Jump to content

schrauber

Member
  • Posts

    2185
  • Joined

  • Last visited

  • Days Won

    15

Everything posted by schrauber

  1. Hi, we have removed a lot of malware entries with the last fix, now we can go forward to remove the rest with a special tool. Next, download ComboFix Save to the Desktop Now, close all open windows Double-click combofix.exe to run the program Follow the prompts. If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted. When told that the RC is installed correctly, press YES to continue scanning for malware. ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall. CF may reboot the computer and resume running when it restarts. When finished, a log, ComboFix.txt, is produced. Please provide the contents of the ComboFix report in your reply.
  2. Hi, Please download TFC by Old Timer and save it to your desktop. alternate download link Save any unsaved work. TFC will close ALL open programs including your browser! Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator. Click the Start button to begin the cleaning process and let it run uninterrupted to completion. Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean. TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB). Before running, it will stop Explorer and all other running apps. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC. Please save the content of the codebox below into notepad as fixlist.txt to your desktop: HKU\Administrator\...\RunOnce: [DefUserRunOnceSettings] "c:\windows\system32\wscript.exe c:\windows\custmenu\runonce_settings.vbs" [399 2010-11-26] () HKU\Administrator\...\RunOnce: [DeleteIE864BitIcon] c:\windows\deleteie64biticon.bat [x] HKU\Default\...\RunOnce: [DefUserRunOnceSettings] "c:\windows\system32\wscript.exe c:\windows\custmenu\runonce_settings.vbs" [399 2010-11-26] () HKU\Default\...\RunOnce: [DeleteIE864BitIcon] c:\windows\deleteie64biticon.bat [x] HKU\Default User\...\RunOnce: [DefUserRunOnceSettings] "c:\windows\system32\wscript.exe c:\windows\custmenu\runonce_settings.vbs" [399 2010-11-26] () HKU\Default User\...\RunOnce: [DeleteIE864BitIcon] c:\windows\deleteie64biticon.bat [x] 2013-06-13 03:39 - 2013-06-13 03:39 - 00000000 ____A C:\ProgramData\l91eje.dat 2013-06-13 00:06 - 2013-06-13 00:06 - 00000000 ____A C:\ProgramData\niewqe8.dat 2013-06-12 22:49 - 2013-06-13 07:46 - 95023320 ___AT C:\ProgramData\v89ir.pad 2013-06-12 22:49 - 2013-06-12 22:49 - 00000151 ____A C:\ProgramData\v89ir.reg 2013-06-12 22:49 - 2013-06-12 22:49 - 00000056 ____A C:\ProgramData\v89ir.bat 2013-06-12 22:49 - 2013-06-12 22:49 - 00000000 ____A C:\ProgramData\kjhy64.txt C:\ProgramData\l91eje.dat C:\ProgramData\niewqe8.dat C:\ProgramData\ntuser.dat C:\ProgramData\v89ir.bat C:\ProgramData\v89ir.pad C:\ProgramData\v89ir.regPlease open FRST and hit the Fix button, attach the Fixlog.txt to your next reply, along with a fresh FRST Scanlogfile and a Logfile from a fresh scan with Emsisoft Antimalware.
  3. Hello, iriane Welcome to the Emsisoft Support Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems. Please take note of some guidelines for this fix: Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken. Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post. Please set your system to show all files. Click Start, open My Computer, select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders. Uncheck: Hide file extensions for known file types Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to the Desktop. For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to Desktop. Just run the tool and click Scan, it will produce 2 logfiles on the desktop. Please attach them in your next reply.
  4. Hi, please open AdwCleaner and hit Uninstall. Please run OTL one more time and hit Cleanup. This will remove OTL and all helper tools. Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it Clean Hiding Hidden Files Please set your system to hide all hidden files. Click Start, open My Computer, select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading, uncheck Show hidden files and folders. Check: Hide file extensions for known file types Check the Hide protected operating system files (recommended) option. Click Yes to confirm. Purging System Restore Points Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. The easiest and safest way to do this is: Go to Start > Programs > Accessories > System Tools and click "System Restore". Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore. Then go to Start > Run and type: Cleanmgr Click "OK". Click the "More Options" Tab. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one. One of the most common questions found when cleaning Spyware or other Malware is "how did my machine get infected?". There are a variety of reasons, but the most common ones are that you are going to sites that you are not practicing Safe Internet, you are not running the proper security software, and that your computer's security settings are set too low. Below I have outlined a series of categories that outline how you can increase the security of your computer so that you will not be infected again in the future. Practice Safe Internet One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will. Below are a list of simple precautions to take to keep your computer clean and running securely: If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer. If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type. If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know infected with a malware that is trying to infect everyone in their address book. If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. For a list of these types of programs we recommend you visit this link: Rogue/Suspect Anti-Spyware Products & Web Sites Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you. We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake. Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do. When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it. Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections. Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site. DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software. Visit Microsoft's Windows Update Site Frequently It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  5. Run OTL Under the Custom Scans/Fixes box at the bottom, paste in the following:OTL IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2453}: "URL" = http://search.fantastigames.com/web?src=ieb&appid=103&systemid=453&sr=0&q={searchTerms} CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Raybury\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbkceikmmebhmgcjiemejoaeholbnnjl\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\Raybury\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbkceikmmebhmgcjiemejoaeholbnnjl\10.11.21.5_0\plugins/np-cwmp.dll O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O18:64bit: - Protocol\Handler\cozi - No CLSID value found O18:64bit: - Protocol\Handler\intu-help-qb5 - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\qbwc - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found :Commands [emptytemp] Then click the Run Fix button at the top Let the program run unhindered, when done it will say "Fix Complete press ok to open the log" Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. ================================Follow up scan=================================Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Under the Standard Registry box change it to All. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.
