a2f3/detection

 


driverfighter & iobit software updater is not malicious but uninstalled,
the upload of C:\Windows\?clintonites.exe goes redirected to noisiest.exe upload
the file C:\Windows\?oymoi.oymki is not on the computer

 

the music of the new Peugeot 308 & Citroen C4 Picasso/Spacetourer commercial spot is Sunset Lover by Petit Biscuit,

 

i can trust this programs:

-DriverFighter

-Fulldiskfighter

-Restoro

-X0 Ttone IconPack

-CyberLink PowerDVD 365 released on april 2019 (successor of PowerDVD Live)

-Moo0 RightClicker Pro

 

avastclear succesfully work, but no logs/reports of avastclear,

i ran now ProtectStar iShredder 7.0 Professionnal to erase freespace with 5 passes cycle, the screen capture of results (Progression of erase freespace finished) of ProtectStar iShredder is below,

you can accept torrents, p2p, crack & keygen of this forum ?

the fixlog is below,

 

Thanks...

Capture.PNG

Fixlog.txt

Share this post


Link to post
Share on other sites

i don't like SlimAV (Slimware Antivirus) because PowerDVD 365, iObit Software Updater, DriverFighter, Comodo GeekBuddy, Moo0 RightClicker Pro, Restoro and X0 Ttone IconPack 400.000.000 times better than Slimware Antivirus (SlimAV),

 

i have big problem with the Smartphone & iPod on explorer:

if this devices connected, is not recognized on Windows Explorer,

and i have problem with Windows Version of Mobzapp (Screen mirroring, RecMe plugin USB, ...) more description of this apps here: http://mobzapp.com/mirroring/index.html#download and here: http://mobzapp.com/mirroring/usb-tool-download.html

Share this post


Link to post
Share on other sites
2 hours ago, Ou_i_du_sausoir said:

driverfighter & iobit software updater is not malicious but uninstalled,

...

i can trust this programs:

-DriverFighter

-Fulldiskfighter

-Restoro

I agree that those two programs aren't malicious, but I've many times in different forums seen people having problems with their computers after using DriverFighter and other driver/program updating programs. Many computer problems occur also after running Windows repair/optimizing programs as Restoro: https://blog.malwarebytes.com/detections/pup-optional-restoro/#type-and-source-of-infection

A good disk cleanup program is included in Windows. You've to start it manually but it doesn't take up any disk space and consumes less CPU time. https://www.shouldiremoveit.com/FULL-DISKfighter-19491-program.aspx

Many freeware programs install adware that slow down your computer and browser, use your internet connection and displays ads in the browser.

2 hours ago, Ou_i_du_sausoir said:

i don't like SlimAV (Slimware Antivirus) because PowerDVD 365, iObit Software Updater, DriverFighter, Comodo GeekBuddy, Moo0 RightClicker Pro, Restoro and X0 Ttone IconPack 400.000.000 times better than Slimware Antivirus (SlimAV),

What?
I haven't said that you should use SlimAV. I don't trust the program: https://www.bleepingcomputer.com/forums/t/614165/is-slimav-an-actual-anti-virus-or-did-one-of-my-friends-fall-for-a-scam/

2 hours ago, Ou_i_du_sausoir said:

i have big problem with the Smartphone & iPod on explorer:

if this devices connected, is not recognized on Windows Explorer,

You've to discuss that in another forum specializing in mobile phones.

2 hours ago, Ou_i_du_sausoir said:

and i have problem with Windows Version of Mobzapp

You've to ask the manufacturer of the program, or use another program.

3 hours ago, Ou_i_du_sausoir said:

the music of the new Peugeot 308 & Citroen C4 Picasso/Spacetourer commercial spot is Sunset Lover by Petit Biscuit, ...

...

i ran now ProtectStar iShredder 7.0 Professionnal to erase freespace with 5 passes cycle, the screen capture of results (Progression of erase freespace finished) of ProtectStar iShredder is below,

Why do you think I'm interested in that?

3 hours ago, Ou_i_du_sausoir said:

you can accept torrents, p2p, crack & keygen of this forum ?

If I see cracks or keygens in the logs, I refuse to give help until those are deleted. Have you cracks and/or keygens in your computers?
Then you've to uninstall them or even better reinstall Windows and don't install them again
If such stuff are the cause of the terrible state of your computer, you should now know why not to use illegal software.

 

Please upload to virustotal.com:
C:\Program Files (x86)\filigreed\filigreed.exe
C:\Users\jean-\AppData\Roaming\SystemLocation\utcwatcher.exe
 

Share this post


Link to post
Share on other sites

Good!


