URL:Mal - Threat skegnessasc.org ( SOLOVED )

system · 2017-10-13T09:25:11.000Z

Hello everyone! 8)

Ok, I’m facing with this problem for few days and I can not find any solution on Internet. I tried almost everything to do, but all attemps was unsuccessful… Avast, Malwarebyte, ADWCleaner can’t see the virus when scanning the whole pc. Also, pc was scanned in safe mod, nothing found. I installed spyhunter just to try to detect something and there is also nothing. I searched hidden files and folders, registry also but nothing… I don’t know what to do anymore and this is so anoying! POPUPS every 5 minutes, I cant handle this anymore. >:( :-X :-[ :-[ :-[ I also restarted to defaults my browsers.

Which file is trying to connect to this site? How to find it?

(see the immage)

If someone can help me, I’ll be glad to share the answer for this problem everywere on the internet, becouse I’m not the only one facing this kind of Threat.

Thanks in advance!
Have a nice day <3

polonus · 2017-10-13T09:35:51.000Z

It is a browser pop-up adware infection and BHO.

You could wait for a qualified remover here to help you get rid of it.

In the mean time read this background info: http://greatis.com/blog/search-redirecting-11/remove-skegnessasc-org.htm

and produce the files asked for here: https://forum.avast.com/index.php?topic=194892.0

polonus

Eddy · 2017-10-13T09:36:27.000Z

https://forum.avast.com/index.php?topic=53253

Pondus · 2017-10-13T09:40:51.000Z

Eddy post:3:

https://forum.avast.com/index.php?topic=53253

This link is old, use this >> https://forum.avast.com/index.php?topic=194892.0

system · 2017-10-14T14:22:32.000Z

Okay, here are my reports:

edit - maybe I should try to re-install Avast if you dont find anything? maybe something is stuck in program…

Pondus · 2017-10-14T15:30:31.000Z

skylltambura post:5:

Okay, here are my reports:

edit - maybe I should try to re-install Avast if you dont find anything? maybe something is stuck in program…

No, this has been reported many times before

Malware expert is notified, it may be some hours before he is online

dbrisendine · 2017-10-14T18:53:07.000Z

Open notepad by pressing the Windows Key + R Key, typing in Notepad in the Run dialog and then pressing Enter. Please copy the contents of the Code box below. To do this highlight the contents of the box by clicking [Select] next to Code: , then right click on any of the highlighted text and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt



Start::
CreateRestorePoint:
SearchAll: skegnessasc
End::

NOTE. It’s important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 by right clicking on the FRST64.exe file, selecting “Run as Administrator…”. The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show nothing (meaning there is no update found) and you can continue on. Press the Fix button just once and wait. The tool will create a restore point, process the script and ask for a restart of your system.

http://i1351.photobucket.com/albums/p785/dbreeze2/just%20stuff/Press%20the%20FIX%20button_zpsdd5zi3mt.png

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please attach it to your reply post. Also, tell me how your system is running now.

system · 2017-10-15T11:26:09.000Z

dbrisendine post:7:

Open notepad by pressing the Windows Key + R Key, typing in Notepad in the Run dialog and then pressing Enter. Please copy the contents of the Code box below. To do this highlight the contents of the box by clicking [Select] next to Code: , then right click on any of the highlighted text and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt
Start::
CreateRestorePoint:
SearchAll: skegnessasc
End::
NOTE. It’s important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 by right clicking on the FRST64.exe file, selecting “Run as Administrator…”. The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show nothing (meaning there is no update found) and you can continue on. Press the Fix button just once and wait. The tool will create a restore point, process the script and ask for a restart of your system.

http://i1351.photobucket.com/albums/p785/dbreeze2/just%20stuff/Press%20the%20FIX%20button_zpsdd5zi3mt.png

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please attach it to your reply post. Also, tell me how your system is running now.

Here you go
Everything is the same… Maybe I should try to reinstall Avast?

dbrisendine · 2017-10-15T22:14:06.000Z

Looks like one of the new commands in FRST is not quite steady yet: please do the following search and we will fix what we can.

