Using Read Me First Cannot Find Mgtools.exe

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Xitherius, Jul 25, 2025.

Tags:
  1. Xitherius

    Xitherius Private E-2

    most of the links for the downloads went to a gif that did nothing so I went to the sources so far but cannot find mgtools.exe
    the read me first seems to be out of date should I even still be using it? is there a better source of steps to use?

    I was on FB trying to set up a new group and my pc was hijacked(sort of). I rebooted attempted to set up group and had the same result
    now I suspect there is something downloaded on my pc windows 10 and I would like to remove it so I can get on with my day

    Thank you
    Sean
     
    Xitherius, Jul 25, 2025
    #1
  2. Oh My!

    Oh My! Malware Expert Staff Member

    Greetings Sean and welcome to the Major Geeks Malware Forum.

    Let's run this then we will get started.

    ===================================================

    Farbar Recovery Scan Tool (FRST)

    --------------------
    • Download FRST64 and save the file on your Desktop
    • If your computer language is other than English right click on the FRST64 icon and rename it to FRST64english
    • Right click on the icon and select Run as administrator
    • Note: If you receive any warning about the download it is a false positive and you can ignore it. Click on More info to get the Run anyway option
    • Click Yes to the disclaimer
    • Click Scan and allow the program to run
    • When completed, FRST.txt and Addition.txt reports will be saved on the Desktop
    • Please attach the reports to your reply
    ===================================================

    Things I would like to see in your next reply.
    • Attached reports
     
    Oh My!, Jul 25, 2025
    #2
  3. Xitherius

    Xitherius Private E-2

    Here are the reports.
    Also I tried not run my Anti virus and now it won't open It shows up on the taskbar but the window does not show up
    Thank you for your assistance.
     

    Attached Files:

    Xitherius, Jul 27, 2025 at 2:07 PM
    #3
  4. Oh My!

    Oh My! Malware Expert Staff Member

    Greetings.

    Can you describe why you believe your computer was hijacked?

    Please do this.

    ===================================================

    Uninstalling Programs Using Revo Uninstaller Free Portable

    --------------------

    I recommend removing the below listed program.

    • Download Revo Uninstaller Free Portable and save it to your Desktop
    • Right click on the folder and select Extract All..., then click Extract
    • Double click on the RevoUninstaller-Portable folder
    • Right click on RevoUPort and select Run as administrator
    • Click OK on the License Agreement
    • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
    Code:
    TotalAV
    • If the program's uninstaller appears work through the steps to remove the program(s)
    • Be sure the Advanced option is selected then click Scan
    • For each window that may appear identifying leftover items click Select All, Delete, then confirm the deletion
    • Once done click Finish
    • Reboot your computer
    ===================================================

    Farbar Recovery Scan Tool Fix

    --------------------
    • Right click on the FRST64 icon and select Run as administrator
    • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
    • There is no need to paste the information anywhere, FRST64 will do it for you
    Code:
    Start::
CreateRestorePoint:
CloseProcesses:
cmd: type "C:\logUploaderSettings.ini"
FirewallRules: [{8B2510EB-EEE8-49A3-95DE-B97F6F6F3885}] => (Allow) LPort=5357
2020-09-30 23:18 - 2020-09-30 23:34 - 000000000 _____ () C:\Users\Sean\AppData\Local\Driver_LOM_8161Present.flag
HKU\S-1-5-21-3181252380-554203244-856310264-1001\...\Run: [] => [X] 
S2 GoogleUpdaterInternalService132.0.6833.0; "C:\Program Files (x86)\Google\GoogleUpdater\132.0.6833.0\updater.exe" --system --windows-service --service=update-internal [X] 
S2 GoogleUpdaterService132.0.6833.0; "C:\Program Files (x86)\Google\GoogleUpdater\132.0.6833.0\updater.exe" --system --windows-service --service=update [X] 
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X] 
S3 netprotection_network_filter2; System32\drivers\netprotection_network_filter2.sys [X] 
HKU\S-1-5-21-3181252380-554203244-856310264-1001\...\Run: [AMDNoiseSuppression] => "C:\Windows\system32\AMD\ANR\AMDNoiseSuppression.exe" (No File) 
Task: {E3EAFECE-3CA1-4AD6-AC9D-3ECE40BDF11D} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem132.0.6833.0{7B016022-D1D7-4DCC-A1E5-4F0CF64D94FA} => "C:\Program Files (x86)\Google\GoogleUpdater\132.0.6833.0\updater.exe"  --wake --system (No File) 
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File 
HKLM\...\RunOnce: [msedge_cleanup_{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}] => C:\Program Files (x86)\Microsoft\EdgeWebView\Application\138.0.3351.109\Installer\setup.exe [7364176 2025-07-26] (Microsoft Corporation -> Microsoft Corporation) 
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
End::
    • Click Fix
    • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
    ===================================================

    Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
    • Hijacked description
    • TotalAV uninstalled?
    • Fixlog
     
    Oh My!, Jul 27, 2025 at 10:07 PM
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds