-
Posts
30,624 -
Joined
-
Last visited
-
Days Won
29
Community Answers
-
kevinf80's post in Clicked on suspicious link in email was marked as the answer
Hello Victorian1899,
Not a great deal in those logs, continue:
Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.
NOTE. It's important that both files, FRST or FRSTEnglish, and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.
Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.
Note: If the tool warned you about an outdated version please download and run the updated version.
NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.
NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed.
The following directories are emptied:
Windows Temp Users Temp folders Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin
Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.
The system will be rebooted after the fix has run.
Next,
Download Sophos Scan and Clean and save it to your desktop.
If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....
Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take awhile to complete...
You will have to register your name and email address to download the tool. You will also have to confirm your email address again each time the scan started...
Found entries will have options to delete or quarantine, if you believe they maybe false positives you can change to ignore.
A reboot maybe requested to remove difficult malware/infection, please allow that to happen
Saved logs are found here: C:\ProgramData\Sophos\ScanandClean\Logs
Let me see those logs in your reply...
Thank you,
Kevin. fixlist.txt
-
kevinf80's post in SPPEXTCOMOBJHOOK.DLL - KMS Virus years after installing windows? was marked as the answer
Hello Raptor021 and welcome to Malwarebytes,
Run the following scan, lets see if anything shows up:
Download Farbar Recovery Scan Tool and save it to your desktop.
Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...
Be aware FRST must be run from an account with Administrator status... If English is not your primary language Right click on FRST/FRST64 and rename FRSTEnglish/FRST64English
Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans"
Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The tool will also make a log named (Addition.txt) Please also attach that log to your reply.
If necessary:
Disable smart screen ONLY if it interferes with software we may have to use:
https://support.microsoft.com/en-us/microsoft-edge/what-is-smartscreen-and-how-can-it-help-protect-me-1c9a874a-6826-be5e-45b1-67fa445a74c8
Please remember to enable when we are finished....
Next,
Disable any Anti-virus software you have installed ONLY if it stops software we may use from working:
https://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/
Please remember to enable AV software when we are finished running scans....
Thank you,
Kevin -
kevinf80's post in "backdoor.farfli" appears every time I reboot was marked as the answer
Hiya Carmas,
Thanks for those logs, continue:
Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.
NOTE. It's important that both files, FRST or FRSTEnglish, and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.
Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.
Note: If the tool warned you about an outdated version please download and run the updated version.
NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.
NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed.
The following directories are emptied:
Windows Temp Users Temp folders Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin
Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.
The system will be rebooted after the fix has run.
Next,
Download Sophos Scan and Clean and save it to your desktop.
If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....
Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take awhile to complete...
You will have to register your name and email address to download the tool. You will also have to confirm your email address again each time the scan started...
Found entries will have options to delete or quarantine, if you believe they maybe false positives you can change to ignore.
A reboot maybe requested to remove difficult malware/infection, please allow that to happen
Saved logs are found here: C:\ProgramData\Sophos\ScanandClean\Logs
Attach those logs to your next reply...
Thank you,
Kevin. fixlist.txt
-
kevinf80's post in Rough.TechSupportScam registry key? was marked as the answer
As you suspect, looks very much like a false positive.. I`ll ask for advice from one of the admins.....
-
kevinf80's post in RTP Detections was marked as the answer
Hello haribo,
Thanks for those logs, there are no obvious signs of any malware or infection in your logs. The RTP detections are inbound, nothing unusual there, Malwarebytes is just doing its job.
One point, your hosts file has been modified. I assume that is known to you..?
Thank you,
Kevin
-
kevinf80's post in I clicked on a .scr file, because it was renamed to .mp4 was marked as the answer
Where did the file come from, size is 556mb. File is definitely malicious and classed as a decompression bomb. I do not see any obvious Malwareor Infection in your logs. Run the following please and post the produced log:
Download Sophos Scan and Clean and save it to your desktop.
If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....
Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take awhile to complete...
You will have to register your name and email address to download the tool. You will also have to confirm your email address again each time the scan started...
Found entries will have options to delete or quarantine, if you believe they maybe false positives you can change to ignore.
A reboot maybe requested to remove difficult malware/infection, please allow that to happen
Saved logs are found here: C:\ProgramData\Sophos\ScaanandClean\Logs Thank you, Kevin -
kevinf80's post in WindowsPlayer.exe(Heur.AdvML.C) detected by Norton Autoprotect was marked as the answer
Hiya homeslice,
I believe this is a False Positive, I recommend that you contact Norton and take it up with their development team...
Regards,
Kevin..
