-
Posts
295 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by dbreeze
-
FIRST >>>> Junkware Removal Tool Please download JRT from here to your desktop. Note: Temporarily disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here. Double click the JRT.exe file to run the application. The application will open an Command Prompt window and run from there (this is normal for this program, so not to be alarmed). When it is asked, press any key to allow the program to continue / run. This will create a log on the desktop; please copy and paste the JRT.txt log text in your next post. Note: After the log file is created, please enable your protection software / reboot your system and verify your protection software is enabled. SECOND >>>> AdwCleaner by Xplode Download AdwCleaner from here or from here. Save the file to the desktop. NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete. Close all open windows and browsers. Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner. You will see the following console: Click the Scan button and wait for the scan to finish. After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Waiting for action. Please uncheck elements you don't want to remove. Click the Clean button. Everything checked will be deleted. When the program has finished cleaning a report appears. Once done it will ask to reboot, allow this On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt Optional: NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it. LAST >>>> Malwarebytes' Anti-Malware Please start Malwarebytes' Anti-Malware. When the main screen opens, if the database is out of date, you can click on the Fix Now banner or the Update Now link Once the program has loaded and updated, select "Scan Now >>" to start the scan. The scan may take some time to finish, so please be patient. If any malware is found, you will be presented with a screen like the one below. If any malware is found, make sure that everything is checked, and click Remove Selected. When the scan is complete, click View detailed log >> to view the results. The report screen will open. At the bottom click on Export and select as txt file, save the file to your desktop and click OK. When the export is complete, select OPEN. The log file will be opened in your default text file viewer (usually Notepad); select the whole text (Ctrl + A) and copy (Ctrl + c) it to paste here in a reply.
-
Download the attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..". The User Account Control may open up; if it does, select Yes to continue to let FRST open and load. The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show that it is ready to use (meaning there is no update found) and you can continue on. Press the Fix button just once and wait. The tool will create a restore point, process the script and ask for a restart of your system. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the log in your next reply. Fixlist.txt
-
Hello and If you've not already done so please start here and post back the 2 log files FRST.txt and Addition.txt P2P/Piracy Warning: Before we proceed further, please read all of the following instructions carefully. If there is anything that you do not understand kindly ask before proceeding. If needed please print out these instructions. Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text. If the log is too large then you can use attachments by clicking on the More Reply Options button. Please enable your system to show hidden files: How to see hidden files in Windows Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. When we are done, I'll give you instructions on how to cleanup all the tools and logs Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. Your topic will be closed if you haven't replied within 3 days (If I have not responded within 24 hours, please send me a Private Message as a reminder) Also, to rule out a RootKit / MBR infection, please run the following and post that log(s). Please download Malwarebytes Anti-Rootkit from here Unzip the contents to a folder in a convenient location. Open the folder where the contents were unzipped and run mbar.exe Follow the instructions in the wizard to update and allow the program to scan your computer for threats. Click on the Cleanup button to remove any threats and reboot if prompted to do so. Wait while the system shuts down and the cleanup process is performed. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process. When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
-
Blocks incoming attack on c:\windows\system32\svchost.exe
dbreeze replied to CLZ's topic in Resolved Malware Removal Logs
Possibly KIS scanning issue? Let us know how your system progresses; thanks. -
Blocks incoming attack on c:\windows\system32\svchost.exe
dbreeze replied to CLZ's topic in Resolved Malware Removal Logs
What they are asking you to do is stop everything BUT MIcrosoft Windows processes and Kaspersky processes from loading when you next boot the machine. This is perfectly safe to do and is a standard system troubleshooting technique. Once the system is booted into this configuration, you can test it to see if the symptoms are still happening; you have all Microsoft Windows functions running along with Kaspersky still protecting your system. To return to the normal system (reverting from a 'Clean Boot' state), you would just pull up msconfig dialog again and click Normal Startup on the General tab, click APPLY and then OK. Reboot your machine and the system will load normally once again. -
Blocks incoming attack on c:\windows\system32\svchost.exe
dbreeze replied to CLZ's topic in Resolved Malware Removal Logs
Yeah, I loved Kaspersky years ago (started with the pre-version 6 and only in the last two years stopped using them). It seems everyone has issues with FireFox being changed so much so quickly. Oh, well .... How is the rest of the system running? -
Blocks incoming attack on c:\windows\system32\svchost.exe
dbreeze replied to CLZ's topic in Resolved Malware Removal Logs
Thanks for the file. I uploaded the report into GSI Parser and everything looks good. Can you tell me what change you had to make to KIS settings regarding the Search engines in the Web Browsers? -
Blocks incoming attack on c:\windows\system32\svchost.exe
dbreeze replied to CLZ's topic in Resolved Malware Removal Logs
Now that FireFox is running proper again (know what you mean about some AV interfering with other programs; I just changed mine because of the Web Filtering issues but that is another story), how is your system running? -
Blocks incoming attack on c:\windows\system32\svchost.exe
dbreeze replied to CLZ's topic in Resolved Malware Removal Logs
The location to paste the zip file (that the GSI tool was supposed to produce) is https://www.getsysteminfo.com/ Anyway, if you find the zip file you can attach it here. I don't think the text file would do any good and there may be information in it you don't want to have made public (the GSI website parses that information from public viewing). -
Cool! Let me know when you are satisfied with the system and we will give instructions on removing our tools. Thanks.
