Jump to content

kevinf80

Experts
  • Content Count

    27,667
  • Joined

  • Last visited

  • Days Won

    6

Posts posted by kevinf80

  1. Hiya DOAdacha,

    Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.

    NOTE. It's important that both files, FRST or FRSTEnglish, and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

    Run FRST or FRST64 and press the Fix button just once and wait.
    If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
    The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

    Note: If the tool warned you about an outdated version please download and run the updated version.

    NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.

    NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed.

    The following directories are emptied:
     
    • Windows Temp
    • Users Temp folders
    • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
    • Recently opened files cache
    • Flash Player cache
    • Java cache
    • Steam HTML cache
    • Explorer thumbnail and icon cache
    • BITS transfer queue (qmgr*.dat files)
    • Recycle Bin


    Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

    user posted image

    The system will be rebooted after the fix has run.

    Next,

    Download Sophos Free Virus Removal Tool and save it to your desktop.

    If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....

    Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours...
     
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
    • If no threats were found please confirm that result....



    The Virus Removal Tool scans the following areas of your computer:
    • Memory, including system memory on 32-bit (x86) versions of Windows
    • The Windows registry
    • All local hard drives, fixed and removable
    • Mapped network drives are not scanned.


    Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

    Saved logs are found here: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs

    Let me see those logs in your reply...

    Thank you,

    Kevin..

    fixlist.txt

  2. Hiya Ron,

    That is not true, I have the same problem when I download your logs through Firefox... I have to accept the alert and complete the download...

    If you cannot accept the alert, do the following:

    Copy all of the script in the quote box including Start:: and End::

    Save that to notepad and name fixlist.txt Save to the same place as FRST

    Quote

    Start::
    SystemRestore: On
    CreateRestorePoint:
    CloseProcesses:
    Tcpip\..\Interfaces\{d90c98c8-5b0d-4f94-bfd2-a537f2c2ae56}: [DhcpNameServer] 8.8.8.8
    R0 cm_km; C:\WINDOWS\System32\drivers\cm_km.sys [238936 2016-06-10] (Kaspersky Lab -> AO Kaspersky Lab)
    C:\WINDOWS\System32\drivers\cm_km.sys
    AlternateDataStreams: C:\Users\Ron\Downloads\SetPoint6.67.83_64(1).exe:BDU [0]
    AlternateDataStreams: C:\Users\Ron\Downloads\unifying250(1).exe:BDU [0]
    FirewallRules: [{B05AEE42-9CEE-4284-9047-A5C3ADF530AF}] => (Allow) C:\Users\Ron\AppData\Roaming\Zoom\bin\airhost.exe => No File
    FirewallRules: [{90211EBB-AE95-46A7-8F06-9DBB0F47A01B}] => (Allow) C:\Users\Ron\AppData\Roaming\Zoom\bin\Zoom.exe => No File
    Hosts:
    cmd: "%WINDIR%\SYSTEM32\lodctr.exe" /R
    cmd: "%WINDIR%\SysWOW64\lodctr.exe" /R
    cmd: "%WINDIR%\SYSTEM32\lodctr.exe" /R
    cmd: "%WINDIR%\SysWOW64\lodctr.exe" /R
    cmd: sfc /scannow
    C:\Windows\Temp\*.*
    EmptyTemp:
    end::

     

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


    Run FRST/FRST64 and press the Fix button just once and wait.

    The tool will generate a log (Fixlog.txt) please post it in your reply.


    Thank you,

    Kevin

  3. Glad we could help.

    If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

    This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

    Please review the following for Tips to help protect from infection

    Thank you

     

     

  4. Due to the lack of feedback, this topic is closed to prevent others from posting here.

    If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

    This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

    Tips to help protect from infection

    Thanks

     

  5. Due to the lack of feedback, this topic is closed to prevent others from posting here.

    If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

    This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

    Tips to help protect from infection

    Thanks

     

  6. Due to the lack of feedback, this topic is closed to prevent others from posting here.

    If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

    This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

    Tips to help protect from infection

    Thanks

     

  7. Hello DOAdacha and welcome to Malwarebytes,

    Continue with the following:

    Open Malwarebytes, select > small cog wheel top right hand corner, that will open "settings" from there select "Security" tab.

    Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

    Clsoe out the settings window, this will take you back to "DashBoard" select the Blue "Scan Now" tab......

    When the scan completes quarantine any found entries...

    To get the log from Malwarebytes do the following:
     
    • Click on the Detection History tab > from main interface.
    • Then click on "History" that will open to a historical list
    • Double click on the Scan log which shows the Date and time of the scan just performed.
    • Click Export > From export you have two options:
      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

       
    • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


    Next,

    Download AdwCleaner by Malwarebytes onto your Desktop.

    Or from this Mirror
     
    • Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Accept the EULA (I accept), then click on Scan
    • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes
    • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
    • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


    Next,

    Download "Microsoft's Safety Scanner" and save direct to the desktop

    Ensure to get the correct version for your system....

    https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download


    Right click on the Tool, select Run as Administrator the tool will expand to the options Window
    In the "Scan Type" window, select Quick Scan
    Perform a scan and Click Finish when the scan is done.


    Retrieve the MSRT log as follows, and post it in your next reply:

    1) Select the Windows key and R key together to open the "Run" function
    2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

    notepad c:\windows\debug\msert.log

    The log will include log details for each time MSRT has run, we only need the most recent log by date and time....

    Next,

    Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"

    user posted image

    Let me see those logs in your reply...

    Thank you,

    Kevin..
  8. Hiya escasoni,

    Thanks for those logs, continue:

    Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.

    NOTE. It's important that both files, FRST or FRSTEnglish, and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

    Run FRST or FRST64 and press the Fix button just once and wait.
    If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
    The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

    Note: If the tool warned you about an outdated version please download and run the updated version.

    NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.

    NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed.

    The following directories are emptied:
     
    • Windows Temp
    • Users Temp folders
    • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
    • Recently opened files cache
    • Flash Player cache
    • Java cache
    • Steam HTML cache
    • Explorer thumbnail and icon cache
    • BITS transfer queue (qmgr*.dat files)
    • Recycle Bin


    Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

    user posted image

    The system will be rebooted after the fix has run.

    Next,

    Download Sophos Free Virus Removal Tool and save it to your desktop.

    If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....

    Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours...
     
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
    • If no threats were found please confirm that result....



    The Virus Removal Tool scans the following areas of your computer:
    • Memory, including system memory on 32-bit (x86) versions of Windows
    • The Windows registry
    • All local hard drives, fixed and removable
    • Mapped network drives are not scanned.


    Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

    Saved logs are found here: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs

    Let me see those logs in your reply, also tell me if there are any remaining issues or concerns...

    Thank you,

    Kevin..

    fixlist.txt

  9. Hiya Czer,

    That entry you mention is related to a Firewall rule, we`ve seen those listed in addition.txt log from FRST scan.. Nothing to be concerned about...

    Continue to finish up:

    Right click on FRST here: D:\Download\FRST.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator"

    If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST to uninstall

    That action will remove FRST and all created files and folders...

    Next,

    Try the following, if needed...

    Malwarebytes Browser Guard (Free) for Firefox: https://addons.mozilla.org/en-GB/firefox/addon/malwarebytes/

    Malwarebytes Browser Guard (Free) for Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee

    PatchMyPC, keep all your software upto date - https://patchmypc.com/home-updater#download

    From there you should be good to go...

    Next,

    Read the following links to fully understand PC Security and Best Practices, you may find them useful....

    Answers to Common Security Questions and best Practices

    Do I need a Registry Cleaner?

    Take care and surf safe

    Kevin... user posted image
    • Thanks 1
  10. Hiya owenflass,

    Thanks for those logs, continue:

    Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.

