Momadice

Bad Internet, I can no longer run emsisoft, I just purchased it, and could use some help.

Recommended Posts

I am in the middle of assignments and exams, and now in a big puddle of tears and could really use some help.  I really hope I purchased your program and not some rogue program.

 

I have ran the required scans.  I'll copy and paste below.  I just purchased your software.  I have also been having a lot of malicious site redirects that your software has made me aware of.  Interestingly it has taken some time to be able to post this, as I was not allowed to create an account.  When I requested a 'forgot my password' I was never sent one, and now beleive I was on a rogue emsisoft site.  I used duckduckgo and managed to get to your proper site.  At least I hope it is.  this time it let me create an account, and was able to get email verification, and now sign in and post.

 

I have a very strange thing in my control panel thaI I have never seen before.  I thought I had gotten rid of it with a reinstall of win 8.1.  It is back.  It is back after I installed your software, I ran it and all was okay, along with other software. There were two things quaratined by emsisoft.  Interestingly today I cannot run your software anymore.  My pc does nothing.  It does tell me I am entering a malicious site (THANK YOU!) and I choose the 'block', but I cannot call up the graphic interface to select settings, or look at logs, or update the database.  I had to run the emergency repair kit, but only after I ran the registry kill program from  bleeping computers.  I ran both requested scans.  I am unsure how to paste a screen shot to you to see the control panel disturbance I am talking about.  I have purchased your program like I said, but I cannot access it anymore.

 

When I ran the registry kill, it did kill two things.  I do not want to post anything else until you ask, as those are the instructions you have given for the first posting for help, but I couldn't run anything until after I ran the registry kill.

 

Update:  I was just now able to call up the emsisoft interface.  Yea!!  Just to be clear, as I reread this post, I am happy with emsisoft, and the problem is I have something runnig amuck with something else and I am not sure what it is.  What ever it is - It obviously is trying to make my anti virus have some problems, but it is because of my emsisoft that I am certain it I have a problem, and my problem hasn't been able to bring emsisoft out of commission entirely. Thank goodness.  I am counting on beating this with your help.

Edited by Kevin Zoll
Inline logs removed

Share this post


Link to post
Share on other sites

All logs are to be attached to all posts. Do not copy & paste any logs, unless specifically told to do so.

Your logs are not showing any malware. However, there are a few issues that should be addressed.

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3697784714-1533898605-4234074958-1001 -> {4B44DE15-5F8E-4550-ACC3-9A20DBE3AB05} URL =
2014-06-14 12:50 - 2014-06-14 12:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-03-14 14:05 - 2012-10-24 15:44 - 0656048 _____ (WildTangent, Inc.) C:\ProgramData\uninstall308549.exe
C:\ProgramData\uninstall308549.exe
Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system to restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

Share this post


Link to post
Share on other sites

Done.  What kind of activities am I allowed to perform using this pc?  I need to access my college via internet and work on certain files saved on my pc. Or should I just leave everything alone?

 

 

 

Don't mind me, I was just reading not to add any files or programs or unistall or delete.

 

I really like the surf guard on your product.

Share this post


Link to post
Share on other sites

I don't see anything that looks like a keylogger or info stealer, so doing online schooling should not be an issue.

Let's take a fresh look.

Run fresh scans with Emsisoft Emergency Kit (EEK) and FRST, attach the new EEK and FRST scans to your reply.

Share this post


Link to post
Share on other sites

I will do so as soon as possible. Windows shut me down in the middle of farbart scan for an update. It's just hanging and it says it's 100% complete but won't let the computer start. Normally. I HELD dOwn the power switch to hard boot and I can't get past it tellng me to wait. Not only do I need to use it right now, you told me not to change,delete,and repair there will be changes. Do you know how stop this? Would you still want me to do those scans again when it is done? It seems to be frozen just hanging, or perhaps is does take this long. So the scans will now be after it completed the update, their littLe epitaph says it is 100% complete so I am unsure what to do.

Share this post


Link to post
Share on other sites

Windows finished updating and I have run both scans again. FarBar only produced one report, not two and I read it will only do one report now anyway.  emergency kit scan was completed in 46 seconds, so i ran it again. Emsisoft caught 7 attempts to direct my browser to a malicious site upon opening my computer after the windows update.  I am using firefox as my browser. I have taken a few screen shots if you will let me know how to get them to you I have been waiting for permission to install the backup program that was bundled with emsisoft, please let me know when I can do that.  I know something is wrong because I use my laptop amost 8 hours a day just for my school work, I notice when something is different.  Not long before I installed a lisenced copy of emsisoft I was cleaning up my duplicate files as I do have them all the time.  As a lawclerk student I have an enormous amount of files and it is faster for me to just download them again as it takes me too long to remember where I saved them.  I was using ccleaner to find duplicate files and selecting the duplicate ones to delete.  i was suprised to find several files (anywhere from 17 to 25) duplicate files all created on the same day, I do not download them that much.

 

I have attached the single farar report to this post and will post the eek one as soon as it is complete.

 

My browser is back to not loading pages for me.  I get a message that says my connection was interupted please try again later. I have been getting this often when I try to log onto my school's blackboard.

Share this post


Link to post
Share on other sites

eek report attached.

 

I forgot to change the cookie settings when I reinstalled firefox, and have now changed it to not accept any third party cookies.  I did not delete any of the cookies yet, as I didn't know if you want to see them.

 

I just had a couple large assignments assigned and I need to download the files for this and you said it should be okay so I will go ahead and do that.

Share this post


Link to post
Share on other sites

So sorry, I did use the attach button and browsed my pc for the files to attach.  It did say is was succesfully uploaded, I must have inadvertently done something wrong. Okay, I see where my mistake was.  They are attached now.  eek is next.  I don't know if this is relvant as I don't really know how to use some support programs, and therefore do not understand how to interpret them.  I do have an emsisoft (regular) log that shows some remote computer and I don't recognize the the so called user or program that gave it permission.  I sure didn't.  Not on purpose at least. I do have my mouse acting on it's own from time to time and my desktop icons are getting moved around from time to time.  What caught my attention is that the mouse seemed to be trying to click on something in one of my emsisoft logs.I thought I's mention it.

Addition.txt

FRST.txt

Share this post


Link to post
Share on other sites

1) eek report attached

2) I'm having a difficult time accessing my college blackboard.  Sometimes it is okay and sometimes it is not. After running FRBR then emergency kit, I ran the registry kill program, as I used it to sucessfully alow me consistent access to my college, while I have been trying to figure out what is going on, and before contacting you.  I have attached the report as I have emsisoft running and it did not catch this.  i have only run the rkill, and have not modified or tried a manual uninstall or deleted any files.  It is critical for me to access my college, and I do not have a spare computer. I hope this did not mess anything up and you understand my urgency.

 

FYI: My pc has been cooperating nicely this evening.  i realize this doesn't mean it's okay yet, but I was able to relax a little bit and get my work done.  I did peruse the farbar reports and noticed that Wild Tangent may still be on my computer.  I used revo unistaller to uninstall it, but as I don't know what or how to read the report I do not know if it is still a problem. This computer like so many other came with a lot of software or apps that I do not want or even use.  Win 8.1 is new to me yet you can't just unistall from the programs and features control panel anymore, as the apps are not listed there.  I don't know how to verify if an app uninstalled properly, and there are at least 60% of apps that I do not want. Using autoruns also is challenging for me as I do not know exactly what I shoud leave alone, and what I should disable. I am happy with all the things emsisoft is doing and blocking.  If your company ever wants to produce an uninstall program, I'll be the first in line.

a2scan_150318-172840 18MARCH2015.txt

Rkill18MARCH2015.txt

Share this post


Link to post
Share on other sites

After getting my coffee and sitting down to start my assignments Firefox was acting up.  It would not load my page and gave me an error of:  Server not found.  Firefox can't find the server at www.emsisoft.com.

