AdvancedSetup

Root Admin
  • Content count

    62,785
  • Joined

  • Last visited

6 Followers

About AdvancedSetup

  • Rank
    Staff

Contact Methods

  • Website URL
    http://www.malwarebytes.org

Profile Information

  • Location
    US

Recent Profile Visitors

322,607 profile views
  1. Are you still with us? This topic will be closed soon if we do not hear back from you.
  2. Hello and Please read the following and post back the logs when ready and we'll see about getting you cleaned up. Before we proceed further, please read all of the following instructions carefully. If there is anything that you do not understand kindly ask before proceeding. If needed, please print out these instructions. Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text. If the log is too large, then you can use attachments by clicking on the More Reply Options button. Please enable your system to show hidden files: How to see hidden files in Windows Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly Removing malware can be unpredictable, it is unlikely, but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. The removal of malware is not instantaneous; please be patient. Often we are also in a different Time Zone. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. You can check here if you're not sure if your computer is 32-bit or 64-bit Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. When we are done, I'll give you instructions on how to clean up all the tools and logs Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. Your topic will be closed if you haven't replied within 3 days (If I have not responded within 24 hours, please send me a Private Message as a reminder) STEP 01 RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes so that your normal security software can then run and clean your computer of infections. When RKill runs, it will kill malware processes and then removes incorrect executable associations and fixes policies that stop us from using certain tools. When finished it will display a log file that shows the processes that were terminated while the program was running. As RKill only terminates a program's running process and does not delete any files, after running it, you should not reboot your computer as any malware processes that are configured to start automatically will just be started again. Instead, after running RKill, you should immediately scan your computer using the requested scans I've included. Please download Rkill by Grinler from one of the links below and save it to your desktop. Link 1 | Link 2 On Windows XP Double-click on the Rkill desktop icon to run the tool. On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator A black DOS box will briefly flash and then disappear, this is normal and indicates the tool ran successfully. If not, delete the file, then download and use the one provided in Link 2. If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs. If the tool does not run from any of the links provided, please let me know. Do not reboot the computer; you will need to run the application again. STEP 02 Please run a Threat Scan with MBAM. If you're unable to run or complete the scan as shown below, please see the following: MBAM Clean Removal Process 2x When reinstalling the program, please try the latest version. Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware. Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
  3. Hello and Please read the following and post back the logs when ready and we'll see about getting you cleaned up. Before we proceed further, please read all of the following instructions carefully. If there is anything that you do not understand kindly ask before proceeding. If needed, please print out these instructions. Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text. If the log is too large, then you can use attachments by clicking on the More Reply Options button. Please enable your system to show hidden files: How to see hidden files in Windows Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly Removing malware can be unpredictable, it is unlikely, but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. The removal of malware is not instantaneous; please be patient. Often we are also in a different Time Zone. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. You can check here if you're not sure if your computer is 32-bit or 64-bit Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. When we are done, I'll give you instructions on how to clean up all the tools and logs Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. Your topic will be closed if you haven't replied within 3 days (If I have not responded within 24 hours, please send me a Private Message as a reminder) STEP 01 RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes so that your normal security software can then run and clean your computer of infections. When RKill runs, it will kill malware processes and then removes incorrect executable associations and fixes policies that stop us from using certain tools. When finished it will display a log file that shows the processes that were terminated while the program was running. As RKill only terminates a program's running process and does not delete any files, after running it, you should not reboot your computer as any malware processes that are configured to start automatically will just be started again. Instead, after running RKill, you should immediately scan your computer using the requested scans I've included. Please download Rkill by Grinler from one of the links below and save it to your desktop. Link 1 | Link 2 On Windows XP Double-click on the Rkill desktop icon to run the tool. On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator A black DOS box will briefly flash and then disappear, this is normal and indicates the tool ran successfully. If not, delete the file, then download and use the one provided in Link 2. If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs. If the tool does not run from any of the links provided, please let me know. Do not reboot the computer; you will need to run the application again. STEP 02 Please run a Threat Scan with MBAM. If you're unable to run or complete the scan as shown below, please see the following: MBAM Clean Removal Process 2x When reinstalling the program, please try the latest version. Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware. Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
  4. That was very minor stuff and should not be causing that much trouble on your computer. Let me have you try to run the following. User Normal Mode if possible. If not then try Safe Mode. Please restart the computer first and then run the following steps and post back the logs when ready. STEP 03 Please download Junkware Removal Tool to your desktop. Shutdown your antivirus to avoid any conflicts. Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP. The tool will open and start scanning your system. Please be patient as this can take a while to complete. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next reply message When completed make sure to re-enable your antivirus STEP 04 Let's clean out any adware now: (this will require a reboot so save all your work) Please download AdwCleaner by Xplode and save to your Desktop. Double click on AdwCleaner.exe to run the tool. Vista / Windows 7/8 users right-click and select Run As Administrator Click on the Scan button. AdwCleaner will begin...be patient as the scan may take some time to complete. When it's done, you'll see: Pending: Please uncheck elements you don't want to be removed. Now click on the Report button and a logfile (AdwCleaner[R0].txt) will open in Notepad for review. Look at the log especially under Files/Folders for any program you want to save. If there's a program you may want to save, just uncheck it from AdwCleaner. If you're not sure, post the log for review. (all items found are adware/spyware/foistware) If you're ready to clean it all up, click the Clean button. After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically. Copy and paste the contents of that logfile in your next reply. A copy of that logfile will also be saved in the C:\AdwCleaner folder. Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine To restore an item that has been deleted: Go to Tools > Quarantine Manager > check what you want to be restored > now click on Restore. STEP 05 Download Sophos Free Virus Removal Tool and save it to your desktop. Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View Log file (bottom left-hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found, please confirm that result. STEP 06 Please download the Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens, click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here. Please attach the Additions.txt log to your reply as well. Thanks
  5. Very well could be true. Hope you find some resolution. We'll probably close the topic in about a week, but let us know if you do get resolution. Take care Ron
  6. No problem, we're not done yet. Let me have you run the following please. Please restart the computer first and then run the following steps and post back the logs when ready. STEP 01 Please download Junkware Removal Tool to your desktop. Shutdown your antivirus to avoid any conflicts. Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP. The tool will open and start scanning your system. Please be patient as this can take a while to complete. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next reply message When completed make sure to re-enable your antivirus STEP 02 Let's clean out any adware now: (this will require a reboot so save all your work) Please download AdwCleaner by Xplode and save to your Desktop. Double click on AdwCleaner.exe to run the tool. Vista / Windows 7/8 users right-click and select Run As Administrator Click on the Scan button. AdwCleaner will begin...be patient as the scan may take some time to complete. When it's done, you'll see: Pending: Please uncheck elements you don't want to be removed. Now click on the Report button and a logfile (AdwCleaner[R0].txt) will open in Notepad for review. Look at the log especially under Files/Folders for any program you want to save. If there's a program you may want to save, just uncheck it from AdwCleaner. If you're not sure, post the log for review. (all items found are adware/spyware/foistware) If you're ready to clean it all up, click the Clean button. After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically. Copy and paste the contents of that logfile in your next reply. A copy of that logfile will also be saved in the C:\AdwCleaner folder. Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine To restore an item that has been deleted: Go to Tools > Quarantine Manager > check what you want to be restored > now click on Restore. STEP 03 Download Sophos Free Virus Removal Tool and save it to your desktop. Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View Log file (bottom left-hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found, please confirm that result. STEP 04 Please download the Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens, click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here. Please attach the Additions.txt log to your reply as well. Thanks
