Jump to content

Recommended Posts

recently, my somehow the registrtation file for my spyware program vanished, again. so i ran rkill and it said im infected by iprip. i have attached the log file for and frst64. please help

Addition.txt

FRST.txt

Share this post


Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If the computer boots normally please run the Farbar program one more time and post fresh FRST.TXT and Addition.txt logs for my review.
To create a fresh Addition.txt log make sure that the box to create it is checked.

Let me know what problem persists.

fixlist.txt

Share this post


Link to post
Share on other sites

Hi,

--RogueKiller--

  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED  
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.


=======

Lets see what we can find in the Registry.

Run the Farbar program .exe as an Administrator.

In the Search text area, copy and paste the following:
IPRIP
Once done, click on the Search Registry button and wait for FRST to finish the search
On completion, a log will open in Notepad. Copy and paste its content in your next reply
====

Share this post


Link to post
Share on other sites

Hi,

Run the RogueKiller and clean these.

>>>>>> XX - Software


  [PUP.Gen1 (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-1892267450-668416662-850281465-1009\Software\IM -- N/A -> Found
  [PUP.Gen1 (Potentially Malicious)] (X86) HKEY_USERS\S-1-5-21-1892267450-668416662-850281465-1009\Software\IM -- N/A -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.Gen1 (Potentially Malicious)] (folder) simplitec -- C:\ProgramData\simplitec -> Found

===

Please run this.

Lets see what we can find in the Registry.

Run the Farbar program .exe as an Administrator.

In the Search text area, copy and paste the following:
IPRIP
Once done, click on the Search Registry button and wait for FRST to finish the search
On completion, a log will open in Notepad. Copy and paste its content in your next reply

Share this post


Link to post
Share on other sites

Hi,

This could be a Syncing issue if you are Syncing Chrome with other devices?
To remove it you will have to reset the Sync in Chrome.

Read this article and proceed.

Chrome Secure Preferences detection always comes back
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/
<<<>>>

Run the RogueKiller and delete all items reported.

Restart the computer normally.

How is it now?

Share this post


Link to post
Share on other sites

It is still bad. i have been running SUPERantispyware for years as ive had a lifetime subscription, and in the last 2 months, somehow the registration keeps vanishing. My google chrome is actually having sync issues, im seeing process and services, that are unfamiliar, constant boot up issues. i was able to fix these issues abt 2-3 months ago thru help from here, and now they are occuring again. my wifi also keeps having issues as well. But until im able to figure out my superantispyware issue, i dont want to do a reset on my system

Share this post


Link to post
Share on other sites


Hi,

This IP address is from North America
https://www.ip-tracker.org/locator/ip-lookup.php?ip=204.186.110.76

This one is from Germany 
https://www.ip-tracker.org/locator/ip-lookup.php?ip=84.200.69.80

Which one is your provider?

Please boot your Computer to Normal mode and provide a fresh FRST.TXT log for my review.

You presently have Kaspersky running.
At the moment I do not thins that your need to run SUPERantispyware for now. 
Disable and will take it from there.

===

Previously asked

Please run this.

Lets see what we can find in the Registry.

Run the Farbar program .exe as an Administrator.

In the Search text area, copy and paste the following:
IPRIP
Once done, click on the Search Registry button and wait for FRST to finish the search
On completion, a log will open in Notepad. Copy and paste its content in your next reply

Also let me know if you have removed the Sync on Chrome, post No. 8.

Share this post


Link to post
Share on other sites

i have disabled superanti spyware. boot issues are fixed tho, my bios made me pick between which hd to display. i have also included a hijackthis log and a startup log from hijackthis. hope they help. also im not too sure about the sync issues. it seemed ok till abt the last hour or so. AND IM ALSO HAVING ISSUES WITH MY SYSTEM LOCKING UP. as for the dns, ive been using the second one. im not too sure what my providers actual dns servers are

Addition.txt

FRST.txt

startuplist.txt

hijackthis.log

SearchReg.txt

Share this post


Link to post
Share on other sites

Hi.

ive been using the second one. im not too sure what my providers actual dns servers are

Are you located in the US or in Europe?

Who is your internet provider?

Call them and find out which is correct.

I'm not going to suggest a fix unless I know this information.

Share this post


Link to post
Share on other sites

im in the us. and the actual dns serRkill.txtvers of my isp provider are 207.172.3.20 and 207.172.11.44. my service provider is rcn . i also just ran another instance of rkill and this came up. check out the log

Share this post


Link to post
Share on other sites

Hi,

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

This fix will reset the IP's.

Hope it works.

Let me know.

fixlist.txt

Share this post


Link to post
Share on other sites

Hi,

Place the fixlist.txt that you have downloaded and save/move it to the folder in bold.

Running from C:\Users\jkoll\Desktop\Cleaners

Then run the Farbar program and click the fix button.

The log Fixlog.txt will  be created.

Post if for my review.

How it the computer running now?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.