-
How is the system running now?
-
Blocks incoming attack on c:\windows\system32\svchost.exe
dbreeze replied to CLZ's topic in Resolved Malware Removal Logs
ReRunning should not hurt and may clean up the glitch in FF. Since you have Kaspersky product installed, please follow the steps here to get a fresh look at the system. Thanks. -
And the Fixlog.txt file?
-
FIRST >>>> Download the attached fixlist.txt file and save it to the Desktop. ==>> Fixlist.txt NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST by double clicking on the FRST.exe file. The User Account Control may open up; if it does, select Yes to continue to let FRST open and load. The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show that it is ready to use (meaning there is no update found) and you can continue on. Press the Fix button just once and wait. The tool will create a restore point, process the script and ask for a restart of your system. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the log in your next reply. SECOND >>>> Junkware Removal Tool Please download JRT from here to your desktop. Note: Temporarily disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here. Double click the JRT.exe file to run the application. The application will open an Command Prompt window and run from there (this is normal for this program, so not to be alarmed). When it is asked, press any key to allow the program to continue / run. This will create a log on the desktop; please copy and paste the JRT.txt log text in your next post. Note: After the log file is created, please enable your protection software / reboot your system and verify your protection software is enabled.
-
Hello and If you've not already done so please start here and post back the 2 log files FRST.txt and Addition.txt P2P/Piracy Warning: Before we proceed further, please read all of the following instructions carefully. If there is anything that you do not understand kindly ask before proceeding. If needed please print out these instructions. Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text. If the log is too large then you can use attachments by clicking on the More Reply Options button. Please enable your system to show hidden files: How to see hidden files in Windows Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. When we are done, I'll give you instructions on how to cleanup all the tools and logs Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. Your topic will be closed if you haven't replied within 3 days (If I have not responded within 24 hours, please send me a Private Message as a reminder) Please download the Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.
-
Blocks incoming attack on c:\windows\system32\svchost.exe
dbreeze replied to CLZ's topic in Resolved Malware Removal Logs
Let's see if this helps FireFox ==>> This time we are going to try another approach with uninstalling and re-installing Firefox. We need to remove your Firefox profile data and settings. Before we do this we want to backup your bookmarks. To back up your bookmarks: In Firefox click the Bookmarks button Show All Bookmarks (likely down the bottom) > click Import and Backup(toolbar along the top) > Export HTML... and save it to your desktop. Later when you re-install FF you can reverse the process and Import HTML... when the Wizard comes up just import the HTML file you had saved earlier. Now Please go to Uninstall Firefox and follow the instructions for uninstalling Firefox. Make sure you check the box to Remove my Firefox personal data and customizations. After that reinstall Firefox. Note: If you do not have the Firefox Installer on your machine you will need to download it from here. -
Blocks incoming attack on c:\windows\system32\svchost.exe
dbreeze replied to CLZ's topic in Resolved Malware Removal Logs
If you are talking about what you downloaded to the desktop, if that is esetonlinescanner_enu.exe (or vary similar) then it is ok to delete that file. How is your system running now? -
Blocks incoming attack on c:\windows\system32\svchost.exe
dbreeze replied to CLZ's topic in Resolved Malware Removal Logs
I apologize for the problem with the link. The forum software was changed recently and I'm having some issues with it. Yes, please uninstall the ESET Online Scanner. Then please try the following scanner; there should not be any issues with this one. Go to Emsisoft and download the Emsisoft Free Emergency Kit from here. Double click on the EmsisoftEmergencyKit.exe file and then click on Extract to unpack the files (the default directory of C:\EEK is fine). Go to the new directory and right click on Start Emergency Kit Scanner.exe and choose 'Run as Administrator'. Once the scanner loads, click on 1.Update to check for and load the current updates. When the updates are finished, click on Malware Scan in the 2. Scan box. Please enable the PUP detection option. (The Kit may ask about this after it is loading updates or right when the scan starts; it will only ask once, so enable it when the Kit asks.) If the scan finds anything, it will open a scan finding window. Please click on View Report; copy this report and paste it here in reply post. Please close the Emergency Kit Scanner program now. -
Blocks incoming attack on c:\windows\system32\svchost.exe
dbreeze replied to CLZ's topic in Resolved Malware Removal Logs