Run a search with FRST.

Right click on FRST on your desktop and select “Run as Administrator…” When the tool opens click Yes to disclaimer.
Type skegnessasc into the Search Box.
Press the Search Registry button.
It will produce a log called search.txt or SearchReg.txt in the same directory the tool is run from.
Please attach the log file back here.

system · 2017-10-15T23:41:48.000Z

dbrisendine post:9:

Looks like one of the new commands in FRST is not quite steady yet: please do the following search and we will fix what we can.

Run a search with FRST.

Right click on FRST on your desktop and select “Run as Administrator…” When the tool opens click Yes to disclaimer.

Type skegnessasc into the Search Box.

Press the Search Registry button.

It will produce a log called search.txt or SearchReg.txt in the same directory the tool is run from.

Please attach the log file back here.

dbrisendine · 2017-10-16T02:46:15.000Z

Thank you for the logs; let’s get this removed now…

FIRST >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

KMPlayer
Popcorn Time

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.

SECOND >>>>

Open notepad by pressing the Windows Key + R Key, typing in Notepad in the Run dialog and then pressing Enter. Please copy the contents of the Code box below. To do this highlight the contents of the box by clicking [Select] next to Code: , then right click on any of the highlighted text and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt



Start::
CreateRestorePoint:
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-590644446-2722473739-3713286494-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
Startup: C:\Users\Mr Lexter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svhost.bat [2017-07-04] ()
C:\Users\Mr Lexter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svhost.bat
URLSearchHook: [S-1-5-21-590644446-2722473739-3713286494-1000] ATTENTION => Default URLSearchHook is missing
Toolbar: HKU\S-1-5-21-590644446-2722473739-3713286494-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-590644446-2722473739-3713286494-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -  No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mr Lexter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Chrome Media Router) - C:\Users\Mr Lexter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-26]
S3 cpuz138; \??\C:\Users\MRLEXT~1\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X] <==== ATTENTION
U3 idsvc; no ImagePath
S4 IUFileFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUFileFilter.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]
S3 RTTEAMPT; \SystemRoot\system32\DRIVERS\RtTeam620.sys [X]
S3 RTVLANPT; \SystemRoot\system32\DRIVERS\RtVlan620.sys [X]
C:\Users\MRLEXT~1\AppData\Local\Temp\cpuz138\cpuz138_x64.sys
C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUFileFilter.sys
C:\Windows\system32\drivers\Partizan.sys
C:\Winows\system32\DRIVERS\RtTeam620.sys
C:\Winows\system32\DRIVERS\RtVlan620.sys
C:\Users\Mr Lexter\AppData\Local\Tempzxp*
2017-10-08 22:21 - 2009-07-13 22:59 - 000703552 _____ (Electronic Arts Inc.) C:\Users\Mr Lexter\AppData\Local\Temp\AutoRun.exe
2017-10-08 22:21 - 2009-07-13 22:59 - 000703552 _____ (Electronic Arts Inc.) C:\Users\Mr Lexter\AppData\Local\Temp\AutoRunGUI.dll
2017-10-08 22:37 - 2017-10-14 09:32 - 000204800 _____ (Sony DADC Austria AG) C:\Users\Mr Lexter\AppData\Local\Temp\drm_dyndata_7400006.dll
2017-10-07 18:26 - 2004-08-18 10:37 - 000331776 _____ (Electronic Arts Inc.) C:\Users\Mr Lexter\AppData\Local\Temp\eauninstall.exe
2017-10-07 18:05 - 2004-08-18 10:33 - 001453843 ____R (Macromedia, Inc.) C:\Users\Mr Lexter\AppData\Local\Temp\First15.exe
2017-10-07 14:38 - 2017-05-24 08:56 - 000785464 _____ (BlueStack Systems, Inc.) C:\Users\Mr Lexter\AppData\Local\Temp\HD-Common.dll
2017-10-07 14:38 - 2017-05-24 08:57 - 000464952 _____ (BlueStack Systems, Inc.) C:\Users\Mr Lexter\AppData\Local\Temp\HD-InstallerUtils.dll
2017-10-07 14:38 - 2017-05-24 08:54 - 000187416 _____ (BlueStack Systems) C:\Users\Mr Lexter\AppData\Local\Temp\HD-LibraryHandler.dll
2017-10-07 14:38 - 2017-05-24 08:53 - 000246808 _____ (BlueStack Systems) C:\Users\Mr Lexter\AppData\Local\Temp\HD-Logger-Native.dll
2017-10-07 14:38 - 2017-05-24 08:56 - 000385080 _____ (BlueStack Systems, Inc.) C:\Users\Mr Lexter\AppData\Local\Temp\HD-Uninstaller.exe
2017-10-06 18:37 - 2004-08-18 10:34 - 000023040 ____R () C:\Users\Mr Lexter\AppData\Local\Temp\VP6Install.exe
2017-10-06 18:37 - 2004-08-18 10:34 - 000442368 ____R (On2.com) C:\Users\Mr Lexter\AppData\Local\Temp\VP6VFW.dll
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {1E089792-770B-4882-A35D-AAFC9370ED87} - \AVAST Software\Avast settings backup -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\update-S-1-5-21-590644446-2722473739-3713286494-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
C:\Program Files (x86)\Skillbrains
Hosts:
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
End::

