Jump to content

kevinf80

Experts
  • Content Count

    25,006
  • Joined

  • Last visited

Posts posted by kevinf80


  1. Hello Forresian,

    Yes logs are clean, no further action required.....

    Right click on FRST here: C:\Users\nicol\Downloads\FRST64.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator"

    If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST64 to uninstall

    That action will remove FRST and all created files and folders...

    Next,

    Run Windows Disk Clean Up Utility - https://neosmart.net/wiki/disk-cleanup/

    From there you should be good to go...

    Next,

    Read the following links to fully understand PC Security and Best Practices, you may find them useful....

    Answers to Common Security Questions and best Practices

    Do I need a Registry Cleaner?

    Take care and surf safe

    Kevin... user posted image

  2. Hello Jacob,

    Thanks for those logs, no remaining signs of malware or infection. Continue to clean up...

    Right click on FRST here: D:\Users\jacob\Desktop\FIX IT!!\FRST64.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator"

    If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST64 to uninstall

    That action will remove FRST and all created files and folders...

    Next,

    Remove all System Restore Points: https://www.tenforums.com/tutorials/33593-delete-system-restore-points-windows-10-a.html#option2

    Create clean fresh Restore Point: http://www.thewindowsclub.com/create-system-restore-point

    Run Windows Disk Clean Up Utility - https://neosmart.net/wiki/disk-cleanup/

    From there you should be good to go...

    Next,

    Read the following links to fully understand PC Security and Best Practices, you may find them useful....

    Answers to Common Security Questions and best Practices

    Do I need a Registry Cleaner?

    Take care and surf safe

    Kevin... user posted image

  3. Hello ThatzNice and welcome to Malwarebytes,

    Run the following:

    Download Farbar Recovery Scan Tool and save it to your desktop.

    Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

    Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

    Be aware FRST must be run from an account with Administrator status...
     
    • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
    • Make sure Addition.txt is checkmarked under "Optional scans"
      user posted image
       
    • Press Scan button to run the tool....
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


    Thank you,

    Kevin...

  4. Hiya Mickey123,

    What is current situation with your PC, are the blocks only happening when you use Chrome or does it happen if alternative browser is used... Edge or Firefox.

    The IP address does not seem to be malicious, neither does the URL...

    https://whois.domaintools.com/52.212.81.15

    https://cleantalk.org/blacklists/52.212.81.15

    https://www.virustotal.com/gui/url/bfa7181c62c3e08abe8b4e3d5b3499ae2c87ed87341ab087496287e02c760505/detection

    Maybe we need to move this to blocked website forum, lets wait and see what @AdvancedSetup thinks...

    Chrome bookmarks can be saved by exporting to a folder of your choice and importing back from that saved folder, have a look at the following link..

    Apologies for my sporadic responses, I have personal issues taking up most of my time..

    Thank you,

    Kevin..


  5. Hello Jacob and welcome to Malwarebytes,

    Thanks for those logs, continue:

    Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
    NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

    Open FRST and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

    user posted image

    Next,

    Open Malwarebytes Anti-Malware.
     
    • On the Settings tab > Protection Scroll to and make sure the following are selected:

      Scan for Rootkits
      Scan within Archives
       
    • Scroll further to Potential Threat Protection make sure the following are set as follows:
      Potentially Unwanted Programs (PUP`s) set as :- Always detect PUP`s (recommended)
      Potentially Unwanted Modifications (PUM`s) set as :- Alwaysdetect PUM`s (recommended)
       
    • Click on the Scan make sure Threat Scan is selected,
    • A Threat Scan will begin.
    • When the scan is complete if anything is found make sure that the first checkbox at the top is checked (that will automatically check all detected items), then click on the Quarantine Selected Tab
    • If asked to restart your computer to complete the removal, please do so
    • When complete click on Export Summary after deletion (bottom-left corner) and select Copy to Clipboard.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    • After the restart once you are back at your desktop, open Malwarebytes once more to retrieve the log.


    To get the log from Malwarebytes do the following:
     
    • Click on the Reports tab > from main interface.
    • Double click on the Scan log which shows the Date and time of the scan just performed.
    • Click Export > From export you have two options:
      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

       
    • Use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


    Next,

    Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

    Ensure to get the correct version for your system....

    https://www.microsoft.com/en-gb/download/malicious-software-removal-tool-details.aspx


    Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
    In the "Scan Type" window, select Quick Scan
    Perform a scan and Click Finish when the scan is done.


    Retrieve the MSRT log as follows, and post it in your next reply:

    1) Select the Windows key and R key together to open the "Run" function
    2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

    notepad c:\windows\debug\mrt.log

    The log will include log details for each time MSRT has run, we only need the most recent log by date and time....

    Let me see those logs in your reply, also tell me if there are any remaining issues or concerns...