  6. Good, let's run an Onlinescan, then we will remove all leftovers in one shot. I'd like us to scan your machine with ESET OnlineScan Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan Click the button. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on to download the ESET Smart Installer. Save it to your desktop. Double click on the icon on your desktop. [*]Check [*]Click the button. [*]Accept any security warnings from your browser. [*]Check [*]Push the Start button. [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. [*]When the scan completes, push [*]Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. [*]Push the button. [*]Push A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
  7. Hello, GRayburn Welcome to the Emsisoft Support Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems. Please take note of some guidelines for this fix: Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken. Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post. Please set your system to show all files. Click Start, open My Computer, select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders. Uncheck: Hide file extensions for known file types Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Please download AdwCleaner by Xplode onto your desktop.Double click on AdwCleaner.exe to run the tool. Click on Delete. A logfile will automatically open after the scan has finished. Please post the contents of that logfile with your next reply. You can find the logfile at C:\AdwCleaner[s1].txt as well. Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message. Please attach both logfiles, along with a fresh OTL logfile.
  8. Hello, lostinphase Welcome to the Emsisoft Support Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems. Please take note of some guidelines for this fix: Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken. Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post. Please set your system to show all files. Click Start, open My Computer, select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders. Uncheck: Hide file extensions for known file types Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Please download AdwCleaner by Xplode onto your desktop.Double click on AdwCleaner.exe to run the tool. Click on Search. A logfile will automatically open after the scan has finished. Please post the contents of that logfile with your next reply. You can find the logfile at C:\AdwCleaner[R1].txt as well. Close all open programs and internet browsers. Double click on adwcleaner.exe to run the tool. Click on Delete. Confirm each time with Ok. You will be prompted to restart your computer. A text file will open after the restart. Please post the contents of that logfile with your next reply. You can find the logfile at C:\AdwCleaner[s1].txt as well. Next, download ComboFix Save to the DesktopNow, close all open windows Double-click combofix.exe to run the program Follow the prompts. If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted. When told that the RC is installed correctly, press YES to continue scanning for malware. ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall. CF may reboot the computer and resume running when it restarts. When finished, a log, ComboFix.txt, is produced. Please provide the contents of the ComboFix report in your reply. Please attach all logfiles in your next reply.
  9. Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread. Everyone else please begin a New Topic.
  10. Looks pretty good Please open AdwCleaner and hit Uninstall. Delete ComboFix and Clean Up Click Start > Run > type combofix /Uninstall > OK (Note the space between combofix and /Uninstall) Please advise if this step is missed for any reason as it performs some important actions. Please run OTL one more time and hit Cleanup. This will remove OTL and all helper tools. Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it Clean Hiding Hidden Files Please set your system to hide all hidden files. Click Start, open My Computer, select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading, uncheck Show hidden files and folders. Check: Hide file extensions for known file types Check the Hide protected operating system files (recommended) option. Click Yes to confirm. Purging System Restore Points Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. The easiest and safest way to do this is: Go to Start > Programs > Accessories > System Tools and click "System Restore". Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore. Then go to Start > Run and type: Cleanmgr Click "OK". Click the "More Options" Tab. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one. One of the most common questions found when cleaning Spyware or other Malware is "how did my machine get infected?". There are a variety of reasons, but the most common ones are that you are going to sites that you are not practicing Safe Internet, you are not running the proper security software, and that your computer's security settings are set too low. Below I have outlined a series of categories that outline how you can increase the security of your computer so that you will not be infected again in the future. Practice Safe Internet One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will. Below are a list of simple precautions to take to keep your computer clean and running securely: If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer. If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type. If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know infected with a malware that is trying to infect everyone in their address book. If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. For a list of these types of programs we recommend you visit this link: Rogue/Suspect Anti-Spyware Products & Web Sites Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you. We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake. Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do. When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it. Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections. Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site. DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software. Visit Microsoft's Windows Update Site Frequently It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  11. Please check repair important windows services, the rest can stay unchecked.
