dianamite Posted February 17, 2017 Share Posted February 17, 2017 I am pasting the original message from the virus section just for background. It was suggested I start a topic here because the other didn't work.... and I am so over closing these pop-ups 40 in 2 hours!!!.... If I leave the room and come back there could be upwards of 20 of these boxes. I also was getting a notebook pop-up with hd - Notepad in the header.... same message: ATTEMPTING TO UPGRADE TO WINDOWS 10. YOU CAN CONTINUE TO USE YOUR COMPUTER. WINDOWS 7 SUPPORT ENDING. I "think" i got rid of the notepad messaging (20+ same-o) when I did the system restore ... but the text box Alert is still persisting. Not sure if this is virus related or ??-related. It's only been for the last couple of days and started after I did update Java.... ok.... i know!! but I've been sick and perhaps weak headed. Anyway. Java is Gone, so is the "hd - Notepad" pop-up and system restored.... except for this alert and I am hoping someone will have some answer on what this is. Do I need to do the PUP thing again? Which I had done so long ago I have almost no memory of it. Oh, and none of these show up as an actual "file". I have run Avast, SuperAntiSpyware, Malwarebytes... with no success. After shut-down/restart they are still there (well except for the notepad one now... and I"ve done so much I'm not sure exactly HOW I got rid of that one. Unfortunately, I have an appointment to get to and will be back after a few hours.... But I truly appreciate any help that can be given. The file isn't causing any miscief and I'm not clicking the OK... just the X... so I don't think I have, or it has, caused any further miscief. Thanks in advance Link to comment Share on other sites More sharing options...
malwarekiller45 Posted February 18, 2017 Share Posted February 18, 2017 (edited) Please do not post a "fix" for anyone's Malware log. Read the WARNING in red letters above this forum. If you are serious about helping, here is a list of Malware Removal classrooms that you can apply to for your education: Malware Removal University http://forum.malwareremoval.com/viewtopic....fc8118953df37cd SpywareInfoforum http://www.spywareinfoforum.com/index.php?...einfoforum.com/ What the Tech Classroom http://forums.whatthetech.com/What_the_Tec...oom_t80368.html BleepingComputer http://www.bleepingcomputer.com/forums/topic86678.html Posting a proposed 'fix' without being a qualified Malware Tech helper... will get your post deleted. Edited February 18, 2017 by Juliet Link to comment Share on other sites More sharing options...
Juliet Posted February 18, 2017 Share Posted February 18, 2017 @dianamite Please back up your registry! Backup the Registry: Credit: Dakeyras Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so. Please download the installer for Registry Backup from here or here and save to your desktop. Right-click on tweaking.com_registry_backup_setup.exe and select Run as Administrator >> Follow the prompts for a default installation Ensure the option Open "Tweaking.com - Registry Backup" When Install Completes is selected >> Next > >> Finish Once the GUI(graphical user interface) has appeared/loaded:- Click on Backup Now >> once the process is complete the below will be displayed in the GUI:-Close Tweaking.com - Registry Backup Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created. A tutorial for Registry Backup explaining the various features be viewed HERE `````````````````````````````````````````````````````` Farbar Recovery Scan Tool (FRST) Scan Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop. Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run. Right-Click FRST.exe / FRST64.exe and select Run as administrator to run the programme. Click Yes to the disclaimer. Ensure the Addition.txt box is checked. Click the Scan button and let the programme run. Upon completion, click OK, then OK on the Addition.txt pop up screen. Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. Link to comment Share on other sites More sharing options...
dianamite Posted February 18, 2017 Author Share Posted February 18, 2017 Thank you!! Quick question....I have run Tweaking and did the backup. The result said Errors! 15/17 Registry files backed up.the following two files showed in black hi-lite in the body of the program: C:\Users\TEMP.dian_a_mite-PC\ntuser.dat (size: 256.00 KB) C:\Users\TEMP.dian_a_mite-PC\AppData\Local\Microsoft\Windows\UsrClass.dat (size: 256 KB)I just want to be sure the errors are ok to ignore . . . ? before I go to the next step. Link to comment Share on other sites More sharing options...