  7. Okay, we'll run some other rootkit scans just to be sure. Please download the following scanner from Kaspersky and save it to your computer: TDSSkiller Then watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller. PC Winvids - How to run Kaspersky TDSSKiller If any infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection. Once the tool has completed scanning make sure to re-enable your other security applications. Next, Please download Malwarebytes Anti-Rootkit from HERE If needed there is a self help tutorial here: MBAR tutorial Unzip the contents to a folder in a convenient location. Open the folder where the contents were unzipped and run mbar.exe Follow the instructions in the wizard to update and allow the program to scan your computer for threats. Click on the Cleanup button to remove any threats and reboot if prompted to do so. Wait while the system shuts down and the cleanup process is performed. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process. When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
  8. No problem @Jettypile let's go ahead and run some other scans and cleanup routines. Please restart the computer first and then run the following steps and post back the logs when ready. STEP 01 Please download Junkware Removal Tool to your desktop. Shutdown your antivirus to avoid any conflicts. Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP. The tool will open and start scanning your system. Please be patient as this can take a while to complete. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next reply message When completed make sure to re-enable your antivirus STEP 02 Let's clean out any adware now: (this will require a reboot so save all your work) Please download AdwCleaner by Xplode and save to your Desktop. Double click on AdwCleaner.exe to run the tool. Vista / Windows 7/8 users right-click and select Run As Administrator Click on the Scan button. AdwCleaner will begin...be patient as the scan may take some time to complete. When it's done, you'll see: Pending: Please uncheck elements you don't want to be removed. Now click on the Report button and a logfile (AdwCleaner[R0].txt) will open in Notepad for review. Look at the log especially under Files/Folders for any program you want to save. If there's a program you may want to save, just uncheck it from AdwCleaner. If you're not sure, post the log for review. (all items found are adware/spyware/foistware) If you're ready to clean it all up, click the Clean button. After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically. Copy and paste the contents of that logfile in your next reply. A copy of that logfile will also be saved in the C:\AdwCleaner folder. Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine To restore an item that has been deleted: Go to Tools > Quarantine Manager > check what you want to be restored > now click on Restore. STEP 03 Download Sophos Free Virus Removal Tool and save it to your desktop. Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View Log file (bottom left-hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found, please confirm that result. STEP 04 Please download the Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens, click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here. Please attach the Additions.txt log to your reply as well. Thanks
  9. Windows 10 Anniversary Update Deleted a Whole Physical Disk https://www.reddit.com/r/sysadmin/comments/4vycur/windows_10_anniversary_update_deleted_a_whole/ Windows 10 Anniversary Update ... we're screwed https://www.reddit.com/r/sysadmin/comments/4zpbx7/windows_10_anniversary_update_were_screwed/ Workarounds for Windows 10 Anniversary Removed GPOs https://www.reddit.com/r/sysadmin/comments/4w0saz/workarounds_for_windows_10_anniversary_removed/ The case against Windows 10 Anniversary Update grows http://www.infoworld.com/article/3104389/microsoft-windows/the-case-against-windows-10-anniversary-update-grows.html One Year Later: Did Microsoft Listen to Windows 10 Complaints? http://www.howtogeek.com/264273/one-year-later-did-microsoft-listen-to-windows-10-complaints/ Stuck installing the Windows 10 Anniversary Update? Here we show you the most common problems and how to fix them. http://www.windowscentral.com/windows10-anniversary-update-common-problems-how-fix Microsoft fixes Windows 10's Anniversary Update freezing http://www.pcworld.com/article/3114706/windows/microsoft-fixes-windows-10s-anniversary-update-freezing.html Microsoft fixes PowerShell problem caused by Windows 10 Anniversary update http://www.zdnet.com/article/microsoft-fixes-powershell-problem-caused-by-windows-10-anniversary-update/ Watchdog On Three: Windows 10 #FAIL - are you due compensation? http://www.bbc.co.uk/bbcthree/item/f6660f2c-6c38-4522-b77a-c0e5e85f9858
