Jump to content

198.105.244.114,spoolsv & svhost

rg163

By rg163
in Resolved Malware Removal Logs

 Share

Recommended Posts

  • Replies 56
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.

If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer

How to reset Internet Explorer settings

Firefox

Click on Help / Troubleshooting Information then click on the Reset Firefox button.

Chrome

Start by disabling Sync

How To Delete Your Google Chrome Browser Sync Data

Chrome - Reset browser settings

If that fails then Uninstall Google Chrome and do not reinstall until sure the system is clean.

Link to post
Share on other sites
rg163

rg163

Posted
  • Author
Posted

Done as you suggested.

Don't have google crome but used to have Opera. It was uninstalled a while back.

 

About the three scannes I did (JavaRa, TFC and Combofix) MWB stopped recording the Protection Log.

In fact it is now blank for the day. Am still getting the same " malicious website blocked" popup.

 

This is getting discourging.  Maybe there is no fix?

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

STEP 1

 

Please download MiniToolBox save it to your desktop and run it.

Checkmark the following check-boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using Reset FF Proxy Settings option Firefox should be closed.
 

 

 

 

STEP 2

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

 

fixlist.txt

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

The logs indicate that many services crashed on 9/14/2015  Not sure if you ran some tool then or if it's an ongoing issue. It also shows your VSS (Volume Shadow Copy Service) is having issues with one of the writers.

The disk may be having issues so let's do a full disk check please.

 

Click on START and type in CMD.EXE and when it shows on the menu right click and choose "Run as administrator" and type the following.

 

CHKDSK   C:   /R

 

Then it will say it cannot lock the drive. Press the Y key to say yes to allow it to run on reboot. Then press the Enter key, then restart the computer and let the disk check run.

 

Once that's done then run a new FRST scan and make sure you place a check mark in the Additions.txt check box and post back both new logs.

 

 

 

 

Error: (09/14/2015 01:18:04 PM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%997

Error: (09/14/2015 01:18:04 PM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%997

Error: (09/14/2015 01:18:04 PM) (Source: PNRPSvc) (User: )
Description: 0x800703e5

Error: (09/14/2015 12:05:52 AM) (Source: Service Control Manager) (User: )
Description: The MBAMScheduler service terminated unexpectedly.  It has done this 2 time(s).

Error: (09/14/2015 12:05:52 AM) (Source: Service Control Manager) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 2 time(s).

Error: (09/14/2015 12:05:51 AM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (09/14/2015 12:05:51 AM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Link to post
Share on other sites
rg163

rg163

Posted
  • Author
Posted

The logs indicate that many services crashed on 9/14/2015  Not sure if you ran some tool then or if it's an ongoing issue. It also shows your VSS (Volume Shadow Copy Service) is having issues with one of the writers.

I belive that happened after I Ran JavaRa and or TFC.

 

The popups have slowed way down since yesterdays ops. Every couple of hrs. now. When they do popup it is still 8-12/minute.

 

Ran CHKDSK

 

Here are the FRST Logs.

FRST Log 9_16.txt

Addition Log 9_16.txt

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

For temporary testing purposes can you uninstall your AVG Internet Security 2015 software (if using a paid version make sure you have your  license information) Then install Microsoft Security Essentials for now so that you have do have an antivirus while we continue to look at this.

 

http://windows.microsoft.com/en-us/windows/security-essentials-download

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Please follow the commands here to reset the Network stack on the computer.

https://support.microsoft.com/en-us/kb/299357

 

Then go here and set your DNS Server to the Google Public DNS server entries.

 

https://developers.google.com/speed/public-dns/docs/using?hl=en

 

Then restart the computer

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.