Juliet Posted February 18, 2017 Share Posted February 18, 2017 We can continue. Link to comment Share on other sites More sharing options...
dianamite Posted February 18, 2017 Author Share Posted February 18, 2017 (edited) Have done that and have the 2 files ready to post, but I forgot how to do that in a scroll box ..... ------ ALSO...This is a pic of the alert boxes... the smaller one on the right is current. I was able to remove (?) the larger one (at least it doesn't show any longer) ------ I am currently trying to find a way to post the text.... Edited February 18, 2017 by dianamite Link to comment Share on other sites More sharing options...
Juliet Posted February 18, 2017 Share Posted February 18, 2017 well one went through before you edited. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-02-2017 and I have started a fix with that one. if you can, please post Addition.txt Link to comment Share on other sites More sharing options...
dianamite Posted February 18, 2017 Author Share Posted February 18, 2017 trying again... renaming it It is Notepad... if it still doesn't post, that may be why? Link to comment Share on other sites More sharing options...
dianamite Posted February 18, 2017 Author Share Posted February 18, 2017 an attachment is not showing for me... is it there for you? Link to comment Share on other sites More sharing options...
Juliet Posted February 18, 2017 Share Posted February 18, 2017 no need to rename it. Link to comment Share on other sites More sharing options...
Juliet Posted February 18, 2017 Share Posted February 18, 2017 (edited) mine worked but wasn't a picture. Edited February 18, 2017 by Juliet Link to comment Share on other sites More sharing options...
dianamite Posted February 18, 2017 Author Share Posted February 18, 2017 (edited) weird... I didn't click to upload a picture.I clicked to "attach file" AND I also did the < > to add a text block, but apparently my post did not go thru????? This is all very strange Edited February 18, 2017 by dianamite Link to comment Share on other sites More sharing options...
Juliet Posted February 18, 2017 Share Posted February 18, 2017 your getting there after you have it, look to the right to add Link to comment Share on other sites More sharing options...
dianamite Posted February 18, 2017 Author Share Posted February 18, 2017 (edited) Now getting error there: upload skipped (Error IO) ... for file uploading....I did not see "add" once I clicked to upload tried the < > for text scroll box and it sits for several several minutes and says "saving post" on the bottom right. after I click "post" 12:28 still "savin" .. so it has been at least 20 minutes 12:47 ... refreshed page to get rid of it... it was still just trying to Save the post Edited February 18, 2017 by dianamite Link to comment Share on other sites More sharing options...
dianamite Posted February 18, 2017 Author Share Posted February 18, 2017 still the error ... and the only "add" I see is at the bottom: "add reply" Link to comment Share on other sites More sharing options...
dianamite Posted February 18, 2017 Author Share Posted February 18, 2017 (edited) I may have (hopefully) found where the trigger core-file was located.... ORIt was just the place it was scheduled to launch from .... I may need to locate the core FILE, but so far, no pop-ups have taken place since deleting the tasks.there were 2 groupings of "tasks, files" that were deleted...Thank you for your help. I hope this ends it, but will let you know. Edited February 18, 2017 by dianamite Link to comment Share on other sites More sharing options...
Juliet Posted February 18, 2017 Share Posted February 18, 2017 Let's try this. See if you can Locate the Addition.txt upload a large file, try http://www.sendspace.com/ Click on Browse button and navigate to Addition.txt file you want to upload. Click on Upload button. Click on FIRST Copy Link button and paste the link in your next reply. Link to comment Share on other sites More sharing options...
dianamite Posted February 18, 2017 Author Share Posted February 18, 2017 Here goes...https://www.sendspace.com/file/dq4oxf Link to comment Share on other sites More sharing options...
Juliet Posted February 18, 2017 Share Posted February 18, 2017 I sent images through PM, if you like I can post them here to, to show how to attach. Link to comment Share on other sites More sharing options...
dianamite Posted February 18, 2017 Author Share Posted February 18, 2017 I know how to attach images.... I replied to you in a PM.... it is just not letting me do images or <> text boxes at all. If you scroll back, you'll see I did images here. I will try to do the addition.txt file into a post on the folding forum. If that works I will PM you and let you know what post..... Link to comment Share on other sites More sharing options...