    NOTE. It's important that both files, FRST or FRSTEnglish, and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

    Run FRST or FRST64 and press the Fix button just once and wait.
    If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
    The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

    Note: If the tool warned you about an outdated version please download and run the updated version.

    NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.

    NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed.

    The following directories are emptied:
     
    • Windows Temp
    • Users Temp folders
    • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
    • Recently opened files cache
    • Flash Player cache
    • Java cache
    • Steam HTML cache
    • Explorer thumbnail and icon cache
    • BITS transfer queue (qmgr*.dat files)
    • Recycle Bin


    Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

    user posted image

    The system will be rebooted after the fix has run.

    Next,

    Open Malwarebytes, select > small cog wheel top right hand corner, that will open "settings" from there select "Security" tab.

    Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

    Clsoe out the settings window, this will take you back to "DashBoard" select the Blue "Scan Now" tab......

    When the scan completes quarantine any found entries...

    To get the log from Malwarebytes do the following:
     
    • Click on the Detection History tab > from main interface.
    • Then click on "History" that will open to a historical list
    • Double click on the Scan log which shows the Date and time of the scan just performed.
    • Click Export > From export you have two options:
      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

       
    • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


    Next,

    Download AdwCleaner by Malwarebytes onto your Desktop.

    Or from this Mirror
     
    • Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Accept the EULA (I accept), then click on Scan
    • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes
    • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
    • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply



    Next,

    Download "Microsoft's Safety Scanner" and save direct to the desktop

    Ensure to get the correct version for your system....

    https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download


    Right click on the Tool, select Run as Administrator the tool will expand to the options Window
    In the "Scan Type" window, select Quick Scan
    Perform a scan and Click Finish when the scan is done.


    Retrieve the MSRT log as follows, and post it in your next reply:

    1) Select the Windows key and R key together to open the "Run" function
    2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

    notepad c:\windows\debug\msert.log

    The log will include log details for each time MSRT has run, we only need the most recent log by date and time....

    Thanks,

    Kevin...

    fixlist.txt

  11. Hello owenflass and welcome to Malwarebytes,

    Run the following:

    Download Farbar Recovery Scan Tool and save it to your desktop.

    Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

    Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

    Be aware FRST must be run from an account with Administrator status... Right click on FRST and rename FRSTEnglish
     
    • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
    • Make sure Addition.txt is checkmarked under "Optional scans"
      user posted image
       
    • Press Scan button to run the tool....
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


    Thank you,

    Kevin
  12. Open your computer with internet off. Type or copy/paste windows updates into the search function on the taskbar, then hit enter...

    Your PC should open to the windows update options. From there select "Pause for 7 days" that should pause windows updates..

    Connect your internet, does it still crash...?

    Next,

    Download Farbar Service Scanner from here: http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ and run it on the computer with the issue.

    Make sure the following options are checked:
     
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
     
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
  13. Hiya theoldmole,

    Continue to clean up:

    Uninstall the following program (unless you prefer to keep it):

    Sophos AV

    http://www.askvg.com/how-to-completely-uninstall-remove-a-software-program-in-windows-without-using-3rd-party-software/

    Also delete this folder if still present: C:\ProgramData\Sophos

    Next,

    Right click on FRST here: C:\Users\John\Downloads\FRST.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator"

    If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST to uninstall

    That action will remove FRST and all created files and folders...

    Next,

    Install the folllowing:

    Malwarebytes Browser Guard (Free) for Firefox: https://addons.mozilla.org/en-GB/firefox/addon/malwarebytes/

    Malwarebytes Browser Guard (Free) for Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee

    PatchMyPC, keep all your software upto date - https://patchmypc.com/home-updater#download

    From there you should be good to go...

    Next,

    Read the following links to fully understand PC Security and Best Practices, you may find them useful....

    Answers to Common Security Questions and best Practices

    Do I need a Registry Cleaner?

    Take care and surf safe

    Kevin... user posted image
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.