Please, start Notepad.
Copy all text that is in the box:

CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\RunOnce: [] => [X]
S3 MThhOD; C:\Program Files\MThhOD\OGI5OWM3NDU3M.exe [1137544 2018-12-30] ()
2018-12-31 17:08 - 2019-01-02 01:46 - 000000000 ____D C:\ProgramData\ALLPlayer
2018-12-31 17:08 - 2018-12-31 17:08 - 000000000 ____D C:\ProgramData\{F86B0233-9A85-4589-8AAF-524CC4F8211B}
2018-12-31 17:03 - 2018-12-31 17:03 - 000000000 ____D C:\Windows\Tasks\ImCleanDisabled
2018-12-31 15:26 - 2018-12-31 15:26 - 000000000 ____D C:\ProgramData\{E0224FF9-7AE3-4F9E-991A-2F004F7E3952}
Folder: C:\Program Files (x86)\XWX
VirusTotal: C:\Program Files (x86)\whe\Repeal.dll
2018-12-31 10:20 - 2018-12-31 17:53 - 000000000 ____D C:\Program Files (x86)\relined
2018-12-31 10:20 - 2018-12-31 17:53 - 000000000 ____D C:\Program Files (x86)\Mousetrap
2018-12-31 10:20 - 2018-12-31 17:53 - 000000000 ____D C:\Program Files (x86)\Gundel
2018-12-31 10:20 - 2018-12-31 17:52 - 000000000 ____D C:\Users\jean-\AppData\Local\Michael
2018-12-31 10:20 - 2018-12-31 10:26 - 000000000 ____D C:\Program Files (x86)\Katherine
VirusTotal: C:\Users\jean-\AppData\Local\sham.db
2018-12-31 10:20 - 2018-12-31 10:20 - 000004008 _____ C:\Windows\System32\Tasks\smoke andros mcmorrowsmoke andros mcmorrow
2018-12-31 10:20 - 2018-12-31 10:20 - 000003984 _____ C:\Windows\System32\Tasks\macey_obtainsmacey_obtains
2018-12-31 10:20 - 2018-12-31 10:20 - 000000000 ____D C:\Program Files (x86)\filigreed
2018-12-31 10:17 - 2018-12-31 10:17 - 000000000 ____D C:\Users\jean-\AppData\Roaming\SystemLocation
2018-12-31 10:15 - 2018-12-31 10:16 - 000000000 ____D C:\ProgramData\MZa
2018-12-31 10:14 - 2018-12-31 10:15 - 000000000 ____D C:\Program Files\MThhOD
2018-12-31 10:14 - 2018-12-31 10:14 - 001437184 _____ C:\Windows\oymoi.oymki
2018-12-31 10:14 - 2018-12-31 10:14 - 000000000 ____D C:\Users\jean-\AppData\Local\AdvinstAnalytics
2018-12-31 10:10 - 2018-12-31 10:10 - 000012800 _____ C:\Windows\clintonites.exe
2018-12-31 10:10 - 2018-12-31 10:10 - 000012800 _____ C:\Users\jean-\AppData\Local\Noisiest.exe
2018-12-30 13:15 - 2018-12-30 13:15 - 000098328 _____ C:\Windows\system32\Drivers\NGQ1MTBmY
Folder: C:\Users\jean-\AppData\Local\CEF
Folder: C:\ProgramData\ToastGenerator
VirusTotal: C:\Users\jean-\AppData\Local\AirCom.tst
VirusTotal: C:\Users\jean-\AppData\Local\Freshphase.exe
VirusTotal: C:\Users\jean-\AppData\Local\SubOzekix.bin
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Pas de fichier
ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} =>  -> Pas de fichier
ContextMenuHandlers1: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} =>  -> Pas de fichier
ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} =>  -> Pas de fichier
ContextMenuHandlers4: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} =>  -> Pas de fichier
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Pas de fichier
ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} =>  -> Pas de fichier
Task: {C7A0F030-3818-4FC9-8059-98DEF5C9A1EE} - System32\Tasks\macey_obtainsmacey_obtains => C:\Program Files (x86)\Katherine\Noisiest.exe [2018-12-31] ()
Task: {CB1E17CE-354B-4638-B127-884EE38FA287} - System32\Tasks\smoke andros mcmorrowsmoke andros mcmorrow => C:\Users\jean-\AppData\Local\Noisiest.exe [2018-12-31] ()
Reboot:

and paste in Notepad. Check that no files have been split on two lines.
Save the file as fixlist.txt on the desktop.

