Jump to content

kevinf80

Experts
  • Posts

    30,624
  • Joined

  • Last visited

  • Days Won

    29

Everything posted by kevinf80

  1. Delete fixlist.txt from your Desktop. Next, Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into. NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Run FRST/FRST64 and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply. Next, Run quick scans with Mlawarebytes and Defender, let me see the results.. Kevin fixlist.txt
  2. This turning int an extreme PIA for sure, I want to run a diagnostic scan to look at your system and see what is onboard, specifically tools that have been used etc, I want remove all of these entries/tools etc and start over again.... If you agree run the following: Download OTL from any of the following links and save to your desktop. http://itxassociates.com/OT-Tools/OTL.com http://oldtimer.geekstogo.com/OTL.exe http://www.itxassociates.com/OT-Tools/OTL.scr Double click the OTL icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert) When the window appears, underneath Output at the top, make sure Standard output is selected. Select Scan all users Change Drivers to All Under the Extra Registry section, check Use SafeList In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check". Click Run Scan and let the program run uninterrupted. When the scan is complete, two text files will be created on your Desktop. OTL.Txt <- this one will be opened Extras.txt <- this one will be minimized Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply. I f these logs exceed forum character limits attach them... Kevin..
  3. Yes please removed entries found by Malwarebytes... Next, Log on as Admistrator and run FRST one more time, post that log in next reply..
  4. Download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Kevin..
  5. Can you perform a clean boot and see how your system responds, tell me if the same issues still happen in that state. We can do some maintenance when we are certain no malware is onboard...
  6. Not seeing anything obviously malicious in your logs, perform a clean boot and see if this makes any difference. Expand and follow the instructions for Windows 7 at this link: http://support.microsoft.com/kb/929135 Kevin...
  7. Good to hear you have restored your PC to a usable state. It is always best to make regular backups of system and important data so you never lose anything. Windows 7 has that inherent capability but is often overlooked, have a look at the following link: http://windows.microsoft.com/en-gb/windows7/products/features/backup-and-restore Take care, Kevin....
  8. Run the following: Download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Let me see those logs.. Kevin
  9. Do the following.. Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop. Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator Click on the Scan button. AdwCleaner will begin...be patient as the scan may take some time to complete. When it's done you'll see: Pending: Uncheck any elements you don't want removed. Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review. Look over the log especially under Files/Folders for any program you want to save. If there's a program you want to save, just uncheck it from AdwCleaner. If you're not sure, post the log for review. If you're ready to clean it all up.....click the Clean button. After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically. Copy and paste the contents of that logfile in your next reply. A copy of that logfile will also be saved in the C:\AdwCleaner folder. Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine To restore an item that has been deleted (if necessary): Go to Tools > Quarantine Manager > check what you want restored > now click on Restore. Next, Download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Post those logs... Kevin
  10. Read the following Stickie from the top of the forum.... http://forums.malwarebytes.org/index.php?showtopic=97700 Kevin..
  11. Do the following: Uninstall anything related to IOBit or Advanced System Care, Reboot.. Next, Download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Kevin
  12. Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into. NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Run FRST/FRST64 and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply. Next, Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop. Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator Click on the Scan button. AdwCleaner will begin...be patient as the scan may take some time to complete. When it's done you'll see: Pending: Uncheck any elements you don't want removed. Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review. Look over the log especially under Files/Folders for any program you want to save. If there's a program you want to save, just uncheck it from AdwCleaner. If you're not sure, post the log for review. If you're ready to clean it all up.....click the Clean button. After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically. Copy and paste the contents of that logfile in your next reply. A copy of that logfile will also be saved in the C:\AdwCleaner folder. Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine To restore an item that has been deleted (if necessary): Go to Tools > Quarantine Manager > check what you want restored > now click on Restore. Next, Open Malwarebytes, check for updates then run Quick scan. Full instructions follow if Malwarebytes is not installed: Download Malwarebytes from one of the following links and save it to your desktop.: http://www.malwarebytes.org/mbam.php ] http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note) Please save the log to a location you will remember. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy and paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Post those logs in next reply, also let me know if any issues or concens remain.... Kevin fixlist.txt