-
kevinf80's post in VirTool:Win32/DefenderTamperingRestore was marked as the answer
Yes that is not a false positive per se, it is because Malwarebytes has turned WD off. Follow the instructions I gave previously to deregister Malwarebytes from Windows Security Center in Malwarebytes settings. After a reboot the issue should be cleared
-
kevinf80's post in Found Heimdall exe downloaded on my PC after some odd behaviour was marked as the answer
Hiya HL,
Do not see any obvious Malware or Infection in your logs, have a read of the following regarding your concern...
Is that something you may have been researching..?
Regards,
Kevin
-
kevinf80's post in PC FREEZING RANDOMLY was marked as the answer
Unfortunately I cannot offer any further help, piracy is not condoned at Malwarebytes Forums....
https://forums.malwarebytes.com/guidelines/
-
kevinf80's post in Is Svchost.exe malware? was marked as the answer
Hello Hyperwolf122,
Your logs are clean, no signs of Malware or Infection. Your current problem is because Controlled Folder Access is enabled, hence the alerts you are seeing...
The default setting for Controlled Folder Access is OFF, having it on will make your system more secure but can also cause a lot of ambiguity. My setting is current set to OFF, I did not change that setting, it came that way when I upgraded to Windows 11. I can also confirm it was also that way when I upgraded from Windows 7 to Windows 10...
My advice would be to disable Controlled Folder Access, obviously that choice is yours to make. Have a read at the following links:
https://support.microsoft.com/en-us/windows/allow-an-app-to-access-controlled-folders-b5b6627a-b008-2ca2-7931-7e51e912b034
https://www.tenforums.com/tutorials/113380-how-enable-disable-controlled-folder-access-windows-10-a.html
https://www.howtogeek.com/329532/how-to-protect-your-files-from-ransomware-with-windows-defenders-controlled-folder-access/
Let me know your thoughts...
Regards,
Kevin.
-
kevinf80's post in Malicious sites blocked (Category: Trojan) was marked as the answer
Hiya deben22,
Uninstall the following:
Chrome Remote Desktop Host
Next,
Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.
NOTE. It's important that both files, FRST or FRSTEnglish, and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.
Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.
Note: If the tool warned you about an outdated version please download and run the updated version.
NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.
NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed.
The following directories are emptied:
Windows Temp Users Temp folders Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin
Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.
The system will be rebooted after the fix has run.
Next,
Download Sophos Free Virus Removal Tool and save it to your desktop.
If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....
Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours...
Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View log file... (bottom left hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found please confirm that result....
The Virus Removal Tool scans the following areas of your computer: Memory, including system memory on 32-bit (x86) versions of Windows The Windows registry All local hard drives, fixed and removable Mapped network drives are not scanned.
Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.
Saved logs are found here: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs
Let me see those logs in your reply...
Thank you,
Kevin. fixlist.txt
-
kevinf80's post in GfxValDisplayLog.bin was marked as the answer
Hello halorax and welcome to Malwarebytes,
Upload a File to Virustotal
Go to http://www.virustotal.com/
Click the Choose file button Navigate to the file c:\windows\system32\GfxValDisplayLog.bin Click the Scan it tab If you get a message saying File has already been analyzed: click Reanalyze file now Copy and paste the URL address back here please. Repeat the above steps for the following files Thank you,
Kevin.
-
kevinf80's post in Windows Defenderfinds Trojan viruses but Malware Bytes does not? was marked as the answer
Hiya AWW7,
Thanks for the update, continue:
Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.
NOTE. It's important that both files, FRST or FRSTEnglish, and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.
Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.
Note: If the tool warned you about an outdated version please download and run the updated version.
NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.
NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed.
The following directories are emptied:
Windows Temp Users Temp folders Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin
Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.
The system will be rebooted after the fix has run.
Next,
Run quick scan with Microsoft's Safety Scanner again, post the produced log....
Thank you,
Kevin. fixlist.txt
-
kevinf80's post in Cloudnet / Epicnet reappearing every single time I restart was marked as the answer
Hiya lori,
Thanks for the logs and the information update, continue:
Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.
NOTE. It's important that both files, FRST or FRSTEnglish, and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.
Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.
Note: If the tool warned you about an outdated version please download and run the updated version.
NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.
NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed.
The following directories are emptied:
Windows Temp Users Temp folders Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin
Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.
The system will be rebooted after the fix has run.
Next,
Download "Microsoft's Safety Scanner" and save direct to the desktop
Ensure to get the correct version for your system....
https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download
Right click on the Tool, select Run as Administrator the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.
Retrieve the MSRT log as follows, and post it in your next reply:
1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:
notepad c:\windows\debug\msert.log
The log will include log details for each time MSRT has run, we only need the most recent log by date and time....
Let me see those logs in your reply...