 

Wordperfect, and email are constantly hanging with a "program is not responding" message.

 

I am using chrome, as it is opening my sites. Thus I was able to post this.   Wordperfect may be stressful as I use it to type my work.  I'll keep posting the unusual errors I'm getting.

Share this post


Link to post
Share on other sites

Your logs look fine. There is an instance of the Command Console that is running that I find questionable.

Download RogueKiller from one of the following links and save it to your desktop:

  • Link 1
  • Link 2
    • Close all programs and disconnect any USB or external drives before running the tool.
    • Double-click RogueKiller.exe to run the tool (Vista or 7 users: Right-click and select Run As Administrator).
    • Once the Prescan has finished, click Scan.
    • Once the Status box shows "Scan Finished", just close the program. <--Don't fix anything!
    • Attach the RogueKiller report to your next reply.
      • The log can also be found on your desktop labeled (RKreport[X]_S_xxdatexx_xtimex)
      • The highest number of [X], is the most recent Scan

Share this post


Link to post
Share on other sites

Close all programs and disconnect any USB or external drives before running the tool.

  • Double-click RogueKiller.exe to run the tool again (Vista or 7 users: Right-click and select Run As Administrator).
  • Once the Prescan has finished, click Scan.
  • Once the Status box shows "Scan Finished".
    • Click the Registry Tab and select the following items:
      [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found

      [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

      [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found

      [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

    • Click the Delete button.
  • Attach the RogueKiller report to your next reply.
    • The log can also be found on your desktop labeled (RKreport[X]_D_xxdatexx_xtimex)
    • The highest number of [X], is the most recent Delete

Share this post


Link to post
Share on other sites

I have, now, a never seen before problem using chrome.  I have a screen shot but do not know how to get it to you

 

description:  on a Google homepage using chrome there is the google search bar in the middle of the page.  That is where you type in your search terms.  I typed my search request and when I hit enter a popuup shows telling me I need to provide a URL in this space and my search query information has disappeared.

 

__________________________________________________________

 

Just to keep you updated

Chrome -  when I select a new tab for a new page, I get one screen that is missing the tool bar google has at the top for their silly things i don't use and I can't use the search box in the middle of the page>  I get please type in a url and those little boxes google put under that search box such as 'I'm feeling lucky' and 'google search' are not present.  FF is still the same, I am getting the connection reset error like a couple threads above.

 

I don't use chrome as my preferred browser, i have always used Firefox.  Firefox is acting up as you know, and now chrome wants to as well.  

 

For what it is worth both Firefox and chrome have a little icon selection right beside the shrink/expand/close section.  Chrome has a little person icon, and Firefox has a smiley face.  With FF i removed it from the tool bar.

Share this post


Link to post
Share on other sites

I have needed to use Google docs to upload and edit pdf's for school.  Everything was fine earlier, but now I keep getting the same error over and over again.  I want to print my finished work and need to download my annotated pdf and I keep getting download failed.

 

Then as I am looking for some of my files for school on my desktop I have a brand new icon that I have never seen before.  I didn't put it there.  Also I had a warning flag in the bottom right hand of my screen 'the flag one' that usually means there is an update or whatever.  For me it is that I disconnected my external hard-drive throughout our troubleshooting and knew it would go away once I plugged the drive back in.  NOT

 

Now the flag is all okay, and I didn't do that either.

