Kevin Zoll

Emsisoft Employee
  • Content Count

    18772
  • Joined

  • Last visited

  • Days Won

    177

Everything posted by Kevin Zoll

  1. Start by reinstalling your drivers, and if that does not fix the issues you will have to reinstall Windows.
  2. Thread Closed Reason: Lack of Response PM either Kevin, or Arthur to have this thread reopened. The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on a system, other than the one they were written for, could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread
  3. Thread Closed Reason: Lack of Response PM either Kevin, or Arthur to have this thread reopened. The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on a system, other than the one they were written for, could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread
  4. That error is a hardware problem and not a software problem. If the card works correctly in a card reader and not the camera it is definitely a hardware issue.
  5. RogueKiller is not a tool we ask you to run in the initial instructions. You also ran the tools in Safe Mode, which is something our instructions explicitly state to not do. See the thread titled START HERE, if you don't we are just going to send you back to this thread
  6. I did a little research. The error is because the card is not seating properly in the camera. Clean the contacts on the card with an eraser and put it back in the camera.
  7. A reinstall of Windows 10 is most likely the best course of action at this point.
  8. We do not support the Mac OS, iOS, or Linux operating systems at this time. If we do develop for them in the future, we'll post about it on our blog at the very least, here.
  9. I do not recommend using Registry cleaners. You will see no performance gains, and using such tool is dangerous as you can render a system inoperable. Tweaking.com Repair All in One though powerful can only do so much. Portable Apps Companion does not provide a Windows Environment. It is a USB drive with portable Windows Apps. That will not fix the underlying issues with your computer.
  10. At this point nothing sort of a refresh will fix the problems you are having.
  11. Hello @gonczi, Welcome to the Emsisoft Support Forums. All files are to be attached to all replies. Do not copy & paste any log to your replies, unless specifically told to do so. Copy the below code to Notepad; Save As fixlist.txt to your Desktop. HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION GroupPolicyScripts: Restriction <==== ATTENTION FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION "{45487F67-EC9F-4449-A6F2-2D0970F9B80B}" => service could not be unlocked. <==== ATTENTION HKLM\SYSTEM\ControlSet001\Services\{45487F67-EC9F-4449-A6F2-2D0970F9B80B} => C:\Windows\System32\drivers\Wdf34078.sys [1485200 2019-12-21] (Access Denied) [File not signed] <==== ATTENTION (Rootkit!/Locked Service) 2020-03-15 20:16 - 2019-12-21 19:35 - 000000000 ____D C:\Users\Laci\AppData\Roaming\mhj4f1cksmd 2020-03-15 20:16 - 2019-12-21 19:25 - 000000000 ____D C:\Users\Laci\AppData\Roaming\akrv5m5dnyx 2020-03-14 18:31 - 2019-12-20 21:02 - 000000000 ____D C:\Users\Laci\AppData\Roaming\3gzekt4l5wb 2019-12-21 19:25 C:\Windows\system32\Drivers\Wdf34078.sys ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File AlternateDataStreams: C:\kerelem-adatlap_szolgalati_ido_kiszamitasahoz.pdf:xdg.origin.url [309] AlternateDataStreams: C:\ProgramData\TEMP:80337C03 [124] FirewallRules: [{896062B9-D51E-4454-8B5F-610CABD2D730}] => (Allow) C:\Program Files\uTorrent\uTorrent.exe No File FirewallRules: [{185A96E0-0EB2-4ABB-A059-616FDCBFD868}] => (Allow) C:\Program Files\uTorrent\uTorrent.exe No File FirewallRules: [TCP Query User{DF20EDEA-1894-41DC-B280-0D087751F553}F:\win_hdd\telepitők\potplayer live\potplayer live.exe] => (Allow) F:\win_hdd\telepitők\potplayer live\potplayer live.exe No File FirewallRules: [UDP Query User{B74357D1-7B81-4393-8DDC-30127B7738A9}F:\win_hdd\telepitők\potplayer live\potplayer live.exe] => (Allow) F:\win_hdd\telepitők\potplayer live\potplayer live.exe No File FirewallRules: [{72451496-30F3-426A-BC0F-0F5298BB7A08}] => (Allow) C:\sajat pot\PotPlayer\PotPlayerMini.exe No File Close Notepad. NOTE: It's important that both files, FRST, and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system IMPORTANT: Save all of your work, as the next step may reboot your computer. Run FRST and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply. NOTE: If the tool warns you about an outdated version please download and run the updated version. Also, let me know how the machine is running now, and what remaining issues you've noticed.
  12. You have far too many Anti-Virus applications installed on your computer. You should have one and only Anti-Virus application installed. Otherwise you will have conflicts as they compete for the same resources. Pick one Anti-Virus and uninstall all the others.
