Page 3 of 17 FirstFirst 1234513 ... LastLast
  1.    16 Nov 2015 #21
    Join Date : Sep 2015
    Posts : 66
    Windows 10
    Thread Starter

    For simrick: Nov. 16 at 2:00 pm


    I'm posting what I have done so far.

    I don't know if the LogFile Attachments remained attached because the only way I could conclude the attachment process was to click on the X, and there is no indication in my post that there are attachments.

    What does BP mean?

    1/ I created a System Restore Point: Begin Cleaning

    2/ I ran RKill (I attached the LogFile with Attachment.)

    3/ Before I could run TDSS Killer, Malwarebytes posted a Notification: it said that threats were detected and that I should run a scan. I ran the scan, and 406 threats were listed, some as potential threats, and 9 as definite threats. I list the 9 definite threats here:
    1. NowUSeeIt Player
    2. RootKit.Komodia.pup
    3. Trojan.Agent
    4. RootKit.Agent.A
    5. Trojan.Symmi
    6. Adware.PennyBee.WnskRST
    7. Trojan.Downloader
    8. Adware.SilentInstaller
    9. Adware.Imali

    After I did the Malwarebytes Remove, NowUSeeIt Player was still listed under programs and it still resists being uninstalled.
    After I did the Malwarebytes, "Healer Console" did not appear at booting-up.
    Also: www-searching.com still appears as the browser when I click on Microsoft Edge. The ************ (r e i m a g e.com) ad still appears in the middle of the screen and when I click on "No," the full-screen ad for some Windows 10 repair software appears.

    4/ I then ran TDSS Killer. (I attached the LogFile with Attachment; it's 60 kb long.) The result was that no threats were detected.

    I'll start working on the remaining items in the list you sent me.
      My ComputerSystem Spec
  2.    16 Nov 2015 #22
    Join Date : Apr 2015
    Posts : 12,996
    W10Prox64

    Quote Originally Posted by Writer View Post
    I'm posting what I have done so far.

    I don't know if the LogFile Attachments remained attached because the only way I could conclude the attachment process was to click on the X, and there is no indication in my post that there are attachments.

    Nothing is attached. Please see instructions here:
    Screenshots and Files - Upload and Post in Ten Forums - Windows 10 Forums


    Quote Originally Posted by Writer View Post
    What does BP mean?
    Bleeping Computer (Meant to write BC)

    Quote Originally Posted by Writer View Post
    1/ I created a System Restore Point: Begin Cleaning

    2/ I ran RKill (I attached the LogFile with Attachment.)

    3/ Before I could run TDSS Killer, Malwarebytes posted a Notification: it said that threats were detected and that I should run a scan. I ran the scan, and 406 threats were listed, some as potential threats, and 9 as definite threats. I list the 9 definite threats here:
    1. NowUSeeIt Player
    2. RootKit.Komodia.pup
    3. Trojan.Agent
    4. RootKit.Agent.A
    5. Trojan.Symmi
    6. Adware.PennyBee.WnskRST
    7. Trojan.Downloader
    8. Adware.SilentInstaller
    9. Adware.Imali

    After I did the Malwarebytes Remove, NowUSeeIt Player was still listed under programs and it still resists being uninstalled.
    After I did the Malwarebytes, "Healer Console" did not appear at booting-up.
    Also: www-searching.com still appears as the browser when I click on Microsoft Edge. The ************ (r e i m a g e.com) ad still appears in the middle of the screen and when I click on "No," the full-screen ad for some Windows 10 repair software appears.

    4/ I then ran TDSS Killer. (I attached the LogFile with Attachment; it's 60 kb long.) The result was that no threats were detected.

    I'll start working on the remaining items in the list you sent me.
    Yes,please upload all those logs so I can evaluate. Thanks ;-)
      My ComputerSystem Spec
  3.    16 Nov 2015 #23
    Join Date : Apr 2015
    Posts : 12,996
    W10Prox64

    @Writer Was MBAM (Malwarebytes) able to successfully remove everything it found or did you get an error?
    Did it have you reboot? If so, did you run RKILL once again (everything RKILL does is undone upon reboot).
      My ComputerSystem Spec
  4.    16 Nov 2015 #24
    Join Date : Sep 2015
    Posts : 66
    Windows 10
    Thread Starter

    For simrick Nov. 16, 3:45 pm


    I'll try to attach the LogFiles:
    Rkill 2 11-16-2015.docx
    TDSS Killer 11-16-2015.docx
    I hope that did it; let me know.

    Malwarebytes was able to delete "Healer Console," which was listed only as a "potential threat."
    Malwarebytes was not able to delete "NowUSeeIt Player," which was listed as a definite threat.
    Malwarebytes did not list www-searching.com as a threat, and it still comes up as the browser.

    I did not get an error response from Malwarebytes; it said that it had removed all of the threats. I was not able to see all of the threats it had listed; I only knew about "Healer Console" and "NowUSeeIt."

