kevinf80

Any progress...?

Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you

Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you

Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Tips to help protect from infection Thanks

Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you

Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Tips to help protect from infection Thanks

Ok, thanks....

I do not believe there is any malware or infection on your system, lets see what happens when you boot up later.. If you are removing Zonealarm there is a tool that removes all traces, have a look at the following link: https://www.majorgeeks.com/files/details/zone_alarm_uninstall.html Give an update later...

Did you also run the last step to search files...

One final scan before we clean up, just to be sure: Download Sophos Free Virus Removal Tool and save it to your desktop. If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete..... Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours... Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View log file... (bottom left hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found please confirm that result.... The Virus Removal Tool scans the following areas of your computer: Memory, including system memory on 32-bit (x86) versions of Windows The Windows registry All local hard drives, fixed and removable Mapped network drives are not scanned. Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan. Thanks, Kevin..

That certainly does not sound normal, is it still happening now when you boot up..?

I have no preference, I personally use Windows Defender Firewall. I suppose if I had to choose I`d get rid of Zonealarm.... What is the current status of your system, any remaining issues or concerns...?

Ok thanks...

Removal failed again...... Programs that are installed on your system require an allowed certificate to work, if for whatever reason any program has a disallowed certificate it will not work. Your system had several disallowed certificates in place to stop certain Security Programs from running, we removed all except for one allotted to Avast. It would seem that reg entry has permissions denying removal... Are you comfortable working in the registry..? if you are you can open regedit then navigate to the following key HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\F75019695C0504E3ABEFEDCD8FBE500DA08EC8FA Then right click on the numerical key and select "Permissions" from there you need to take full ownership for the Admin account that you use... A good description with images is at the following link: https://www.groovypost.com/howto/take-full-permissions-control-edit-protected-registry-keys/

The certificate is still blocked from removal even though FRST did unlock the key... Can you run anothe scan with Malwarebytes and post its log...

Thats` good to hear, one last problem that may cause problems with your system. There are two Firewalls active, McAfee and Zonealarm, one of those needs to be removed or at least disabled...

Try this please: Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix" NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. fixlist.txt

Does Avast work normally, update and scan ...? Its disallowed certificate was blocked from removal in FRST fix.. HKLM\ DisallowedCertificates: F75019695C0504E3ABEFEDCD8FBE500DA08EC8FA (Avast Antivirus/Software) <==== ATTENTION HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\F75019695C0504E3ABEFEDCD8FBE500DA08EC8FA => could not remove, key could be protected

What about step 1 FRST fix...?

Did you follow the instructions to check for Group Policy settings..?

Systems are always under attack, your Firewall will block many so will other security you have installed. One of the pitfalls of using Windows I guess. If your security is updated it should keep you safe... Post the mbar logs whenever you`re ready...

Hello Keyenpeydee, Continue as follows: Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix" NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Open Malwarebytes, select > "settings" > "security tab" Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Go back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes quarantine any found entries... To get the log from Malwarebytes do the following: Single click on the target sight above scanner window. In the new window select Report Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options: Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply Export toTxt - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Export to Txt" then attach the log to your reply... Next, Download AdwCleaner by Malwarebytes onto your Desktop. Or from this Mirror Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Next, Download "Microsoft's Safety Scanner" and save direct to the desktop Ensure to get the correct version for your system.... https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window In the "Scan Type" window, select Quick Scan Perform a scan and Click Finish when the scan is done. Retrieve the MSRT log as follows, and post it in your next reply: 1) Select the Windows key and R key together to open the "Run" function 2) Type or Copy/Paste the following command to the "Run Line" and Press Enter: notepad c:\windows\debug\mrt.log The log will include log details for each time MSRT has run, we only need the most recent log by date and time.... Let me see those logs in your reply... Thank you, Kevin... fixlist.txt

Do not see any obvious Malware or Infection in the FRST logs.. Continue: Please download Malwarebytes Anti-Rootkit from here Right click on the tool (select "Run as Administrator) to start the extraction to a convenient location. (Desktop is preferable) Open the folder where the contents were unzipped and run mbar.exe Follow the instructions in the wizard to update and allow the program to scan your computer for threats. Click on the Cleanup button to remove any threats and reboot if prompted to do so. Wait while the system shuts down and the cleanup process is performed. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process. When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt Thanks, Kevin

Can you run Sophos AV and post the produced log

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix" NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. fixlist.txt