  13. I assume you cannot boot to safe mode, you have access to another PC? download Farbar Recovery Scan Tool from here: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ save it to a USB flash drive. Ensure to get the correct version for your system, 64 bit <--- YOU SAY THIS? Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Plug the flash drive into the infected PC. If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt Here: http://www.bleepingcomputer.com/tutorials/windows-8-recovery-environment-command-prompt/ to enter System Recovery Command prompt. If you are using Vista or Windows 7 enter System Recovery Options. Plug the flashdrive into the infected PC. Enter System Recovery Options I give two methods, use whichever is convenient for you. To enter System Recovery Options from the Advanced Boot Options: Restart the computer. As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears. Use the arrow keys to select the Repair your computer menu item. Select Your Country as the keyboard language settings, and then click Next. Select the operating system you want to repair, and then click Next. Select your user account an click Next. To enter System Recovery Options by using Windows installation disc: Insert the installation disc. Restart your computer. If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings. Click Repair your computer. Select Your Country as the keyboard language settings, and then click Next. Select the operating system you want to repair, and then click Next. Select your user account and click Next. On the System Recovery Options menu you will get the following options: Startup Repair System Restore Windows Complete PC Restore Windows Memory Diagnostic Tool Command Prompt Select Command Prompt In the command window type in notepad and press Enter. The notepad opens. Under File menu select Open. Select "Computer" and find your flash drive letter and close the notepad. In the command window type e:\frst64 or e:\frst depending on your version. Press Enter Note: Replace letter e with the drive letter of your flash drive. The tool will start to run. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
  14. Yes correct with ESET scan, I only ask for a report. We deal with remaining issues now: Download OTM from either of the following links and save to your Desktop: http://oldtimer.geekstogo.com/OTM.exe. http://www.itxassociates.com/OT-Tools/OTM.com http://www.itxassociates.com/OT-Tools/OTM.exe Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes... Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): :Filesipconfig /flushdns /cC:\FRSTC:\Users\Rich\AppData\Local\Temp\307C.tmpC:\Users\Rich\AppData\Local\Temp\3533.tmpC:\Users\Rich\AppData\Local\Temp\PDF5716.tmpC:\Users\Rich\AppData\Local\Temp\A90CE506-BAB0-7891-87D8-A5BE2ADEBD92\IEHelper.dllC:\Users\Rich\AppData\Local\Temp\A90CE506-BAB0-7891-87D8-A5BE2ADEBD92\Setup.exeC:\Users\Rich\AppData\Local\Temp\A90CE506-BAB0-7891-87D8-A5BE2ADEBD92\Latest\ccp.exeC:\Users\Rich\AppData\Local\Temp\A90CE506-BAB0-7891-87D8-A5BE2ADEBD92\Latest\IEHelper.dllC:\Users\Rich\Downloads\cbsidlm-tr1_11-OFXViewer-ORG-75628573.exeC:\Windows\System32\FlashPlayerUpdateService.exeC:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exeC:\Windows\SysWOW64\FlashPlayerUpdateService.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe:Commands[EmptyTemp] Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste. Click the red button. Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTM Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. If the machine reboots, the Results log can be found here: c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log Where mmddyyyy_hhmmss is the date of the tool run. Post me that log, let me know how your system is responding also if any remaining issues or concerns.. Kevin....
  15. error 31 is usually related to a duff driver issue, hence a reboot will attribute a fresh driver and all is well. What system are you running, XP, Vista, Windows 7 or 8 also is it 32 bit or 64 bit? have you tried booting into Safe mode?
  16. Ensure to run ERUNT for a reg back up first, then if you are comfortable to work in the registry feel free to move that entry....
  17. Download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Kevin...
  18. Thanks for update, the reg entries still show. OK we try a different method... Make sure you are logged in as with admin status, select the windows key and R key together, in the run box type cmd and hit enter. At the prompt I want you to run the following two commands and hit enter after each one. Highlight each command in turn, right click and select copy. Right click at the prompt, select paste, hit enter. REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers" /v "C:\Program Files\Zoom Search Engine 6.0\ZoomIndexer.exe" /f REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers" /v "C:\WINXP\explorer.exe" /f Type exit when done, hit enter then reboot the system, does DEP alert still happen?
  19. When you ran the reg fix from reply #30 did you get a successful merge alert? it does not appear to have worked....