Share this post


Link to post
Share on other sites

I haven't heard from you in a bit.  I hope all is well.  I had some troubles still with school work.  Of course I have to use the internet a lot.  After the registry change above that I did, when the computer was restarted the next time I had an icon on my desktop that I did not put there.  Nor have ever even put a desktop icon like it in my life.  It was labled "THIS PC"  with a computer icon on it.  It seemed to relate to remote control, or remote connection.  That along with the fact that in my programs and features area I have duplicate programs of almost everything, unless it was something I installed on my own.  As I hadn't heard from you and needed to do my work I tried looking into some stuff.  I unplugged my wifi internet.  Ran my emsisoft.  I still had to do a registry kill.  the Rogue killer simply would not work at all.  I reset my firewall.  Did my windows update, which it said had never been done. (It had been).  after those little maintenance things I was able to connect to my sites I needed to use and did some work.  I did get a warning, the flag, which said I had no anti spyware running and that my firewall was turned off.  when I selected the turn on my firewall option I was presented with a graphical interface almost identical to malwarebytes' graphical interface,  I used task manager to end the task and my white flag in the corner turned white again, and I had no more important messages in the action center.

 

Please do not get frustrated with me.  I only have one pc.  I failed a class last year as I couldn't get my work in on time because of computer problems.  As this is my last term I do not want to fail anymore.  I really do not know what it haunting me.  I try and run all the best antivirus.  I subscribe only to emsisoft though.  As Win 8.1 is new to me, I am not familiar with the OS.  So perhaps I have a remote connection I can't find, I should be the only one on this system except a tablet and phone connected by wifi, which are both mine.  I also have emsisoft on my tablet.  I am going to try and finish all the work I can right now.  Then I will hook up my wifi again and change my password.  On my firewall managing area I have duplicates of everything as well, I find this strange as I have never seen this before.  Is it possible to have two systems running on top of one another?  Even after a Windows reset?  With one being unnoticeable?

 

 

So I just performed a system restore, and this is the second time the message comes up with my flag that says windows defender is not running and out of date.  I click on the flag and it immediately opens a window graphical interface almost identical to malwarebytes and starts download the latest virus definitions.  This is freaky.  I used task manager to shut it down.  My flag still has a little red x on it.  There is something extremely messed up here, I have never seen any of these symptoms before in my life.

 

I forgot the flag tells me my emsisoft is turned off too.  I have it set up as real time protection and it runs it's scheduled scans.

Share this post


Link to post
Share on other sites

I am not available on the weekends. Some of the programs I am having you use will make changes to the system that will hide somethings and unhide other things. If an Icon suddenly appears or disappears then the tool I had you run is very likely responsible for what just occurred.

Let's take a fresh look.

Run fresh scans with Emsisoft Emergency Kit (EEK) and FRST, attach the new EEK and FRST scans to your reply.

Share this post


Link to post
Share on other sites

Thank you for the explanation.  Fresh look, I welcome that too.  I will do this now.  I have been doing my work, and I also have been physically unplugging my internet when I am not using it.  As you can tell, I don't know some of the names etc., or weird files, and I only can see what it obviously different to what I have been accustomed to see over the years.  I wish troubleshooting was not so difficult, but I guess that is the whole point of why the internet abusers are so good at what they do.  I will run scans now, and get them attached.  Thank you, for your patience, once again.  Thank you for your help, it is really appreciated here.

 

FYI:  I am having troubles getting into my college website.  I finally managed to make sure it was on the allow part of Chrome.  After three attempts, I finally was able to get in. I truly do not know what is going on with my internet or pc.  I am so stressed out over this.  If it wasn't so imperative to have the internet for school I could certainly be a lot calmer. I change my internet codes, but I for the life of me have no idea why I am having so many troubles.  I was trying to make sure all my cookies etc were clear and my windows old had some, but my computer would not allow me to delete them.  I was not a trusted installer!!  I guess after owning the computer I no longer get to make any decisions!!  LOL.  not so funny really.

 

Report is in the process.

 

send to emsi FRST.txt

 

send emsisoft a2scan_150324-133038 24March2015.txt

Share this post


Link to post
Share on other sites

Yes, malware authors are very good at what they do, and so are the people who assist others in cleaning up their systems. It is sort of like an arms race, each trying to stay ahead of the other.