Juliet Posted February 18, 2017 Share Posted February 18, 2017 OK, sendspace worked. Now, I have a fix ready and with fingers crossed....we'll git er done! Running from E:\Desktop Your going to have to locate this script in the same location. E:\Desktop or move it to C:\Desktop ~~~~~~~~~~~~` Please go to your E:\Desktop, locate Farbar Recovery Scan Tool, right click and select CUT Go to an open spot on your desktop, right click and select PASTE You should now have Farbar Recovery Scan Tool on your desktop. Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below: Or use this method Press the windows key + r on your keyboard at the same time. This will open the RUN BOX. Type Notepad and and click the OK key. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. save it to the Desktop as fixlist.txt NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow) start CreateRestorePoint: CloseProcesses: ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => -> No File CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION nternet Explorer: SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File HR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\ppGoogleNaClPluginChrome.dll => No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\pdf.dll => No File CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\gcswf32.dll => No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll => No File CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found> R3 ALSysIO; \??\C:\Users\DIAN_A~1\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION R3 WinRing0_1_2_0; \??\C:\Users\dian_a_mite\AppData\Local\Temp\tmp7BE3.tmp [X] <==== ATTENTION Task: {031DAE10-B34F-4434-9DF1-B206AF81E2FE} - System32\Tasks\p => C:\Users\Public\Downloads\hi.bat <==== ATTENTION Task: {10A6FE5F-5FBA-4EB0-8BBB-23988EEF815F} - System32\Tasks\p2 => C:\Users\Public\Downloads\hi.bat <==== ATTENTION Task: {41CAB8F2-1B2A-4443-9459-12E257A98F41} - System32\Tasks\p3 => C:\Users\Public\Downloads\hi.bat <==== ATTENTION Task: {4A2750B9-2E6F-4DA0-AB03-38BDBC93B783} - \Microsoft\Windows\Setup\GWXTriggers\Logon -> No File <==== ATTENTION Task: {5AA99CAA-757B-408C-91AD-56A27C6777A2} - System32\Tasks\b3 => C:\Users\Public\Downloads\bleek.bat <==== ATTENTION Task: {6F75BF9A-69D6-432C-A8CF-E6B86D14628C} - System32\Tasks\b2 => C:\Users\Public\Downloads\bleek.bat <==== ATTENTION Task: {8F34A13D-DA14-46C1-BDA9-842718C8EE5C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle -> No File <==== ATTENTION Task: {DDD266AE-B966-40D8-98C0-4C2D1BA4CFF1} - System32\Tasks\b => C:\Users\Public\Downloads\bleek.bat <==== ATTENTION EmptyTemp: Hosts: End Open FRST/FRST64 and press the > Fix < button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~` AdwCleaner Please download AdwCleaner and save the file to your Desktop. In order to use AdwCleaner, you have to agree the Eula: Right-click AdwCleaner.exe and select Run as administrator to run the programme. Follow the prompts. Click Scan. Upon completion, click Logfile. A log (AdwCleaner[s1].txt) will open. Briefly check the log for anything you know to be legitimate. Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab. Click Clean. Follow the prompts and allow your computer to reboot. After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply. -- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[C1].txt. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Please download Junkware Removal Tool or from here http://downloads.malwarebytes.org/file/jrt to your desktop. Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message. ~~ please post Fixlog.txt AdwCleaner[C1].txt JRT.txt Link to comment Share on other sites More sharing options...
Juliet Posted February 20, 2017 Share Posted February 20, 2017 But I think i feel safe in closing this one out. Appreciate your help immensely!! We're glad to help Link to comment Share on other sites More sharing options...
Juliet Posted February 21, 2017 Share Posted February 21, 2017 Glad we could help. Since this issue appears resolved ... this Topic is closed. Link to comment Share on other sites More sharing options...
caintry_boy Posted February 21, 2017 Share Posted February 21, 2017 :clap: Link to comment Share on other sites More sharing options...
Recommended Posts