Exit all programs.
Start FRST, please.
Click the Fix button.
Wait until the tool has finished.

It creates a log file, called Fixlog.txt, on the desktop.
Please, attach that file to your reply.

Share this post


Link to post
Share on other sites

the problem of boot error on xfce sfce/xubuntu 120 Gb live USB stick persist when this usb stick is FAT32 and also when this same usb stick is NTFS,

i had today reconverted this XFCE SFCE usb stick to FAT32 with Paragon Partition Manager paid edition without data loss,

and some details of this bug on this topics:

https://forum.adaware.com/index.php?/topic/36933-xubuntu-live-usb-infected-systweak-trials-bytefence-others/

https://forum.adaware.com/index.php?/topic/36931-first-troubleshooting-disinfection-in-adaware-forums-infected-by-bytefence-spectre-petya-webdiscover-browser/

you can Always merge thèses topics into my actual topic,

 

and question:

when releases Adaware v13.0 ?

 

Thanks...

 

Share this post


Link to post
Share on other sites
16 hours ago, Ou_i_du_sausoir said:

1. Can you explain why files and folders that were visible in the latest logs from FRST, no longer existed when FRST wanted to remove them?
Have you run some other antivirus, antimalware or similar program that I haven't asked you to run?

 

2. Please, start Notepad.
Copy all text that is in the box:

CreateRestorePoint:
CloseProcesses:
C:\Program Files (x86)\XWX
C:\Program Files (x86)\whe
Reboot:

and paste in Notepad. Check that no files have been split on two lines.
Save the file as fixlist.txt on the desktop.

Exit all programs.
Start FRST, please.
Click the Fix button.
Wait until the tool has finished.

It creates a log file, called Fixlog.txt, on the desktop.
Please, paste the content of that file in your reply.


3. Scan with FRST and attach FRST.txt and Addition.txt.

 

3 hours ago, Ou_i_du_sausoir said:

the problem of boot error on xfce sfce/xubuntu 120 Gb live USB stick persist when this usb stick is FAT32 and also when this same usb stick is NTFS,

See my previous reply to you: https://forum.adaware.com/index.php?/topic/36933-xubuntu-live-usb-infected-systweak-trials-bytefence-others/&amp;do=findComment&amp;comment=155320

 

3 hours ago, Ou_i_du_sausoir said:

when releases Adaware v13.0 ?

I don't know.

Share this post


Link to post
Share on other sites
1 hour ago, CeciliaB said:

1. Can you explain why files and folders that were visible in the latest logs from FRST, no longer existed when FRST wanted to remove them?
Have you run some other antivirus, antimalware or similar program that I haven't asked you to run?

 

2. Please, start Notepad.
Copy all text that is in the box:

CreateRestorePoint:
CloseProcesses:
C:\Program Files (x86)\XWX
C:\Program Files (x86)\whe
Reboot:

and paste in Notepad. Check that no files have been split on two lines.
Save the file as fixlist.txt on the desktop.

Exit all programs.
Start FRST, please.
Click the Fix button.
Wait until the tool has finished.

It creates a log file, called Fixlog.txt, on the desktop.
Please, paste the content of that file in your reply.


3. Scan with FRST and attach FRST.txt and Addition.txt.

 

See my previous reply to you: https://forum.adaware.com/index.php?/topic/36933-xubuntu-live-usb-infected-systweak-trials-bytefence-others/&amp;do=findComment&amp;comment=155320

 

I don't know.

i don't know why files visible on last frst logs, no longer availaible when frst wanted remove this (no longer exists on previous frst logs)

i have no other antivirus or others similar running, only runnigs apps is:

-Windows defender

-adaware (activated)

-UCheck by Adlice

 

Under that reply on the topic the fixlog, frst, addition & shortcut logs,

the upload of frst failed, but i post here:

https://www.cjoint.com/c/IAhnQXrJZ1C

 

 

 

Thanks...

Addition.txt

Fixlog.txt

Shortcut.txt

Share this post


Link to post
Share on other sites

1. According to the logs you've installed RogueKiller and that program probably has erased the malicious files. I quote:

On 1/3/2019 at 8:34 AM, CeciliaB said:

If I shall be able to help you, you've to stop install and run programs than I haven't asked you to install or run. It makes e.g. your uploaded logs from FRST unusable since they 're no longer shows the current situation.

Since you've several computers, don't use the computer that I'm trying to clean to anything except what I ask you to do. Can you follow that?

 

2. Please upload this file to virustotal.com: C:\Windows\System32\drivers\TchS2Helper.sys

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now