    Thank you,

    Kevin...

     

    fixlist.txt


  6. Hello newbiePCUser and welcome to Malwarebytes,

    The blocked outbound call IP address is located in Russia, it is very possible that your steam account is hacked... Lets run a couple of scans to make sure your system is clean, if so you can change your steam account password..

    Open Malwarebytes, select > "settings" > "protection tab"

    Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

    Go back to "DashBoard" select the Blue "Scan Now" tab......

    When the scan completes quarantine any found entries...

    To get the log from Malwarebytes do the following:
     
    • Click on the Report tab > from main interface.
    • Double click on the Scan log which shows the Date and time of the scan just performed.
    • Click Export > From export you have two options:
      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

       
    • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


    Next,

    Download AdwCleaner by Malwarebytes onto your Desktop.

    Or from this Mirror
     
    • Right-click on AdwCleaner.exe and select user posted imageRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Accept the EULA (I accept), then click on Scan
    • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes
    • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
    • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


    Next,

    Download Farbar Recovery Scan Tool and save it to your desktop.

    Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

    Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

    Be aware FRST must be run from an account with Administrator status...
     
    • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
    • Make sure Addition.txt is checkmarked under "Optional scans"
      user posted image
       
    • Press Scan button to run the tool....
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


    Let me see those logs in your reply...

    Thank you,

    Kevin....

     


  7. Hello Gerado_Arg,

    Entries that are in "Quarantine" are deemed inert and cannot cause any issue to your system. It is always wise to leave those entries in Quarantine for maybe 7 days in case they are found to be false positives and need to be restored...

    If they do need to be removed after a proven time, open Quarantine from main interface, select the entry in question. There are two options "Delete" or "Restore"

    Next,

    Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"

    user posted image
     
    Thank you,
     
    Kevin..

  8. Hiya Prathap,

    We have used some very thorough scanners with no definite malware or infection being identified, maybe your system is actually clean. Lets try a clean boot and see if that makes any difference...

    Set windows up for "Clean Boot" mode, full instructions here: https://support.microsoft.com/en-gb/kb/929135

    Basically all none MS services are disabled, see how your system runs in that mode. Obviously 3rd party services that affect security or internet connection can be left active.

    If clean boot makes your system faster and more responsive it is now a process of elimination to find which non MS service(s) was affecting your system...

    Go through the process again, this time with all MS services hidden again enable the top half of non MS services, re-boot and see how your system responds, if still ok the top half can be left enabled.

    Repeat again, enable so many of the bottom half then re-boot. Continue until you locate the problem service(s). A process of elimination, a bit long winded but worth the effort. Let me know the outcome...
     
    Thank you,
     
    Kevin...

  9. Hello Gerardo_Arg and welcome to Malwarebytes,

    The log you`ve posted from Malwarebytes shows "Sin acciones por parte del usuario" (No actions by the user) Is that correct?

    Open Malwarebytes Anti-Malware.
     
    • On the Settings tab > Protection Scroll to and make sure the following are selected:

      Scan for Rootkits
      Scan within Archives
       
    • Scroll further to Potential Threat Protection make sure the following are set as follows:
      Potentially Unwanted Programs (PUP`s) set as :- Always detect PUP`s (recommended)
      Potentially Unwanted Modifications (PUM`s) set as :- Alwaysdetect PUM`s (recommended)
       
    • Click on the Scan make sure Threat Scan is selected,
    • A Threat Scan will begin.
    • When the scan is complete if anything is found make sure that the first checkbox at the top is checked (that will automatically check all detected items), then click on the Quarantine Selected Tab
    • If asked to restart your computer to complete the removal, please do so
    • When complete click on Export Summary after deletion (bottom-left corner) and select Copy to Clipboard.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    • After the restart once you are back at your desktop, open Malwarebytes once more to retrieve the log.


    To get the log from Malwarebytes do the following:
     
    • Click on the Reports tab > from main interface.
    • Double click on the Scan log which shows the Date and time of the scan just performed.
    • Click Export > From export you have two options:
      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

       
    • Use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


    Next,

    Please download AdwCleaner by Malwarebytes and save the file to your Desktop. https://downloads.malwarebytes.com/file/adwcleaner
    • Right-click on the program and select Run as Administrator to start the tool.
    • Accept the Terms of use.
    • Wait until the database is ?updated.
    • Click Scan Now.
    • When finished, please click Clean & Repair.
    • Your PC should reboot now if any items were found.
    • After reboot, a log file will be opened. Copy its content into your next reply. ?


    Next,

    Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

    Ensure to get the correct version for your system....

    https://www.microsoft.com/en-gb/download/malicious-software-removal-tool-details.aspx


    Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
    In the "Scan Type" window, select Quick Scan
    Perform a scan and Click Finish when the scan is done.