Thank you,
Kevin. fixlist.txt
-
kevinf80's post in Svchost.exe accessing video folder. Is this a Malware or a bug? was marked as the answer
Hello ZacharyZstorm,
I do not see any obvious malware or infection in your logs. The issue that you mention is not malicious, the default setting for "Controlled Folder Access" is OFF. It would seem that your setting may actuall be ON. Try the following...
Select Start > Settings > Update & Security > Windows Security > Virus & threat protection. Under Virus & threat protection settings, select Manage settings. Under Controlled folder access, select Manage Controlled folder access. Switch the Controlled folder access setting to Off. Thank you,
Kevin
-
kevinf80's post in 1780 infections found by my AV Bitdefender was marked as the answer
Hiya DarkLord7736,
Thanks for the update and logs, continue:
Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.
NOTE. It's important that both files, FRST or FRSTEnglish, and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.
Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.
Note: If the tool warned you about an outdated version please download and run the updated version.
NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.
NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed.
The following directories are emptied:
Windows Temp Users Temp folders Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin
Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.
The system will be rebooted after the fix has run.
Next,
Download "Microsoft's Safety Scanner" and save direct to the desktop
Ensure to get the correct version for your system....
https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download
Thank you,
Kevin..
fixlist.txt
-
kevinf80's post in Discord Hijacked using an .exe was marked as the answer
Hello Holmgardr and welcome to Malwarebytes,
Has your Discord account been reset? have you uninstalled and reinstalled Discord?
Continue:
Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.
NOTE. It's important that both files, FRST or FRSTEnglish, and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.
Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.
Note: If the tool warned you about an outdated version please download and run the updated version.
NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.
NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed.
The following directories are emptied:
Windows Temp Users Temp folders Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin
Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.
The system will be rebooted after the fix has run.
Next,
Please download AdwCleaner by Malwarebytes and save the file to your Desktop. https://downloads.malwarebytes.com/file/adwcleaner Right-click on the program and select Run as Administrator to start the tool. Accept the Terms of use. Wait until the database is ?updated. Click Scan Now. When finished, please click Clean & Repair. Your PC should reboot now if any items were found. After reboot, a log file will be opened. Copy its content into your next reply. ?
Next,
Download "Microsoft's Safety Scanner" and save direct to the desktop
Ensure to get the correct version for your system....
https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download
Right click on the Tool, select Run as Administrator the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.
Retrieve the MSRT log as follows, and post it in your next reply:
1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:
notepad c:\windows\debug\msert.log
The log will include log details for each time MSRT has run, we only need the most recent log by date and time....
Let me see those logs in your reply...
Thank you,
Kevin. fixlist.txt
-
kevinf80's post in Win32/PitouJ infection was marked as the answer
Hello XMRig6 and welcome to Malwarebytes,
Disable smart screen ONLY if it interferes with software we may have to use:
https://support.microsoft.com/en-us/microsoft-edge/what-is-smartscreen-and-how-can-it-help-protect-me-1c9a874a-6826-be5e-45b1-67fa445a74c8
Please remember to enable when we are finished....
Next,
Disable any Anti-virus software you have installed ONLY if it stops software we may use from working:
https://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/
Please remember to enable AV software when we are finished running scans....
Next,
Lets grab some logs and see whats going on, continue with the following:
If you do not have Malwarebytes installed do the following:
Download Malwarebytes version 4 from the following link:
https://www.malwarebytes.com/mwb-download/thankyou/
Double click on the installer and follow the prompts.
When the install completes or Malwarebytes is already installed do the following:
Open Malwarebytes, select > small cog wheel top right hand corner, that will open "settings" from there select "Security" tab.
Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....
Close out the settings window, this will take you back to "DashBoard" select the Blue "Scan Now" tab......
When the scan completes quarantine any found entries...
To get the log from Malwarebytes do the following:
Open Malwarebytes Click on the Detection History tab > from main interface. Then click on "History" that will open to a historical list Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options:
Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
Please use "Text file (*.txt), then name the file and save to a place of choice, recommend "Desktop" then attach to reply
Next,
Download AdwCleaner by Malwarebytes onto your Desktop.
Or from this Mirror
Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply
Next,
Download Farbar Recovery Scan Tool and save it to your desktop.
Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...
Be aware FRST must be run from an account with Administrator status... If English is not your primary language Right click on FRST/FRST64 and rename FRSTEnglish/FRST64English
Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans"
Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply.
Let me see those logs in your reply...
Thank you,
Kevin.... -
kevinf80's post in Mask VPN and WiFi blocked was marked as the answer
Hiya bojingles,
FRST update will make no difference in your situation, continue:
Please download the attached fixlist.txt file and save it to USB, transfer to the Desktop or location where you ran FRST from on sick PC.
