Jump to content

Recommended Posts

Malwarebytes is blocking the website below.   I cannot delete the file, properties description is Microsoft(C) Register Server.  This happens with all browsers and even when not using a browser. How do I remove this?

Domain: n65adserv.com

Outbound

IP: 74.117.177.139

Process: c:\Windows\sysWOW64\regserv32.exe

Link to post
Share on other sites

Hello Rich54 and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Change the download folder setting in the Default Browser only. so all of the tools we may use are saved to the Desktop:

user posted imageGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. user posted image
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

user posted imageMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. user posted image Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

user posted imageInternet Explorer - Click the Tools menu in the upper right-corner of the browser. user posted image Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

user posted imageChange default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....

Next,

Follow the instructions in the following link to show hidden files:

http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs...

Thank you,

Kevin..
Link to post
Share on other sites

Hello Rich54 and welcome to Malwarebytes,

Do not see any evidence of Malware or infection in your logs. There is however evidence of a possible failing hard drive....

Quote

Error: (05/23/2017 10:20:35 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (05/23/2017 10:20:33 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (05/23/2017 10:20:29 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (05/23/2017 10:20:27 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (05/23/2017 10:20:19 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (05/23/2017 10:20:17 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (05/23/2017 10:18:21 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (05/23/2017 10:18:19 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

There are also many minidump files indicating several system crashes..... Can you zip up and attach the following folder:

C:\Windows\minidump

Go to this link for information how to check the problem HDD... https://www.sysnative.com/forums/hardware-tutorials/4072-hard-drive-hdd-diagnostics-ssd-test.html

Thank you,

Kevin...

Link to post
Share on other sites

I was having trouble with system restarts for a long time when I found that I only had 2G of memory.  This was causing the HDD to load and unload programs from what memory I had.  I have upgraded to 8G and this improved the system performance. no more crashes.

I don't have a zip program to send the minidump folder and I will check the HDD per the link.

Thanks

Link to post
Share on other sites

When I try to burn the SeaTools ISO to my CD-R drive with ImgBurn I get "no writers detected" for the destination.  My DVD drive will read a disk but will not detect a blank disk when I put one in. I found this out when I tried to make a set of recovery disks.  All of the software to reinstall windows 7 is on the HDD under another partition.  Looks like I will have to wait for the drive to fail and replace the machine.

Link to post
Share on other sites

Hiya Rich54,

Give the following a try :-

Click on Start > All Programs > Accessories:

Right-click on the Command Prompt entry

Select "Run as Administrator" accept the UAC prompt - the Elevated Command Prompt window should pop up.

At the Command prompt, type

CHKDSK C: /R

hit the Enter key.

You will get a message that the drive cannot be locked, but that the command can be scheduled to run at the next boot - hit the Y key, press Enter, and then reboot.

The CHKDSK may take a few hours depending on the size of the drive, so be patient!

After the CHKDSK has run use the following instructions to find the log:

Check Disk report:

  • Press the WindowsKey + R on your keyboard at the same time. Type eventvwr into the run box and click OK.
  • In the left panel, expand Windows Logs and then click on Application.
  • Now, on the right side, click on Filter Current Log.
  • Under Event Sources, check only Wininit and click OK.
  • You mayl be presented with one or multiple Wininit logs.
  • Click on an entry corresponding to the date and time of the disk check.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.

 

Link to post
Share on other sites

I ran the " CHKDSK C: /R " twice and each time there were no wininit logs listed in the event viewer.

When running the scan I got the message "Scanning and repairing drive(c:): #%. The # would start a 1 and only go to 11 and stop counting, after about 1.5 hours it would say 100% complete.

Link to post
Share on other sites

I was able to get the log file this time using the above link:

Log Name:      Application
Source:        Chkdsk
Date:          5/28/2017 11:11:27 AM
Event ID:      26228
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      Richard-HP
Description:
Chkdsk was executed in verify mode on a volume snapshot.  

Checking file system on \Device\HarddiskVolume2
Insufficient storage available to create either the shadow copy storage file or other shadow copy data.

A snapshot error occured while scanning this drive. Run an offline scan and fix.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Chkdsk" />
    <EventID Qualifiers="0">26228</EventID>
    <Level>4</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2017-05-28T16:11:27.280598500Z" />
    <EventRecordID>47241</EventRecordID>
    <Channel>Application</Channel>
    <Computer>Richard-HP</Computer>
    <Security />
  </System>
  <EventData>
    <Data>

Checking file system on \Device\HarddiskVolume2
Insufficient storage available to create either the shadow copy storage file or other shadow copy data.

A snapshot error occured while scanning this drive. Run an offline scan and fix.
</Data>
  </EventData>
</Event>

Link to post
Share on other sites

I ran chkdsk c:  attached is the report:

Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          5/30/2017 8:33:16 PM
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      Richard-HP
Description:


Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.


A disk check has been scheduled.
Windows will now check the disk.                         

Stage 1: Examining basic file system structure ...
  503808 file records processed.                                                        

File verification completed.
  23050 large file records processed.                                   

  0 bad file records processed.                                     


Stage 2: Examining file name linkage ...
  621788 index entries processed.                                                       

Index verification completed.
  0 unindexed files scanned.                                        

  0 unindexed files recovered to lost and found.                    


Stage 3: Examining security descriptors ...
Cleaning up 14 unused index entries from index $SII of file 0x9.
Cleaning up 14 unused index entries from index $SDH of file 0x9.
Cleaning up 14 unused security descriptors.
Security descriptor verification completed.
  58991 data files processed.                                           

CHKDSK is verifying Usn Journal...
  40772008 USN bytes processed.                                                           

Usn Journal verification completed.

Windows has scanned the file system and found no problems.
No further action is required.

 473232383 KB total disk space.
 100369028 KB in 330242 files.
    216572 KB in 58992 indexes.
         4 KB in bad sectors.
    629463 KB in use by the system.
     65536 KB occupied by the log file.
 372017316 KB available on disk.

      4096 bytes in each allocation unit.
 118308095 total allocation units on disk.
  93004329 allocation units available on disk.

Internal Info:
00 b0 07 00 93 ef 05 00 ec 6e 0b 00 00 00 00 00  .........n......
b6 17 00 00 4c 00 00 00 00 00 00 00 00 00 00 00  ....L...........

Windows has finished checking your disk.
Please wait while your computer restarts.

 

Link to post
Share on other sites

I also ran sfc/scannow and this was the report:

Windows Resource Protection found corrupt files but was unable to fix some
of them. Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For
example C:\Windows\Logs\CBS\CBS.log. Note that logging is currently not
supported in offline servicing scenarios.

Link to post
Share on other sites

I joined in this discussion thread a few days ago because I was getting the same problem.I tried following kevin80's instructions but when I ran the disk report it was coming up with nothing to report, i.e. 0.  I have looked at furhtre comments but it is all getting far too technical for my abilities so I will opt out from now on.  Hopefully the problem will get sorted or I will see an easier way to solve it.  Thanks for the suggestions and including me.

Link to post
Share on other sites

After I ran RogueKiller and AdwCleaner  I have not see any more outbound IPs blocked by Malwarebytes.  The new memory corrected the slow performance and restarting issues.  I may need to start fresh with a clean install of windows 10 at a latter point in time if I need to burn a CD disk.

Link to post
Share on other sites

Thanks for the update Rich54, unless there are any remaining concerns run the following to clean up:

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools <----- this will remove tools we have used.
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.