    I did reboot after Malwarebytes was finished. I'll post this first, then I'll run RKill again.

    I started the scan for "Junk Removal Tool." It ran for about 45 minutes, but was not showing any progress. Does it take that long? The only message I got from the Administrator was the two short lines below:

    Checking for Update
    An Update was found...Please wait

    I'll wait till I hear from you before I start to run Junk Removal Tool again.
      My ComputerSystem Spec
  5.    16 Nov 2015 #25
    Join Date : Sep 2015
    Posts : 66
    Windows 10
    Thread Starter

    For simrick


    Here is the latest LogFile for RKill done at 4:10 pm on November 16, 2015

    RKill 3 11-16-2015 4.10 pm.docx

    Here is the latest LogFile for AdwCleaner done at 4:45 pm on November 16, 2015

    AdwCleaner v1 C4.docx

    After the AdwCleaner Scan, it performed a "Reboot."
    Last edited by Writer; 16 Nov 2015 at 16:50.
      My ComputerSystem Spec
  6.    16 Nov 2015 #26
    Join Date : Apr 2015
    Posts : 12,996
    W10Prox64

    Thank you. I will need some time to review the logs. In the meantime, please run Junkware Removal Tool again, and wait a while. It can take some time, depending on your system.

    EDIT: Make sure you have first run RKILL and that your A/V is shut off.
    Also, please go into MBAM>History>Application Logs>and select SCAN LOG for today's date. Click on it, and select EXPORT in the bottom-left and attach that here as well.
    Thanks.
      My ComputerSystem Spec
  7.    16 Nov 2015 #27
    Join Date : Sep 2015
    Posts : 66
    Windows 10
    Thread Starter

    For simrick


    You would like that I run the "ESET" Online Scan: Where is this, and what does ESET mean?

    Concerning shutting down anti-virus software: This must mean Microsoft Defender; how do I find it?
    Is Malwarebytes Anti-Malware also considered to be part of my anti-virus software?

    I'll start running Junkware Removal Tool again.
      My ComputerSystem Spec
  8.    16 Nov 2015 #28
    Join Date : Apr 2015
    Posts : 12,996
    W10Prox64

    Quote Originally Posted by Writer View Post
    You would like that I run the "ESET" Online Scan: Where is this, and what does ESET mean?

    Concerning shutting down anti-virus software: This must mean Microsoft Defender; how do I find it?
    Is Malwarebytes Anti-Malware also considered to be part of my anti-virus software?

    I'll start running Junkware Removal Tool again.
    ESET instructions begin at the bottom of this post, and continue in my next following post.

    Windows Defender: Type Defender in the search box at the bottom left>select Windows Defender Desktop App>click on settings in the top-right; a new window opens called update & security. See "Real-time protection" tick the dot to turn it off. Leave this box open so you can turn it back on when finished.

    If JRT doesn't do anything again, after another 30 minutes, just cancel it. The update is probably being blocked by the malware.
      My ComputerSystem Spec
  9.    16 Nov 2015 #29
    Join Date : Sep 2015
    Posts : 66
    Windows 10
    Thread Starter

    For simrick


    Junkware Removal Tool ran fast this time: it finished in 6 minutes. The LogFile is below:

    Junkware Removal Tool 11-16-2015 5.08 pm.docx

    I'll start working on ESET shortly.
      My ComputerSystem Spec
  10.    16 Nov 2015 #30
    Join Date : Apr 2015
    Posts : 12,996
    W10Prox64

    Your first RKILL log

    Rkill 2.8.2 by Lawrence Abrams (Grinler)
    BleepingComputer.com - News, Reviews, and Technical Support
    Copyright 2008-2015 BleepingComputer.com
    More Information about Rkill can be found at this link:
    RKill - What it does and What it Doesnt - A brief introduction to the program - Anti-Virus and Anti-Malware Software
    Program started at: 11/16/2015 11:51:52 AM in x86 mode.
    Windows Version: Windows 10 Home
    Checking for Windows services to stop:
    * No malware services found to stop.
    Checking for processes to terminate:
    * No malware processes found to kill.
    Checking Registry for malware related settings:
    * No issues found in the Registry.
    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
    Performing miscellaneous checks:
    * Windows Defender Disabled
    [HKLM\SOFTWARE\Policies\Microsoft\Windows Defender]
    "DisableAntiSpyware" = dword:00000001


    Your 2nd RKILL Log

    Rkill 2.8.2 by Lawrence Abrams (Grinler)
    BleepingComputer.com - News, Reviews, and Technical Support
    Copyright 2008-2015 BleepingComputer.com
    More Information about Rkill can be found at this link:
    RKill - What it does and What it Doesnt - A brief introduction to the program - Anti-Virus and Anti-Malware Software
    Program started at: 11/16/2015 04:08:35 PM in x86 mode.
    Windows Version: Windows 10 Home
    Checking for Windows services to stop:
    * No malware services found to stop.
    Checking for processes to terminate:
    * No malware processes found to kill.
    Checking Registry for malware related settings:
    * No issues found in the Registry.
    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
    Performing miscellaneous checks:
    * Windows Defender Disabled
    [HKLM\SOFTWARE\Policies\Microsoft\Windows Defender]
    "DisableAntiSpyware" = dword:00000001