  13. Those are not false positives. To date 100% of STOP/DJVU (New Variant) ransomware attacks have been as a result of software piracy. We have strict anti-piracy policies here at Emsisoft. If we see pirated software present, or suspect pirate software is in use no aid we be given.
  14. Detection names are useless, they are for classification only. I need to know what specifically was detected and the full path of the detection.
  15. Close all programs and disconnect any USB or external drives before running the tool. Double-click RogueKiller.exe to run the tool again. Once the Prescan has finished, click Scan. Once the Status box shows "Scan Finished". Select the following items: [PUP.Auslogics (Potentiellement Malicieux)] HKEY_LOCAL_MACHINE\Software\Auslogics -- -> Supprimé(e) [PUP.AutoIt.Gen (Potentiellement Malicieux)] Converber.exe -- %SystemDrive%\LiberKey\Apps\Converber\App\Converber\Converber.exe -> Supprimé(e) [PUP.Auslogics (Potentiellement Malicieux)] Auslogics Anti-Malware.lnk -- G:\Auslogics Anti-Malware.lnk (lnk => C:\Program Files (x86)\Auslogics\Anti-Malware\AntiMalware.exe []) -> Supprimé(e) [PUP.Auslogics (Potentiellement Malicieux)] Auslogics Duplicate File Finder.lnk -- G:\Auslogics Duplicate File Finder.lnk (lnk => C:\Program Files (x86)\Auslogics\Duplicate File Finder\Integrator.exe []) -> Supprimé(e) [Rogue.Segurazo (Malicieux)] SegurazoUninstaller.exe [Digital Communications Inc.] -- I:\Users\Bur K CX30JJAD 8janv\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\Segurazo\SegurazoUninstaller.exe -> Supprimé(e) [PUP.SysTweak|PUP.Gen1|PUP.Solvusoft (Potentiellement Malicieux)] Page d'accueil de WinThruster.lnk -- I:\Users\Bur K CX30JJAD 8janv\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\WinThruster\WinThruster\Page d'accueil de WinThruster.lnk (lnk => C:\Program Files (x86)\WinThruster\HomePage.url []) -> Supprimé(e) [PUP.SysTweak|PUP.Gen1|PUP.Solvusoft (Potentiellement Malicieux)] Désinstaller WinThruster.lnk -- I:\Users\Bur K CX30JJAD 8janv\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\WinThruster\WinThruster\Désinstaller WinThruster.lnk (lnk => C:\Program Files (x86)\WinThruster\unins000.exe []) -> Supprimé(e) [PUP.SysTweak|PUP.Gen1|PUP.Solvusoft (Potentiellement Malicieux)] WinThruster.lnk -- I:\Users\Bur K CX30JJAD 8janv\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\WinThruster\WinThruster\WinThruster.lnk (lnk => C:\Program Files (x86)\WinThruster\WinThruster.exe []) -> Supprimé(e) [PUP.AutoIt.Gen (Potentiellement Malicieux)] HDDFix.exe -- I:\Users\dépannage iPod\Desktop\HDDFix.exe -> Supprimé(e) [PUP.InnovativeSolutions (Potentiellement Malicieux)] AU PRO.lnk -- I:\Users\manqu\AppData\Local\Innovative Solutions\Advanced Uninstaller PRO\AU PRO.lnk (lnk => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe []) -> Supprimé(e) [PUP.SweetLabs|PUP.Gen1 (Potentiellement Malicieux)] PC App Store.lnk -- I:\Users\manqu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk (lnk => C:\Users\antifondance uni c b\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [ /OPEN"f22abfeae27a67446927d078890381efc546d3e1"]) -> Supprimé(e) [PUP.SweetLabs|PUP.Gen1 (Potentiellement Malicieux)] Start Menu.lnk -- I:\Users\manqu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk (lnk => C:\Users\antifondance uni c b\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [/OPEN"menu"]) -> Supprimé(e) [PUP.InnovativeSolutions (Potentiellement Malicieux)] Advanced Uninstaller PRO 12.lnk -- I:\Users\manqu\Desktop\Advanced Uninstaller PRO 12.lnk (lnk => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe []) -> Supprimé(e) [PUP.AutoIt.Gen (Potentiellement Malicieux)] HDDFix.exe -- I:\Users\manqu\Desktop\HDDFix.exe -> Supprimé(e) [PUP.PCCleaner (Potentiellement Malicieux)] OneSafe_PC_Cleaner.exe [Avanquest Software SAS] -- I:\Users\manqu\Downloads\OneSafe_PC_Cleaner.exe -> Supprimé(e) [PUP.AutoIt.Gen (Potentiellement Malicieux)] SFTGC.exe -- I:\Users\self-vot 10Crem Tern\Downloads\SFTGC.exe -> Supprimé(e) [PUP.InnovativeSolutions (Potentiellement Malicieux)] Advanced Uninstaller PRO 12.lnk -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO\Advanced Uninstaller PRO 12.lnk (lnk => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe []) -> Supprimé(e) [PUP.InnovativeSolutions (Potentiellement Malicieux)] Uninstall.lnk -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO\Uninstall.lnk (lnk => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\unins000.exe []) -> Supprimé(e) [PUP.InnovativeSolutions (Potentiellement Malicieux)] Advanced Uninstaller PRO 12.lnk -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO 12.lnk (lnk => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe []) -> Supprimé(e) [PUP.AutoIt.Gen (Potentiellement Malicieux)] Converber.exe -- I:\LiberKey\Apps\Converber\App\Converber\Converber.exe -> Supprimé(e) Click the Delete button. Attach the RogueKiller report to your next reply. The log can also be found on your desktop labeled (RKreport[X]_D_xxdatexx_xtimex.txt) The highest number of [X], is the most recent Delete log.
