Kevin Zoll

Emsisoft Employee
  • Content count

    17766
  • Joined

  • Last visited

  • Days Won

    155

Kevin Zoll last won the day on June 28

Kevin Zoll had the most liked content!

Community Reputation

272 Excellent

7 Followers

About Kevin Zoll

  • Rank
    Malware Removal Support
  • Birthday 12/04/60

Contact Methods

  • Website URL
    http://www.malwareteks.com/

Profile Information

  • Gender
    Male
  • Location
    Depauville, NY, USA
  • Interests
    Computer Security, Malware Research, Malware Removal, Computer Programming, Website Design

Recent Profile Visitors

159543 profile views
  1. August 9th and I've been attacked

    Thread Closed Reason: Lack of Response PM either Kevin, Elise, or Arthur to have this thread reopened. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread.
  2. "HxTsr.exe"

    Thread Closed Reason: Resolved The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread.
  3. probably a new malware

    Thread Closed Reason: Lack of Response PM either Kevin, Elise, or Arthur to have this thread reopened. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread.
  4. Dobrilo

    Thread Closed Reason: Lack of Response PM either Kevin, Elise, or Arthur to have this thread reopened. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread.
  5. August 9th and I've been attacked

    Copy the below code to Notepad; Save As fixlist.txt to your Desktop. (PC Drivers HeadQuarters LP) C:\Program Files\Driver Support\svc\DriverSupportAOsvc.exe (PC Drivers HeadQuarters LP) C:\Program Files\Driver Support\svc\DriverSupportAO.exe (PC Drivers Headquarters LP) C:\Program Files\Driver Support\DriverSupport.exe (Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.EXE HKLM\...\Run: [ApnTBMon] => "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" HKU\S-1-5-21-6082561-254202236-1922501081-1006\...\Run: [DriverUpdate] => "C:\Program Files\DriverUpdate\DriverUpdate.exe" -boot Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-08-17] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe (McAfee, Inc.) FF Homepage: C:\Documents and Settings\Maureen\Application Data\Mozilla\Firefox\Profiles\u8aaj7rr.default -> hxxp://search.hmyquickconverter.com?uid=e1f76fc8-e758-4283-8dae-65fdcd54d006&uc=20170814&ap=appfocus1&source=ntm-d&page=homepage&implementation_id=converter_4.1.3 FF Extension: (Converter) - C:\Documents and Settings\Maureen\Application Data\Mozilla\Firefox\Profiles\u8aaj7rr.default\Extensions\@Converter.xpi [2017-08-10] FF Extension: (Yahoo! Toolbar) - C:\Documents and Settings\Maureen\Application Data\Mozilla\Firefox\Profiles\u8aaj7rr.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2015-03-06] [not signed] FF HKU\S-1-5-21-6082561-254202236-1922501081-1006\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\Documents and Settings\All Users\Application Data\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: (McAfee Security Scan Plus) - C:\Documents and Settings\All Users\Application Data\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [not signed] R2 DSAO; C:\Program Files\driver support\svc\DriverSupportAOsvc.exe [2033104 2016-10-22] (PC Drivers HeadQuarters LP) S4 LMIRfsClientNP; no ImagePath S3 NvtSp50; System32\Drivers\NvtSp50.sys [X] U1 WS2IFSL; no ImagePath 2017-09-06 15:48 - 2016-09-19 11:00 - 000000000 ____D C:\Documents and Settings\Maureen\Local Settings\Application Data\c0b6cc 2017-09-06 15:48 - 2016-09-19 11:00 - 000000000 ____D C:\Documents and Settings\Maureen\Application Data\e06dc7 2017-08-16 13:26 - 2016-09-19 11:10 - 000000000 ____D C:\Documents and Settings\Maureen\Local Settings\Application Data\YWCPack 2017-08-16 13:26 - 2016-09-19 11:00 - 000000000 ____D C:\Documents and Settings\Maureen\Local Settings\Application Data\Uzpwmedia 2017-08-10 15:54 - 2017-08-10 15:54 - 006189288 _____ (PC Drivers HeadQuarters LP) C:\Documents and Settings\Maureen\Local Settings\Temp\DriverSupport.exe 2013-10-15 10:10 - 2013-10-15 10:10 - 002923816 _____ (McAfee, Inc.) C:\Documents and Settings\Maureen\Local Settings\Temp\SecurityScan_Release.exe 2012-10-26 12:39 - 2014-12-09 17:59 - 000636848 _____ (APN LLC.) C:\Documents and Settings\Maureen\Local Settings\Temp\setup.exe 2016-09-24 13:28 - 2016-09-24 13:29 - 000267776 _____ () C:\Documents and Settings\Maureen\Local Settings\Temp\systemrestore.exe Task: C:\WINDOWS\Tasks\Driver Support-RTMRules.job => C:\Program Files\Driver Support\DriverSupport.exe Task: C:\WINDOWS\Tasks\Driver Support-RTMScan.job => C:\Program Files\Driver Support\DriverSupport.exe Task: C:\WINDOWS\Tasks\Driver Support-RTMUpdater.job => C:\Program Files\Driver Support\DriverSupport.exe Task: C:\WINDOWS\Tasks\Driver Support.job => C:\Program Files\Driver Support\DriverSupport.exe Close Notepad. NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply. Note: If the tool warns you about an outdated version please download and run the updated version.
  6. "HxTsr.exe"

    The Windows Repair tool loads and runs several different scripts based on what I told it to do. The scripts reset the selected items to their default values and settings. I decided to have you run it with the options I selected, because of several permissions related errors that were present in the Events log of the FRST Additional Scans report. Unless you are having problems, it is time to do the final steps. Now to remove most of the tools that we have used in fixing your machine: Download Delfix from here and save it to your desktop. Ensure Remove disinfection tools is checked. Also place a checkmark next to: Create registry backup Purge system restore Click the Run button. When the tool is finished, a log will open in notepad. I do not need the log. You can close Notepad. Empty the Recycle Bin Download to your Desktop: - CCleaner Portable To remove Windows Repair by Tweaking.com run its uninstaller. Run Windows Update and update your Windows Operating System. Articles to Read: How to Protect Your Computer From Malware How to keep you and your Windows PC happy Web, email, chat, password and kids safety How Did I Get Infected? That should take care of everything. Safe Surfing!
  7. Dell Concierge Support virus

    Thread Closed Reason: Lack of Response PM either Kevin, Elise, or Arthur to have this thread reopened. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread.
  8. "HxTsr.exe"

    The errors in the Windows Repair log are not something to be overly concerned with they will not effect system performance or stability. Your FRST logs look fine. How are things running?
  9. "HxTsr.exe"

    Everything should be fine at this point, but let's double check. Run fresh scans with Emsisoft Emergency Kit (EEK) and FRST, attach the new EEK and FRST scans to your reply. Be sure to let me know how things are running.
  10. August 9th and I've been attacked

    The log you posted is the FRST Additional Scan report I need the FRST scan report itself.
  11. "HxTsr.exe"

    No need for the Windows Repair logs. As I mentioned in an earlier post MBAM and EIS are not compatible. Uninstall one of them. Copy the below code to Notepad; Save As fixlist.txt to your Desktop. HKU\S-1-5-21-2431762388-1408777004-2867943247-1001\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe --no-displaying-insecure-content --disable-devtools --user-data-dir="C:\Users\Branden\AppData\Local\ASUS GIFTBOX\User Data" --no-sandbox --flag-swi (the data entry has 100 more characters). U1 aswbdisk; no ImagePath S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X] Task: {13B80432-7F47-44F9-8D04-DC0E19CA63C6} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{662D790F-5C55-49FD-BF1D-34742578904E}_System Diagnostics => Command(1): C:\WINDOWS\system32\rundll32.exe -> C:\WINDOWS\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)" Task: {13B80432-7F47-44F9-8D04-DC0E19CA63C6} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{662D790F-5C55-49FD-BF1D-34742578904E}_System Diagnostics => Command(2): C:\WINDOWS\system32\schtasks.exe -> /delete /f /tn "\Microsoft\Windows\PLA\System\{662D790F-5C55-49FD-BF1D-34742578904E}_System Diagnostics" Task: {77880A83-BCFA-4F61-975E-D28FAB3E2DE1} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{0439115E-8125-45CE-ACDD-A2BC8248C4D3}_System Diagnostics => Command(1): C:\WINDOWS\system32\rundll32.exe -> C:\WINDOWS\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)" Task: {77880A83-BCFA-4F61-975E-D28FAB3E2DE1} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{0439115E-8125-45CE-ACDD-A2BC8248C4D3}_System Diagnostics => Command(2): C:\WINDOWS\system32\schtasks.exe -> /delete /f /tn "\Microsoft\Windows\PLA\System\{0439115E-8125-45CE-ACDD-A2BC8248C4D3}_System Diagnostics" Task: {D3873DE7-29D8-4146-B6E2-99A991D7DC88} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{3C4866E3-A93B-44BE-A8E8-8D4BCE7DB4B8}_System Diagnostics => Command(1): C:\WINDOWS\system32\rundll32.exe -> C:\WINDOWS\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)" Task: {D3873DE7-29D8-4146-B6E2-99A991D7DC88} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{3C4866E3-A93B-44BE-A8E8-8D4BCE7DB4B8}_System Diagnostics => Command(2): C:\WINDOWS\system32\schtasks.exe -> /delete /f /tn "\Microsoft\Windows\PLA\System\{3C4866E3-A93B-44BE-A8E8-8D4BCE7DB4B8}_System Diagnostics" Close Notepad. NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST64 and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply. Note: If the tool warns you about an outdated version please download and run the updated version.
  12. "HxTsr.exe"

    Looking through the Event Lo g portion of the FRST logs, it appears that there may be an issue with Cryptographic Services on this system. Let's try resetting some areas of Windows to their defaults. Download Windows Repair by Tweaking.com http://www.tweaking.com/content/page/windows_repair_all_in_one.html to your desktop. Use the direct download link for the Portable version of Windows Repair by Tweaking.com Double-click "tweaking.com_windows_repair_aio.zip" and extract the "Tweaking.com - Windows Repair" folder to your desktop. Now open this folder and double-click "Repair_Windows.exe". Click the "Repairs" tab on the far right. Click the "Open Repairs" button (bottom right) Note: When asked if you would like to create a restore point. It is recommended just in-case something does not go as planned. Click "Unselect All" Put a checkmark in the following items: 01 - Reset Registry Permissions 02 - Reset File Permissions 03 - Reset Service Permissions 04 - Register System Files 05 - Repair WMI 10 - Remove Policies Set By Infections 19 - Repair Volume Shadow Copy Service 21 - Repair MSI (Windows Installer) 26 - Restore Important Windows Services 27 - Set Windows Services To Default Startup 28.01 - Repair Windows 8/10 App Store 28.02 - Repair Windows 8/10 App Store (Completely Reset App Store) 29 - Repair Windows 8/10 Component Store 30 - Repair Windows 8/10 COM+ Unmarshalers 31 - Repair Windows 'New' Submenu 32 - Restore UAC (User Account Control) Settings 33 - Repair Performance Counters Note: Leave everything else unchecked Put a checkmark in "Restart System When Finished" Now click the "Start" button (bottom right) Run a fresh scan with FRST, attach the new FRST scan logs to your reply.
  13. August 9th and I've been attacked

    Support thread opened at original posters request. Run a fresh scan with FRST. Skip using AdwCleaner and JRT for now. Attach the new FRST scan logs to your reply.
  14. probably a new malware

    Without the logs from the tools in the instruction linked to by Stapp, there is no way to determine what is causing your problems.