NOTE. It's important that both files, FRST or FRSTEnglish, and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.
Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.
Note: If the tool warned you about an outdated version please download and run the updated version.
NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.
NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed.
The following directories are emptied:
Windows Temp Users Temp folders Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin
Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.
The system will be rebooted after the fix has run. Let the PC boot to normal mode, can you no conncet to WIFI..?
Thank you,
Kevin
fixlist.txt
-
kevinf80's post in Escalated privilege file operation daemon was marked as the answer
Hiya RedLightPumpkin,
Thanks for those logs, continue:
Set windows up for "Clean Boot" mode, full instructions here: https://support.microsoft.com/en-gb/kb/929135
Basically all none MS services are disabled, reboot to that mode. Shutdown from clean boot and see if the issue clears... Thank you, Kevin -
kevinf80's post in Malware from Chrome Extension Suspected - Long Custom Scan was marked as the answer
Hiya mikerf,
Thanks for thos logs, continue:
Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.
NOTE. It's important that both files, FRST or FRSTEnglish, and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.
Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.
Note: If the tool warned you about an outdated version please download and run the updated version.
NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.
NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed.
The following directories are emptied:
Windows Temp Users Temp folders Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin
Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.
The system will be rebooted after the fix has run.
Next,
Download Sophos Free Virus Removal Tool and save it to your desktop.
If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....
Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours...
Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View log file... (bottom left hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found please confirm that result....
The Virus Removal Tool scans the following areas of your computer: Memory, including system memory on 32-bit (x86) versions of Windows The Windows registry All local hard drives, fixed and removable Mapped network drives are not scanned.
Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.
Saved logs are found here: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs
Let me see those logs in your reply...
Thank you,
Kevin. fixlist.txt
-
kevinf80's post in I have allowed threats that I cannot remove (on Windows Defender) was marked as the answer
Hiya Javierb,
Thanks for those logs, continue:
Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.
NOTE. It's important that both files, FRST or FRSTEnglish, and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.
Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.
Note: If the tool warned you about an outdated version please download and run the updated version.
NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.
NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed.
The following directories are emptied:
Windows Temp Users Temp folders Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin
Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.
The system will be rebooted after the fix has run.
Next,
Download Sophos Free Virus Removal Tool and save it to your desktop.
If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....
Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours...
Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View log file... (bottom left hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found please confirm that result....
The Virus Removal Tool scans the following areas of your computer: Memory, including system memory on 32-bit (x86) versions of Windows The Windows registry All local hard drives, fixed and removable Mapped network drives are not scanned.
Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.
Saved logs are found here: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs
Let me see those logs in your reply...
Thank you,
Kevin. fixlist.txt
-
kevinf80's post in I have allowed threats that I cannot remove (on Windows Defender) was marked as the answer
Hiya Javierb,
Thanks for those log, how is your system responding now, any remaining issues or concerns..?
Thank you,
Kevin.
-
kevinf80's post in Roaminggpuextre generating in app data and cmd flashing was marked as the answer
Hello swager5199 and welcome to Malwarebytes,
Continue with the following:
Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.
NOTE. It's important that both files, FRST or FRSTEnglish, and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.
Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.
Note: If the tool warned you about an outdated version please download and run the updated version.
NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.
NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed.
The following directories are emptied:
Windows Temp Users Temp folders Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin
Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.
The system will be rebooted after the fix has run.
Next,
Download Malwarebytes version 4 from the following link:
https://www.malwarebytes.com/mwb-download/thankyou/
Double click on the installer and follow the prompts.
When the install completes or Malwarebytes is already installed do the following:
Open Malwarebytes, select > small cog wheel top right hand corner, that will open "settings" from there select "Security" tab.
Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....
Close out the settings window, this will take you back to "DashBoard" select the Blue "Scan Now" tab......
When the scan completes quarantine any found entries...
To get the log from Malwarebytes do the following:
Open Malwarebytes Click on the Detection History tab > from main interface. Then click on "History" that will open to a historical list Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options:
Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
Please use "Text file (*.txt), then name the file and save to a place of choice, recommend "Desktop" then attach to reply
Next,
Download AdwCleaner by Malwarebytes onto your Desktop.
Or from this Mirror
Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply
Next,
Download "Microsoft's Safety Scanner" and save direct to the desktop
Ensure to get the correct version for your system....
https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download
Right click on the Tool, select Run as Administrator the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.
Retrieve the MSRT log as follows, and post it in your next reply:
1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:
notepad c:\windows\debug\msert.log
The log will include log details for each time MSRT has run, we only need the most recent log by date and time.... fixlist.txt