  16. Changing tools. Download AdwCleaner and save it on your Desktop. Close all open programs and Internet browsers (you may want to print out or write down these instructions first). Double click on adwcleaner.exe to run the tool. Click on the Scan button. After the scan has finished, click on the Clean button. Confirm each time with OK. You will be prompted to restart your computer. A text file will open in Notepad after the restart (this is the log of what was removed), which you can save on your Desktop. Attach that log file to your reply. NOTE: If you lose that log file for any reason, you can find it at C:\AdwCleaner on your computer.
  17. Thread Closed Reason: Lack of Response PM either Kevin, or Arthur to have this thread reopened. The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on a system, other than the one they were written for, could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread
  18. Stop running tools I did not ask you to run. I see one more log I did not ask for I will terminate this support thread. Just reviewing you FRST reports, I can see you have ran just about ever tool you can find to fix the system. Stop,. You run the very real risk of rendering the operating system non-functional. Copy the below code to Notepad; Save As fixlist.txt to your Desktop. HKU\S-1-5-21-1913538887-3906073971-4032389247-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 GroupPolicy: Restriction ? <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION Task: {F663F3CD-A3FE-4F63-87DA-62ED467E9323} - System32\Tasks\CacheWrite => C:\ProgramData\CacheWrite\CacheWrite.exe <==== ATTENTION HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre-10.0.2\bin\ssv.dll => Pas de fichier R2 MEmuSVC; C:\Program Files (x86)\Microvirt\MEmu\MemuService.exe [85304 2019-07-02] (Shanghai Microvirt Software Technology Co., Ltd. -> ) R0 eppdisk; C:\Windows\System32\drivers\eppdisk.sys [37776 2019-12-13] (Emsisoft Ltd -> Emsisoft Ltd) R3 esihdrv; C:\Users\antifondance uni c b\AppData\Local\Temp\esihdrv.sys [191664 2020-03-06] (ESET, spol. s r.o. -> ESET) <==== ATTENTION R3 HWiNFO; C:\Users\antifondance uni c b\AppData\Local\Temp\HWiNFO64A.SYS [61208 2020-03-06] (Martin Malik - REALiX -> REALiX(tm)) <==== ATTENTION S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security S.L. -> Panda Security, S.L.) S1 SMR521; \SystemRoot\System32\drivers\SMR521.SYS [X] AV: Ashampoo Anti-Virus (Disabled - Up to date) {5FD8BF8F-F242-6153-61B5-8FF333E8736B} AS: Ashampoo Anti-Virus (Disabled - Up to date) {E4B95E6B-D478-6EDD-5B05-B481486F39D6} ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Pas de fichier ContextMenuHandlers1: [Open With EncryptionMenu] -> {A470F8CF-A1E8-4f65-8335-227475AA5C46} => -> Pas de fichier ContextMenuHandlers2: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => -> Pas de fichier ContextMenuHandlers2: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => -> Pas de fichier ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier ContextMenuHandlers3: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => -> Pas de fichier ContextMenuHandlers3: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => -> Pas de fichier ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> Pas de fichier ContextMenuHandlers4: [EncryptionMenu] -> {A470F8CF-A1E8-4f65-8335-227475AA5C46} => -> Pas de fichier ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> Pas de fichier ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Pas de fichier ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Pas de fichier ContextMenuHandlers6: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => -> Pas de fichier ContextMenuHandlers6: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => -> Pas de fichier ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> Pas de fichier AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [143] Close Notepad. NOTE: It's important that both files, FRST, and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system IMPORTANT: Save all of your work, as the next step may reboot your computer. Run FRST and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply. NOTE: If the tool warns you about an outdated version please download and run the updated version. Also, let me know how the machine is running now, and what remaining issues you've noticed.
  19. Do not copy & paste logs to your replies. They will be removed without reading. Also do not run tools I did not ask you to run. Run a fresh scan with FRST, attach the new FRST scan reports to your reply.