  20. Can you run Mbam-Check one more time and attach its log, to attach select the "more reply options" below reply box, the new window is self explanatory, browse/open/attach this file.... Also run FRST again, I give instruction again if needed: Download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. Only the first time the tool is run, it makes also another log (Addition.txt). none from second run... post or attach also... Kevin
  21. Thanks to AdvancedSetup for guidance with mbam-check log, i`d like to run a registry fix to see if this issue can be put right. It is always beneficial to make a backup of the registry before this is done. As follows please: Download ERUNT (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.) Install ERUNT by following the prompts (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later) Start ERUNT (either by double clicking on the desktop icon or choosing to start the program at the end of the setup) Choose a location for the backup (the default location is C:\WINDOWS\ERDNT which is acceptable). Make sure that at least the first two check boxes are ticked Press OK Press YES to create the folder. Please follow these instructions carefully: Open Notepad, check the Format Menu and make sure Word Wrap is NOT selected. Then copy and paste the following from inside the code box to Notepad: Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers]"C:\WINXP\explorer.exe"=-"C:\Program Files\Zoom Search Engine 6.0\ZoomIndexer.exe"=- Next, Click on the File Menu, then Save As ... and click on the drop down menu to change the file type to All Files. Next navigate to your desktop, and enter the file name fixme.reg, and click Save. You should now find a new file on your desktop named fixme.reg. Double click on fixme.reg. You will get a warning, agree to the merge, and then a message the file has been merged will immediately pop up. Then reboot. Kevin...
  22. Yes please delete RogueKiller and folder RK_Quarantine, DDS and logs. Security Check was used from reply #14, delete that also. If all is ok with no issues here are some tips to reduce the potential for malware infection in the future: Make proper use of your antivirus and firewall Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important. You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own. Install and use WinPatrol from here http://www.winpatrol.com/download.html This will inform you of any attempted unauthorized changes to your system. WinPatrol features explained here http://www.winpatrol.com/features.html Go here http://www.filehippo.com/updatechecker/ run the FileHippo Update Checker, update all applications as suggested by the Update Checker. Ignore any Beta updates. (Use stand alone version, not a full install) If Java or Adobe are updated please check under Start > Control Panel > Add/Remove Programs, ensure any old versions are removed. <--- Very important Use a safer web browser Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives: FireFox http://www.mozilla.com/en-US/, Opera http://www.opera.com/, and Chrome http://www.google.com/chrome. All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here http://www.bleepingcomputer.com/tutorials/tutorial102.html which will help you to make IE MUCH safer. These browser add-ons will help to make your browser safer: Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones: Available for Firefox and Internet Explorer. Green to go, Yellow for caution, and Red to stop. Available for Firefox only. NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing. These are just a couple of the most popular add-ons, if you're interested in more, take a look at this article: http://browsers.about.com/od/addonsplugi2/tp/browser_security_privacy.htm Here a couple of links by two security experts that will give some excellent tips and advice. So how did I get infected in the first place by Tony Klein from here: http://www.spywareinfoforum.com/index.php?/topic/60955-so-how-did-i-get-infected-in-the-first-place/ How to prevent Malware by Miekiemoes from here: http://users.telenet.be/bluepatchy/miekiemoes/prevention.html Finally this link http://www.geekstogo.com/forum/topic/38-free-antivirus-and-antispyware-software will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s. Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint. Let me know when its OK to close out your thread.... Take care, Kevin
  23. Delete C:\Users\Sarahlynn Hayden\Downloads\FRST64 Delete C:\FRST Next, Remove ESET online scanner (Only If installed): Click Start, type Uninstall a Program into the Search programs and files box, and then press ENTER. Click to select ESET Online Scanner from the listing of installed products, and then click Uninstall/Change from the bar that displays the available tasks. Uninstall ESETonline Scanner, only re-boot if prompted. Next, Uninstall adwcleaner.exe Please close all open programs and internet browsers. Double click on adwcleaner.exe to run the tool. Click on Uninstall Click Yes at Would you like to Uninstall Adwcleaner Next, Double-click OTM.exe to run it. Windows 7 or Vista accept UAC alert.. Click on the green CleanUp! button and it will populate a list of items to clean from your system that we used or may have used. It should ask if you want to clean up, select Yes. You maybe asked to reboot, allow that to happen. Also Delete Security Checks plus any produced logs.... Let me know if those steps complete OK..... Kevin
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.