    Retrieve the MSRT log as follows, and post it in your next reply:

    1) Select the Windows key and R key together to open the "Run" function
    2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

    notepad c:\windows\debug\mrt.log

    The log will include log details for each time MSRT has run, we only need the most recent log by date and time....

    Let me see those logs in your reply, also tell me if there are any remaining issues or concerns...

    Thank you,

    Kevin..

  10. Hello simajohnson and welcome to Malwarebytes,

    Continue with the following:

    If you do not have Malwarebytes installed do the following:

    Download Malwarebytes version 3 from the following link:

    https://www.malwarebytes.com/mwb-download/thankyou/

    Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions....

    When the install completes or Malwarebytes is already installed do the following:

    Open Malwarebytes, select > "settings" > "protection tab"

    Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

    Go back to "DashBoard" select the Blue "Scan Now" tab......

    When the scan completes quarantine any found entries...

    To get the log from Malwarebytes do the following:
     
    • Click on the Report tab > from main interface.
    • Double click on the Scan log which shows the Date and time of the scan just performed.
    • Click Export > From export you have two options:
      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

       
    • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


    Next,

    Download AdwCleaner by Malwarebytes onto your Desktop.

    Or from this Mirror
     
    • Right-click on AdwCleaner.exe and select user posted imageRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Accept the EULA (I accept), then click on Scan
    • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes
    • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
    • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


    Next,

    Download Farbar Recovery Scan Tool and save it to your desktop.

    Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

    Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

    Be aware FRST must be run from an account with Administrator status...
     
    • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
    • Make sure Addition.txt is checkmarked under "Optional scans"
      user posted image
       
    • Press Scan button to run the tool....
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


    Let me see those logs in your reply...

    Thank you,

    Kevin....

  11. Hello Prathap,

    Those are some kind of trace file that are encrypted to protect information, not sure why? Have a read at the following links:

     
    Try the following scan:
     
    Offline scan for windows 10

    Open the search function, type or copy/paste Windows Defender Security Center then select ok to open that option.

    In the new window select Virus and Threat Protection then select Scan Options

    The scan options window will open, from there select Windows Defender Offline Scan

    You will be given the option to save any opened work etc, then select Scan from there when the scan completes Windows will reboot..

    To check for found entries:

    Select Start , and then select Settings > Update & Security > Windows Security > Virus & threat protection . On the Virus & threat protection screen select Protection history.

    If entries are shown as "Found" the time and date will be same as the offline scan just completed.....
     
    Regards,
     
    Kevin..

  12. Hello Prathsp,

    I understand your concerns, usually the majority of infections including what you mention do show there presence in FRST logs. lets try another scanner...

    Please read carefully and follow these steps.
    • Download TDSSKiller from here  http://support.kaspersky.com/downloads/utils/tdsskiller.exe and save it to your Desktop.
    • Doubleclick on user posted image to run the application.
    • The "Ready to scan" window will open, Click on "Change parameters"

      user posted image

       
    • Ensure all entries are Checkmarked under Additionl Options, Ensure all entries are Checkmarked under Objects to scan When Loaded Modules is checkmarked a re-boot will be offered, allow that to happen...

      user posted image

       
    • Continue after reboot select "Change Parameters" make sure entries are checkmarked and then Select "Start Scan"

      user posted image

       
    • If an infected file is detected, the default action will be Cure, click on Continue.

      user posted image

       
    • If a suspicious file is detected, the default action will be Skip, click on Continue.

      user posted image

       
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

      user posted image

       
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    Thank you,

    Kevin...


  13. Thanks for the update vparkinson47, good to hear your issue is cleared...

    Continue:

    Uninstall the following program:

    Zemana

    http://www.askvg.com/how-to-completely-uninstall-remove-a-software-program-in-windows-without-using-3rd-party-software/

    Next,

    Delete RogueKiller portable from this folder C:\Users\spatialwarp\Desktop\ also delete this folder if present: C:\ProgramData\RogueKiller

    Next,

    Right click on FRST here: C:\Users\spatialwarp\Downloads\FRST64.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator"

    If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST64 to uninstall

    That action will remove FRST and all created files and folders...

    Next,

    Remove all System Restore Points: https://www.tenforums.com/tutorials/33593-delete-system-restore-points-windows-10-a.html#option2

    Create clean fresh Restore Point: http://www.thewindowsclub.com/create-system-restore-point

    Run Windows Disk Clean Up Utility - https://neosmart.net/wiki/disk-cleanup/

    From there you should be good to go...

    Next,

    Read the following links to fully understand PC Security and Best Practices, you may find them useful....

    Answers to Common Security Questions and best Practices

    Do I need a Registry Cleaner?

    Take care and surf safe

    Kevin... user posted image
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.