Whenever, the logs are ready and posed I will take a look at them.

Share this post


Link to post
Share on other sites

No, it is not normal to have multiple copies of programs listed in the Uninstall program list. Sounds like there is some corruption.

First I am going to have you reset some areas of Windows to their defaults.

Download Windows Repair by Tweaking.com to your desktop. Use the direct download link for the Portable version of Windows Repair by Tweaking.com

  • Double-click tweaking.com_windows_repair_aio.zip and extract the Tweaking.com - Windows Repair folder to your desktop.
  • Now open this folder and double-click Repair_Windows.exe.
  • Click the Repairs tab on the far right.
  • Click the Start button (bottom right)

    Note: When asked if you would like to create a restore point. It is recommended just in-case something does not go as planned.

  • Click Unselect All
  • Put a checkmark in the following items:
    • Reset Registry Permissions
    • Reset File Permissions
    • Register System Files
    • Repair WMI
    • Remove Policies Set By Infections
    • Repair Windows Updates
    • Repair Volume Shadow Copy Service
    • Repair MSI (Windows Installer)
    • Restore Important Windows Services
    • Set Windows Services To Default Startup
    • Repair Windows 8 App Store
    • Repair Windows 8 Component Store
    Note: Leave everything else unchecked
  • Put a checkmark in Restart System When Finished
  • Now click the Start button (bottom right)
Copy the below code to Notepad; Save As fixlist.txt to your Desktop.
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3697784714-1533898605-4234074958-1001 -> {4B44DE15-5F8E-4550-ACC3-9A20DBE3AB05} URL = 
Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system to restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

Share this post


Link to post
Share on other sites

First task in the works and 2nd task is ready fr when the first one is complete.  Emsi soft keeps stopping the tweak.  how do I turn emsisoft off?

Share this post


Link to post
Share on other sites

send to emsi Fixlog.txt

Here is the log.

 

I figured out how to shut down emsisoft as it was not allowing Tweaking to complete it's job.

 

One problem:  I cannot get onto my school website anymore.  I will try a different browser, but I have been able to use Chrome for school. Chrome just tells me that the web page is not available.  I have set them up in the allowed site area of Chrome, but it doesn't do anything to help use the site.

 

Tweaking did take a long time, but it finally finished.  I have turned emsisoft back on again.  There is now only one program and not many duplicates as before found kin the programs and features area of the control panel.

 

The pc was incredibly slow, so slow I thought it was hanging when it started up, and again very slow after I put in the pin to access my desktop.  I do not know if this is normal or not after the tweak, but I imagine you know if this is just something that happens.  If there is anything I can do to improve the boot time let me know.

 

Out of habbit, and not thinking I ran AdwCleanersend to emsi AdwCleanerS3.txte.  I have attached the log.  Sorry.  But at least you'll see the changes.  I won't do it again.

 

 

Share this post


Link to post
Share on other sites

I am an avid follower of Emsisoft's blog, and bleeping computer (which is where I found you).  With respect to duplicate file cleaners and using ccleaner to clean up the computer, are there programs that can help with keeping the computer running efficiently?  With all the problems I have been having I very shy to even give a program a try as I don't seem to ever know if I can trust the download sites etc. anymore.  With report after report of different malware issues that arise I am getting more confused as to what should be good.  Any suggestions?

Share this post


Link to post
Share on other sites

Using Anti-Virus/Anti-Malware with resident shields and a software firewall is generally all that is needed to protect a system under normal usage situations. CCleaner is a good general purpose system cleaning tools to remove temporary files. More in depth cleaning should be done at the direction of someone with in-depth knowledge on Malware and the Windows OS.

It sounds like there are some remaining issues with this system.