This next step may take a while (just to warn you) ..... ESET Online does not work with IE 11 (Internet Explorer) at the moment (a few weeks ago anyway) so if you have IE 11, Chrome or Firefox has to be used instead. ESET Online does work with IE 10 and earlier. You can leave Kaspersky Enabled even though ESET may warn about it. just makes the scan take longer. The pictures below showing what to click may be blue instead of green on the ESET website now, but the procedure is still the same Please read carefully and Slowly, Notice all the settings listed below to check before starting the scan. Stop and ask if you have any questions. Take note of the NO tick in the Remove found threats setting below at it needs to have the tick removed. ------------------------------------------------------------------------------------------------------------------- Hold down Control key and click on the following link to open ESET OnlineScan in a new window. Link =>> ESET Online Scanner << Click the Run ESET Online Scanner located on the left side of the page (not the free trial). For browsers other than Internet Explorer only: (Microsoft Internet Explorer users can skip this step) Click on the esetsmartinstaller link in the popup window that opens. Save it to your desktop. Double click on the icon on your desktop. Check (accept) the Terms of Use. Click the START button. Accept any security warnings from your browser. Now in the Computer scan settings window that appears:- Make sure that the option Enable detection of potentially unwanted applications is selected. Now click on Advanced Settings and configure the options as follows: Remove found threats is Not checked Scan archives is checked Scan for potentially unsafe applications is checked Enable Anti-Stealth Technology is checked Now click on: Start ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. When the scan is finished, if any threats are found you will see the screen below. Click to view the found threats. At the bottom of the listed threats, there is an option to save the results to a text file. Please do this so you can attach the results here for review and removal of the items that are not false positives (these will be scripted out so do not worry). Once the log text file is saved, return to the Scan Finished screen by clicking "<<Back", then click on the uninstall button and click Finish. Attach the saved log file in your next reply please. Thanks. -
Blocks incoming attack on c:\windows\system32\svchost.exe
dbreeze replied to CLZ's topic in Resolved Malware Removal Logs
From the scans it looked like Seagate could be an issue. I was just wondering if uninstalling it stopped the blocked messages. -
Blocks incoming attack on c:\windows\system32\svchost.exe
dbreeze replied to CLZ's topic in Resolved Malware Removal Logs
Do you use Seagate Dashboard much or is it just nice to have as a drive monitoring tool? Do you use the backup functions, for example? -
Blocks incoming attack on c:\windows\system32\svchost.exe
dbreeze replied to CLZ's topic in Resolved Malware Removal Logs
The file (couponprinter.exe) in the download folder can be deleted (shift+delete) as this is the install file not the actual adware. Download zoek.exe from here: Bleepingcomputer Close/disable all anti virus and anti malware programs so they do not interfere with the download or running of Zoek.exe (Here or here you can read a manual how to disable your security applications.) Doubleclick zoek.exe to start the program. Click the More Options button and select the "Do a Deep Scan" option. Close any open browsers. Click the "Run script" button and wait patiently. When finished the logfile will be opened in notepad. The zoek-results.log can also be found on your systemdrive. Please post the logfile for further review in your next comment. -
Blocks incoming attack on c:\windows\system32\svchost.exe
dbreeze replied to CLZ's topic in Resolved Malware Removal Logs
That's quite a few files deleted by JRT. Let's check with AdwCleaner again. AdwCleaner by Xplode Download AdwCleaner from here or from here. Save the file to the desktop. NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete. Close all open windows and browsers. Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner. You will see the following console: You will see the following console: Click the Scan button and wait for the scan to finish. After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Click the Clean button. Everything checked will be deleted. When the program has finished cleaning a report appears. Once done it may ask to reboot (depending on what it found to remove): please allow this On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C#].txt -
Blocks incoming attack on c:\windows\system32\svchost.exe
dbreeze replied to CLZ's topic in Resolved Malware Removal Logs
Junkware Removal Tool Please download JRT from here to your desktop. Note: Temporarily disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here. Double click the JRT.exe file to run the application. The application will open an Command Prompt window and run from there (this is normal for this program, so not to be alarmed). When it is asked, press any key to allow the program to continue / run. This will create a log on the desktop; please copy and paste the JRT.txt log text in your next post. Note: After the log file is created, please enable your protection software / reboot your system and verify your protection software is enabled. We will check into the disk space issue next.