  12. Please press windows-key+R and type appwiz.cpl and hit enter. Now please uninstall Java 6 Update 29, it is outdated. If you need Java, please install the new version 7 Update 17. Also please uninstall and reinstall Firefox completely, don't keep any data if you get asked to. Download Windows Repair (all in one) from this site Install the program then run it. Go to Step 2 and allow it to run CheckDisk by clicking on Do It button: Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button: Go to Step 4 and under "System Restore" click on Create button: Go to Start Repairs tab and click Start button. Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default): Click on box next to the Restart System when Finished. Then click on Start. Finally, please attach a fresh OTL logfile and tell me how the system is running.
  13. Hi, no need for the other Logfile. Looks much better, some adware-remnants, we will remove them now. Then we run an onlinescan to look for some leftovers and remove them in one shot. Please download AdwCleaner by Xplode onto your desktop. Double click on AdwCleaner.exe to run the tool. Click on Search. A logfile will automatically open after the scan has finished. Please post the contents of that logfile with your next reply. You can find the logfile at C:\AdwCleaner[R1].txt as well.Close all open programs and internet browsers. Double click on adwcleaner.exe to run the tool. Click on Delete. Confirm each time with Ok. You will be prompted to restart your computer. A text file will open after the restart. Please post the contents of that logfile with your next reply. You can find the logfile at C:\AdwCleaner[s1].txt as well. I'd like us to scan your machine with ESET OnlineScanHold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan Click the button. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on to download the ESET Smart Installer. Save it to your desktop. Double click on the icon on your desktop. Check Click the button. Accept any security warnings from your browser. Check Push the Start button. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. When the scan completes, push Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. Push the button. Push A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt Please attach all logfiles. Also please attach a fresh OTL logfile.
  14. Hi, just reboot the system. The error message should go away. Please delete your copy of Combofix and download a fresh one, let it run and attach the logfile. When you get the error again after running Combofix, just reboot before attaching the logfile .
  15. Good Next, download ComboFix Save to the Desktop Now, close all open windows Double-click combofix.exe to run the program Follow the prompts. If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted. When told that the RC is installed correctly, press YES to continue scanning for malware. ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall. CF may reboot the computer and resume running when it restarts. When finished, a log, ComboFix.txt, is produced. Please attach the contents of the ComboFix report in your reply.
  16. Please download the attached fixlist.txt and save it on the flashdrive as fixlist.txt NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system On Vista or Windows 7: Now please enter System Recovery Options. On Windows XP: Now please boot into the BartPE CD. Run FRST64 and press the Fix button just once and wait. The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply. Now please try to reboot normally. If it works, then please follow these instructions and attach the requested logfiles. http://support.emsisoft.com/forum-6/announcement-2-start-here-if-you-dont-we-are-just-going-to-send-you-back-to-this-thread/
  17. For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive. For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive. Plug the flashdrive into the infected PC. Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options: Restart the computer. As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears. Use the arrow keys to select the Repair your computer menu item. Select US as the keyboard language settings, and then click Next. Select the operating system you want to repair, and then click Next. Select your user account an click Next. To enter System Recovery Options by using Windows installation disc: Insert the installation disc. Restart your computer. If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings. Click Repair your computer. Select US as the keyboard language settings, and then click Next. Select the operating system you want to repair, and then click Next. Select your user account and click Next. On the System Recovery Options menu you will get the following options: Startup Repair System Restore Windows Complete PC Restore Windows Memory Diagnostic Tool Command Prompt Select Command Prompt In the command window type in notepad and press Enter. The notepad opens. Under File menu select Open. Select "Computer" and find your flash drive letter and close the notepad. In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter Note: Replace letter e with the drive letter of your flash drive. The tool will start to run. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) on the flash drive. Please attach it to your reply.
  18. Hello, Paul1 Welcome to the Emsisoft Support Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems. What kind of windows version do you use? XP, Vista, 7, 8? 32 or 64Bit?
  19. Please run OTL one more time and hit Cleanup. This will remove OTL and all helper tools. Finished
  20. Please read the line above the instructions to run ESET again Because I think that this alert is a false positive.
  21. What came back clean? Emergency Kit? What about the onlinescan?
×
×
  • Create New...