NOTE. It’s important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 by right clicking on the FRST64.exe file, selecting “Run as Administrator…”. The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show nothing (meaning there is no update found) and you can continue on. Press the Fix button just once and wait. The tool will create a restore point, process the script and ask for a restart of your system.

https://s26.postimg.org/5cteyacft/Press_the_FIX_button.png

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please attach it to your reply post. Also, tell me how your system is running now.

system · 2017-10-17T09:35:55.000Z

dbrisendine post:11:

Thank you for the logs; let’s get this removed now…

FIRST >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

KMPlayer
Popcorn Time

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.

SECOND >>>>

Open notepad by pressing the Windows Key + R Key, typing in Notepad in the Run dialog and then pressing Enter. Please copy the contents of the Code box below. To do this highlight the contents of the box by clicking [Select] next to Code: , then right click on any of the highlighted text and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt
Start::
CreateRestorePoint:
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-590644446-2722473739-3713286494-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
Startup: C:\Users\Mr Lexter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svhost.bat [2017-07-04] ()
C:\Users\Mr Lexter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svhost.bat
URLSearchHook: [S-1-5-21-590644446-2722473739-3713286494-1000] ATTENTION => Default URLSearchHook is missing
Toolbar: HKU\S-1-5-21-590644446-2722473739-3713286494-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-590644446-2722473739-3713286494-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -  No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mr Lexter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Chrome Media Router) - C:\Users\Mr Lexter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-26]
S3 cpuz138; \??\C:\Users\MRLEXT~1\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X] <==== ATTENTION
U3 idsvc; no ImagePath
S4 IUFileFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUFileFilter.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]
S3 RTTEAMPT; \SystemRoot\system32\DRIVERS\RtTeam620.sys [X]
S3 RTVLANPT; \SystemRoot\system32\DRIVERS\RtVlan620.sys [X]
C:\Users\MRLEXT~1\AppData\Local\Temp\cpuz138\cpuz138_x64.sys
C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUFileFilter.sys
C:\Windows\system32\drivers\Partizan.sys
C:\Winows\system32\DRIVERS\RtTeam620.sys
C:\Winows\system32\DRIVERS\RtVlan620.sys
C:\Users\Mr Lexter\AppData\Local\Tempzxp*
2017-10-08 22:21 - 2009-07-13 22:59 - 000703552 _____ (Electronic Arts Inc.) C:\Users\Mr Lexter\AppData\Local\Temp\AutoRun.exe
2017-10-08 22:21 - 2009-07-13 22:59 - 000703552 _____ (Electronic Arts Inc.) C:\Users\Mr Lexter\AppData\Local\Temp\AutoRunGUI.dll
2017-10-08 22:37 - 2017-10-14 09:32 - 000204800 _____ (Sony DADC Austria AG) C:\Users\Mr Lexter\AppData\Local\Temp\drm_dyndata_7400006.dll
2017-10-07 18:26 - 2004-08-18 10:37 - 000331776 _____ (Electronic Arts Inc.) C:\Users\Mr Lexter\AppData\Local\Temp\eauninstall.exe