    Checking Windows Service Integrity:
    * b06bdrv [Missing Service]
    * ebdrv [Missing Service]
    * iaLPSSi_GPIO [Missing Service]
    * iaLPSSi_I2C [Missing Service]
    * ibbus [Missing Service]
    * ksthunk [Missing Service]
    * mlx4_bus [Missing Service]
    * ndfltr [Missing Service]
    * PerfHost [Missing Service]
    * vpci [Missing Service]
    * WinMad [Missing Service]
    * WinVerbs [Missing Service]

    (I believe these are a glitch in the RKILL program - nothing to worry about)


    * CompositeBus => \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_x86_a4832450a7024d49\CompositeBus.s ys [Incorrect ImagePath]
    * gpsvc => %windir%\system32\svchost.exe -k GPSvcGroup [Incorrect ImagePath]
    * NetTcpPortSharing => %systemroot%\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [Incorrect ImagePath]
    * swenum => \SystemRoot\System32\DriverStore\FileRepository\swenum.inf_x86_b6707c73599dd1b6\swenum.sys [Incorrect ImagePath]

    * PrintNotify => C:\WINDOWS\system32\spool\drivers\W32X86\3\PrintConfig.dll [Incorrect ServiceDLL]
    Searching for Missing Digital Signatures:
    * No issues found.
    Checking HOSTS File:
    * No issues found.

    Program finished at: 11/16/2015 04:10:03 PM
    Execution time: 0 hours(s), 1 minute(s), and 28 seconds(s)

    Your TDSSKiller log

    13:29:25.0610 0x0c90 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.8.10240.16384 ), 0x60100 ( disabled : updated )

    Your ADWCleaner log

    # AdwCleaner v5.021 - Logfile created 16/11/2015 at 16:41:40
    # Updated 14/11/2015 by Xplode
    # Database : 2015-11-13.3 [Server]
    # Operating system : Windows 10 Home (x86)
    # Username : User - USER-PC
    # Running from : C:\Users\User\Downloads\AdwCleaner.exe
    # Option : Cleaning
    # Support : Forum - ToolsLib
    ***** [ Services ] *****

    ***** [ Folders ] *****

    ***** [ Files ] *****

    ***** [ DLLs ] *****

    ***** [ Shortcuts ] *****

    ***** [ Scheduled tasks ] *****

    ***** [ Registry ] *****
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9563BC59-9556-4805-8CD4-886781779D8D}

    So, let's see how it goes with yout JRT and ESET scans.
    We may need to run Malwarebytes AntiRootkit next after them.

    (I'm sorry, but you were terribly infected - once one thing got on the system, it started bringing all kinds of other stuff in. I will be interested to see your MBAM logfile.)

    Instructions from BC:

    Download Malwarebytes Anti-Rootkit to your desktop.

    • Double-click "mbar.exe" to start the tool.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Click in the introduction screen "next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"


      My ComputerSystem Spec

 
Page 3 of 17 FirstFirst 1234513 ... LastLast


Similar Threads
Thread Forum
BEST Anti-Virus for Windows 10 Pro ??
I have been using Norton Anti-Virus for 10 years and Norton Security the past 3 years !! I actually bought a 3-User pack on a Super Sale Price (from Norton). My Wife uses on and I have one "unused" !! Since I Upgraded to WINDOWS 10 PRO I find...
AntiVirus, Firewalls and System Security
Malware or Virus?
I usually use downmagz.com to download magazines. Today, I went to there to get some mags and when I went to the download page I got a popup that said CableONE has blocked the website. Clicked OK and then a page came up with a blue screen and...
AntiVirus, Firewalls and System Security
Solved ?Question about virus behavior.
Hi all, story; I got a virus about 6 months ago,,around then,, I had a pro-virus program, and it found virus after virus,after virus,,,,uhh infected files,,, my question is; why didnt the virus program kill the "source of the virus"? was i...
AntiVirus, Firewalls and System Security
Help with a virus
Hi everyone, So here is my issue, I installed some software but it turned out to be a fake version of that software. It installed a ton of bloat and popups and all of that. When ever I uninstalled the software it would reinstall itself and it was a...
AntiVirus, Firewalls and System Security
VIRUS TOTAL Bookmarked
While Miles was helping some one in Eight Forums he made a recommendation for the user to scan a URL with an online scanner. An then it came to me, I should have Virus Total bookmarked. https://virustotalcloud.appspot.com/static/img/logo.png ...
AntiVirus, Firewalls and System Security
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 14:09.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums