Kevin Zoll

Emsisoft Employee
  • Content count

    18257
  • Joined

  • Last visited

  • Days Won

    163

Kevin Zoll last won the day on June 12

Kevin Zoll had the most liked content!

Community Reputation

275 Excellent

About Kevin Zoll

  • Rank
    Malware Removal Support
  • Birthday 12/04/1960

Contact Methods

  • Website URL
    http://www.malwareteks.com/

Profile Information

  • Gender
    Male
  • Location
    Depauville, NY, USA
  • Interests
    Computer Security, Malware Research, Malware Removal, Computer Programming, Website Design

Recent Profile Visitors

163934 profile views
  1. That's a possibility as it did appear to be related to something Windows was doing at the time.
  2. It's likely a legitimate Reparse/Junction and should be nothing to be concerned about. Since it is no longer present it was likely only a temporary Reparse/Junction.
  3. Kevin Zoll

    Getting Blue Screen Crashes

    Jerry, If that doesn't fix the BSOD's then I will probably need to get a copy of the crash dump that was created when the system crashed.
  4. Kevin Zoll

    Getting Blue Screen Crashes

    Uninstall Emsisoft. Then run Emsiclean. https://dl.emsisoft.com/Emsiclean.zip The Zip file contains both the 32-bit and 64-bit version . Run the 64-bit version of Emsiclean and let it clean what it finds. Restart the computer. Download and install a fresh copy of Emsisoft Anti-Malware and enter your license information when asked. https://www.emsisoft.com/en/software/antimalware/download/
  5. No, we do not offer a lifetime license. You are welcome. Happy to be of assistance. Thread Closed Reason: Resolved The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread.
  6. I would not turn that feature on. It has been known to cause issues, such as slowdowns and has caused systems to crash.
  7. Yes, you can delete FRST and the FRST folder on drive C. I can delete the SAS stuff using FRST if you like. I will need a fresh scan from FRST, on the affected computer, to do that. As far as tehlaptop, I saw no malware in the logs. Just a bunch of orphaned stuff from security programs no longer installed. I removed that stuff with the FRST fix.
  8. Thread Closed Reason: Resolved by User
  9. Please run FRST again. Next, select and copy the following text, including the words Start:: and End::. Switch back to the FRST program window, and click the Fix button. It should read the fix directly from the clipboard and run the fix. When it is finished, please attach the fixlog.txt file it created in the same folder the FRST program is in. Start:: HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <==== ATTENTION HKU\S-1-5-21-829221180-3900804615-1205485820-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-829221180-3900804615-1205485820-1001\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1 HKU\S-1-5-21-829221180-3900804615-1205485820-1001\...\Policies\Explorer: [NoResolveSearch] 1 HKU\S-1-5-21-829221180-3900804615-1205485820-1001\...\Policies\Explorer: [NoInternetOpenWith] 1 BHO: No Name -> {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} -> No File Toolbar: HKU\S-1-5-21-829221180-3900804615-1205485820-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com) S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [55232 2018-07-03] () R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2018-07-03] (Zemana Ltd.) R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-07-03] (Zemana Ltd.) 2018-07-09 22:58 - 2018-07-09 22:58 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\52516528.sys 2018-07-08 23:16 - 2018-07-08 23:16 - 000000000 ____D C:\KVRT_Data 2018-07-08 16:28 - 2018-07-08 16:28 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\7251249A.sys 2018-07-06 00:32 - 2018-07-06 00:32 - 000000000 ____D C:\AdwCleaner 2018-07-05 18:01 - 2018-07-05 18:01 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\4512F771.sys 2018-07-05 03:32 - 2018-07-05 03:32 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\2627F53A.sys 2018-07-05 03:32 - 2018-07-05 03:32 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-07-05 03:05 - 2018-07-11 18:11 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2018-07-05 03:05 - 2018-07-09 23:26 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2018-07-04 23:42 - 2018-07-04 23:43 - 000000000 ____D C:\ProgramData\RogueKiller 2018-07-04 16:23 - 2018-07-04 07:52 - 007395536 _____ (Malwarebytes) C:\Users\PC user\Documents\AdwCleaner.exe 2018-07-03 17:44 - 2018-07-12 08:03 - 000281296 _____ C:\WINDOWS\ZAM.krnl.trace 2018-07-03 17:44 - 2018-07-12 08:03 - 000258222 _____ C:\WINDOWS\ZAM_Guard.krnl.trace 2018-07-03 17:44 - 2018-07-03 17:44 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys 2018-07-03 17:44 - 2018-07-03 17:44 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys 2018-07-03 17:29 - 2018-07-03 17:29 - 000000000 ____D C:\Users\PC user\AppData\Local\Zemana 2018-07-03 17:25 - 2018-07-03 17:25 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys 2018-07-01 03:33 - 2018-07-01 03:33 - 000024920 _____ (NoVirusThanks Company Srl) C:\WINDOWS\system32\Drivers\RegDeleteEx.sys 2018-07-10 22:53 - 2018-05-12 00:05 - 000000000 ____D C:\Program Files\SUPERAntiSpyware ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File End::
  10. That should take care of everything. How are things running?
  11. Please run FRST again. Next, select and copy the following text, including the words Start:: and End::. Switch back to the FRST program window, and click the Fix button. It should read the fix directly from the clipboard and run the fix. When it is finished, please attach the fixlog.txt file it created in the same folder the FRST program is in. Start:: SearchScopes: HKU\S-1-5-21-2321107616-3240194887-1935080380-1001 -> DefaultScope {0C071E52-C62C-4B94-93C4-75168CF6C68A} URL = SearchScopes: HKU\S-1-5-21-2321107616-3240194887-1935080380-1001 -> {0C071E52-C62C-4B94-93C4-75168CF6C68A} URL = 2018-06-24 15:07 - 2018-06-24 15:07 - 000000168 ____H () C:\Program Files\Common Files\restore_rev.bat C:\Windows\SysWOW64\config\systemprofile\AppData\Local\installer.dat End::
  12. Double-click on this entry in EEK: 09.07.2018 09:16:23 Użytkownik DESKTOP-FLS179Q\TERESA Infekcja została usunięta Średniego ryzyka Malware "Adware.Linkury.CX (B)" w "installer.dat". Export it to a text file and send me that file. I Need to full path to installer,dat that is being detected.
  13. I will take a look at the logs Monday after they are available.
  14. Kevin Zoll

    CLOSED Chrome Redirect

    You are welcome. Thread Closed Reason: Resolved The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread.
  15. Let's take a fresh look. Run fresh scans with Emsisoft Emergency Kit (EEK) and FRST, attach the new EEK and FRST scans to your reply. Be sure to let me know how things are running.