Download avz4.zip from here

  • Unzip it to your desktop to a folder named avz4
  • Double click on AVZ.exe to run it.
  • Run an update by clicking the Auto Update button on the Right of the Log window: AVZupdate.jpg
  • Click Start to begin the update

    Note: If you receive an error message, chose a different source, then click Start again

  • After the update, from the "File" menu, choose "Standard Scripts"
  • Put a check next to item 2: Advanced System Analysis
  • Click Execute selected scripts
  • At the next prompt, click the OK button
  • Let the scan run and click "OK" when the completion prompt pops up
  • Now Close out of the Standard Scripts window, and exit AVZ
  • Navigate to the avz4 folder and locate the folder LOG
  • Inside the LOG folder you will find virusinfo_syscheck.htm, virusinfo_syscheck.htm and virusinfo_syscheck.zip
  • Attach the Compressed file, virusinfo_syscheck.zip, to your next reply.

Share this post


Link to post
Share on other sites

While using Chrome I was back tracking on my school page an I got an error on a blue background that said aw snap something went wrong while displaying this web page.  To continue reload or go to another page.I had an icon shaped like a folder with an uphappy face on it.

 

I had to rename my registry kill to run it.

 

On my apps area there are several new developments.  Such as apps I have previously deleted are back, at least with their icon, however have the word error attached to them.  My Windows store button has a big X on to^of it now.  I had to run a repair option to use wordperfect.

 

So it looks like to me you are flushing what ever it is out, and it doesn't like you doing that.

Share this post


Link to post
Share on other sites

Just an update of symptoms:

 

Boot time is extremely slow

Chrome and Firefox are slow or won't connect period

some of my apps have error messages, for instance the windows store app isn't working, and a few others.

Chrome is redirecting everything

When I am using chrome;  and using Google do a search, by either the url or the search box; instead I get a blank Goole page that hasn't even  entered a search, or disabled queires, no browsing. 

 

1) launch chrome

2) keying my search

3) am redirected to another goole search page with a black ribbon across the top of the screen.  if i use the reverse  icon which then reveals a different google page, with a different ribbon that list all my bookmarks. and looks like the real the google home page, but with obvious changes.

Share this post


Link to post
Share on other sites

Today's update:  I cannot use Chrome, I get a silly icon that says it cannot connect, even after doing a registry kill operation for malware.  I am back to using Firefox, which for some reason has become the working interent portal at the moment.

Share this post


Link to post
Share on other sites

I am going to have you run 2 tools that target Adware and Junkware in general.

Download AdwCleaner and save it on your desktop.

  • Close all open programs and Internet browsers (you may want to print our or write down these instructions first).
  • Double click on adwcleaner.exe to run the tool.
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Confirm each time with OK.
  • You will be prompted to restart your computer. A text file will open in Notepad after the restart (this is the log of what was removed), which you can save on your desktop.
  • Attach that log file to your reply by clicking the More Reply Options button to the lower-right of where you type in your reply.
  • If you lose that log file for any reason, you can find it at C:\AdwCleaner on your computer.
Download Junkware Removal Tool and save it on your desktop.
  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Attach the JRT log file to a reply by clicking the More Reply Options button to the lower-right of where you type in your reply.

Share this post


Link to post
Share on other sites

i will do those tasks tonight.

 

Chrome is not working.  Firefox is.

The Windows store app is not working and some of the installed apps like 'timers and alarms" which I used all the time are not there any more, and I cannot reinstall any of my apps, as the Windows Store app is not working.  This all happened after the Tweaking exercise.  At this point with all my assignments in the works I need to be careful about backing up stuff, so if there is something you need me to do, let me know what may happen, just so I can be prepared for my school stuff.

 

I will run those tasks you requested tonight when I finish some school work and save it. and post the replies.

Share this post


Link to post
Share on other sites

You may need to run the Windows 8 Refresh to get the Windows App Store to work properly again.

Share this post


Link to post
Share on other sites

So here is the problems this morning.