  10. Yes, there is not doubt that the Windows 10 AU brought a lot of problems. If you search on Google you'll find thousands of pages of complaints and programs that used to work that no longer work, etc. Reddit has admin pages full of varying different complaints. Just one example that I too ran into with an external 8TB drive. Rolling back fixed it. To this day I'm still not running updates. I've disabled the service until Microsoft reaches a point where these type of errors are actually fixed. https://www.reddit.com/r/sysadmin/comments/4vycur/windows_10_anniversary_update_deleted_a_whole/ For the slowness as you explain I've never had personally. You're speaking of just normal file downloads which makes no sense as they're not associated any differently than other programs when downloading. Not until ran or fully downloaded would software possibly treat it differently. I don't have any evidence that Windows 10 either before or after the AU, changes download speeds for web browser downloads. I'll check with our QC Team and see if they have any reports they're working on with regards to that but I wouldn't think so.
  11. I know the db size does fluctuate and the region of the world you're in varies and scripts try to determine where you're located in order to get you to the closest server. However sometimes that detection is wrong and you may get sent to a server that is much slower. Not much can be done about that as it's automated from the CDN (Content Delivery Network). As long as it's updating without failures that's a bit more important. Personally I don't run manual scans or manual updates. I set mine to auto update every 4 hours. Haven't paid much attention to how it it takes to download. When I do check it periodically it's always up to date. I do a scheduled scan once a week, but mainly because I set it for testing and feedback in support. With live protection from MBAM and my antivirus as well as some other security practices, I don't see the need to do a real scan more than maybe once a month for myself. Of course depending on what you do with your computer and what type of sites you may visit on a frequent basis then a daily scan might be good for you. If there is something else I can assist you with please let me know. At this time just don't think there is much we can do about a slow update process. The log says you did have a failure to update due to unable to reach the server. That would need some network testing and possibly network sniffing to determine why or what prevented the connection to the update server.
  12. If everything is working then please explain what it is you're looking for. Thanks
  13. You can also download and run this tool to get a log of the Events for CHKDSK ListChkdskResult by SleepyDude
  14. All CHKDSK scan logs are stored in the Event Logs. In order to do a FULL disk check one must select the /r switch to Locates bad sectors and recovers readable information. The following article shows how to run the Full Disk Check with the /r switch. How to Scan & Fix Hard Drives with CHKDSK in Windows 10 How to Read Event Viewer Log for Chkdsk (Check Disk) in Windows 10 Basically from an elevated admin command prompt you'd type: CHKDSK C: /R Then press the Enter key, then press the Y key to run after a restart. Then restart your computer and let it run. Then attach the log results here. Next, run a temporary file cleaner. Please Run TFC by OldTimer to clear temporary files: Download TFC from here and save it to your desktop. http://oldtimer.geekstogo.com/TFC.exe Close any open programs and Internet browsers. Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning. Please be patient as clearing out temp files may take a while. Once it completes you may be prompted to restart your computer, please do so. Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.
  15. Please restart the computer first and then run the following steps and post back the logs when ready. STEP 01 Please download Junkware Removal Tool to your desktop. Shutdown your antivirus to avoid any conflicts. Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP. The tool will open and start scanning your system. Please be patient as this can take a while to complete. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next reply message When completed make sure to re-enable your antivirus STEP 02 Let's clean out any adware now: (this will require a reboot so save all your work) Please download AdwCleaner by Xplode and save to your Desktop. Double click on AdwCleaner.exe to run the tool. Vista / Windows 7/8 users right-click and select Run As Administrator Click on the Scan button. AdwCleaner will begin...be patient as the scan may take some time to complete. When it's done, you'll see: Pending: Please uncheck elements you don't want to be removed. Now click on the Report button and a logfile (AdwCleaner[R0].txt) will open in Notepad for review. Look at the log especially under Files/Folders for any program you want to save. If there's a program you may want to save, just uncheck it from AdwCleaner. If you're not sure, post the log for review. (all items found are adware/spyware/foistware) If you're ready to clean it all up, click the Clean button. After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically. Copy and paste the contents of that logfile in your next reply. A copy of that logfile will also be saved in the C:\AdwCleaner folder. Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine To restore an item that has been deleted: Go to Tools > Quarantine Manager > check what you want to be restored > now click on Restore. STEP 03 Download Sophos Free Virus Removal Tool and save it to your desktop. Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View Log file (bottom left-hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found, please confirm that result. STEP 04 Please download the Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens, click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here. Please attach the Additions.txt log to your reply as well. Thanks