1) ran adaware, selected clean and here is the log

  Notes:  I was asked by emsisoft if I wanted to allow a program to run and exe.  I said no, and then adaware continued to clean and reboot.  I

  I did have real time protection and all the surft gaurds etc, turned off.

 

This is the error I received:  2015-04-03 7:27:35 AM    50356    C:\Windows\SysNative\netsh.exe    Blocked once by user    Behavior.AutorunCreation

 

Once completed and the computer reboot I was not able to use fire fox or chrome.  No internet connections.  the first window that popped up was an autorun window saying autoruns is disabled.

 

I ran rkil to make sure I could run JRT.  I still could not get on internet with chrome or firefox.  I was not tryin to run them while running JRT, I was checking to see if I had access or not and made sure they were shut down before running JRT.

 

2)  (Iknow I am repeating information) I made sure emsisoft and all other programs were not running and also checked task manager to ensure only JRT was running.  I ran Junkware tool.  As it ran I had another request to run and .exe, and I blocked it.  JRT was running and the command box cleared ater it gave me an error that I was not able to write down, and using the scroll button didn't help as there was nothing about the error command, and the error does not show up in the log.

 

here is the log:

3April2015AdwCleanerS4.txt3April2015Rkill.txtJRT.txt

 

so you have a clearer picture I exported the behaviour log of emsisoft (which remain 'turned off') I did uncheck real time protection and all other selections for surf guard etc.

 

BB_150403-084129.txt

 

I ran rkill once again as i still could not connect.

I check my internet connection with my tablet, and it was working.

I unplugged my router for a minute plugged it back in.  FF and Chrom still not connecting.

I opened up the network and share troubleshooter and ran it.  It made an adjustment and this is what was in the diagnostic window.

       1)  problem with wirelss adapter or acces point with a yellow traingle and exclamtion mark

       2)  one or more network protocalls are missing on this computer  then the fixed checkmark

      Firefox now worked, chrome still does not work.

 

 

i really need to finish some assignments before I do a windows repair as that took a long time the last time I did it, and I have now had to request an extention on some of my assignments, of which they gave me permission, or I would be failing my term.  I am at a critical point in school these next few days and as soon as all my assignments are complete I will do a reset unless this system fails me all toghether and I have no choice.

 

I realize you asked for all virus programs were off etc., and I did.  I had everything ticked to not run or detect and it still told me about the attempt for .exe, so I don't know what that means

I did wrong.

 

Everytime my computer has been rebooted lately I get the popup window that says autorun has been disabled.

Share this post


Link to post
Share on other sites

Delete all rules in the Behavior Blocker. Let's start over at the very beginning.

Run fresh scans with Emsisoft Emergency Kit (EEK) and FRST, attach the new EEK and FRST scans to your reply.

Share this post


Link to post
Share on other sites

a2scan_150404-090323.txt

 

I had no choice but to do a factory reinstallation of win 8.1.  I tried all the other options, I do have a USB win 8.1 recovery drive and the refresh was worse than what I had.  I had less access to help and non of the win apps would work.  non of them.  not pc settings, not any of them.

 

So I have a fresh install.  the first thing I did was run EEK.  I have uninstalled some of the programs I do not want with control panel.  I will uninstall the crap apps I do not want either.  It would be nice to have one place to uninstall this stuff instead of two.  If there is a way to let vendors know they are crap when they come uninvited to my pc I like to use it.  If you are a good, decent program, I will purchase it, not a chance in hell if you force your way into my life, no matter how good you are.  What is up with these people?  Can they really be that stupid?

Share this post


Link to post
Share on other sites

  1. Here is the Farbar

I found some of the results interesting, simply because this is suppose to be a factory reinstall, wipe out all my files reinstall of my system.

FRST.txt

Share this post


Link to post
Share on other sites

I cannot seem to open the FRST log you attached. Please attach a new copy to your reply.

Share this post


Link to post
Share on other sites

Okay.  All hell broke loose this am. FF no EI would work and emsisoft was non responsive, by that i mean I select eith the desktop icon, the taskbar icon, or select it from the search bar when you open that charm area to chhose a program.

 

Prior to this, last night and early this morning things seemed okay.  Then I typed in the name of my college incorrectly, and got a page saying the domain was for sale, and pc life was over.

 

My daughter came over today so I could use her computer, and she downloaded and installed Chrome. And showed me how to use 'the cloud' to do some of my school work so I don't lose it.  Chrome worked.  After she left, I ran adware.  It found a few things, and I did have four new programs installed on my pc.  They were highlighted in the win 8.1 tile window as four new programs installed.

 

I have not deleted anything.  Nor did I let adware clean anything.  I am attaching both logs.  What ever I have going on, I do not know what is triggering it.  I visit very few sites for the most part and I do need sites for school.  I am taking law, so you can imagine the many legal sites I need to use for shool, looking up case law etcetera.

 

Farbar just finished and I am attaching the log.  Again, I did not let anything clean anything.  Diagnostic Reports only.

 

April2015 AdwCleanerR4.txt

April2015 AdwCleanerR4.txt

FRST.txt

Share this post


Link to post
Share on other sites

Latest update is just stupid.  After doing a facotry reset a couple days ago, and you've seen my problems above, this morning I tried to download part of an assignment and got an error with the program that I was going to use it on.  I haven't installed wordperfect or office suite yet, and have just been using the microsoft 365 trial on the pc.  I figure there is no point installing my programs, as it takes some time, and then I'll have to do it all over again until I solve this pc problem.  I have to draft a lot of documents with specific legal formatting, so not having a reliable wordprocessor, is not an option.

 

I have been reading on the emsi site, that you all like a challenge, so I hope this is true.

Share this post


Link to post
Share on other sites

According to your logs your system is not infected. You are providing me with logs I did not ask for.

Run fresh scans with Emsisoft Emergency Kit (EEK) and FRST, attach the new EEK and FRST scans to your reply.

Share this post


Link to post
Share on other sites

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

HKLM-x32\...\RunOnce: [GrpConv] => grpconv -o
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3697784714-1533898605-4234074958-1001 -> {4B44DE15-5F8E-4550-ACC3-9A20DBE3AB05} URL = 
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
2015-04-04 17:23 - 2015-04-04 17:23 - 00000000 ____D () C:\Users\Public\Pokki
2015-04-04 17:22 - 2015-04-04 17:22 - 00002338 _____ () C:\Users\cynth_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-04-04 17:22 - 2015-04-04 17:22 - 00002167 _____ () C:\Users\cynth_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
2015-04-04 17:17 - 2015-04-06 08:11 - 00000000 ____D () C:\Users\cynth_000\AppData\Local\Pokki
2015-04-04 08:15 - 2015-04-04 08:15 - 00002334 _____ () C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-04-04 08:15 - 2015-04-04 08:15 - 00002163 _____ () C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
2015-04-04 08:09 - 2015-04-04 08:17 - 00000000 ____D () C:\Users\Cindy\AppData\Local\Pokki
2015-04-04 03:57 - 2015-04-04 03:57 - 00000000 ___HD () C:\$SysReset
2014-06-14 12:50 - 2014-06-14 12:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
C:\Users\Cindy\AppData\Local\Temp\AcerDocsSetup.exe
C:\Users\Cindy\AppData\Local\Temp\AcerPortalSetup.exe
Reg: reg delete "HKEY_USERS\S-1-5-21-3697784714-1533898605-4234074958-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM" /v "DISABLETASKMGR" /f
Reg: reg delete "HKEY_USERS\S-1-5-21-3697784714-1533898605-4234074958-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM" /v "DISABLEREGISTRYTOOLS" /f
Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system to restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.