2017-10-07 18:05 - 2004-08-18 10:33 - 001453843 ____R (Macromedia, Inc.) C:\Users\Mr Lexter\AppData\Local\Temp\First15.exe
2017-10-07 14:38 - 2017-05-24 08:56 - 000785464 _____ (BlueStack Systems, Inc.) C:\Users\Mr Lexter\AppData\Local\Temp\HD-Common.dll
2017-10-07 14:38 - 2017-05-24 08:57 - 000464952 _____ (BlueStack Systems, Inc.) C:\Users\Mr Lexter\AppData\Local\Temp\HD-InstallerUtils.dll
2017-10-07 14:38 - 2017-05-24 08:54 - 000187416 _____ (BlueStack Systems) C:\Users\Mr Lexter\AppData\Local\Temp\HD-LibraryHandler.dll
2017-10-07 14:38 - 2017-05-24 08:53 - 000246808 _____ (BlueStack Systems) C:\Users\Mr Lexter\AppData\Local\Temp\HD-Logger-Native.dll
2017-10-07 14:38 - 2017-05-24 08:56 - 000385080 _____ (BlueStack Systems, Inc.) C:\Users\Mr Lexter\AppData\Local\Temp\HD-Uninstaller.exe
2017-10-06 18:37 - 2004-08-18 10:34 - 000023040 ____R () C:\Users\Mr Lexter\AppData\Local\Temp\VP6Install.exe
2017-10-06 18:37 - 2004-08-18 10:34 - 000442368 ____R (On2.com) C:\Users\Mr Lexter\AppData\Local\Temp\VP6VFW.dll
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {1E089792-770B-4882-A35D-AAFC9370ED87} - \AVAST Software\Avast settings backup -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\update-S-1-5-21-590644446-2722473739-3713286494-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
C:\Program Files (x86)\Skillbrains
Hosts:
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
End::
NOTE. It’s important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 by right clicking on the FRST64.exe file, selecting “Run as Administrator…”. The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show nothing (meaning there is no update found) and you can continue on. Press the Fix button just once and wait. The tool will create a restore point, process the script and ask for a restart of your system.

https://s26.postimg.org/5cteyacft/Press_the_FIX_button.png

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please attach it to your reply post. Also, tell me how your system is running now.

Okay, Pc works like new now. No skegnessasc anymore. You even fixed my startrup problem with svchost, and high disc percentage usage for one services. Thanks a lot! you rock!
And, can I download now KMPlayer and Popcorn Time, becouse they are everyday apps for me? Virus is now removed and apps should be safe for use now, I think?

dbrisendine · 2017-10-18T04:36:34.000Z

You can download and install the two programs again if you like. Please make sure you get them from the original source ( the OEM / vendor web site ) and not some file sharing site if possible. The the files should be fine to install.

After that, please re-scan your system with FRST64 and post the new logs here for my review. There may be some files that still need to be removed.

Start FRST64 by double clicking and allowing the software to run when the User Access Control asks (if it does).
When the tool opens click Yes to disclaimer. (if it does)
The tool will start to run and check for an update; please allow it to update and it will inform you when it is ready to run.
Select Additional.txt and 90 Days Files in the Optional Scans section of FRST64.
Press the Scan button.
It will make two logs (FRST.txt and addition.txt) in the same folder as FRST64 is run from. Please attach both here for my review.

system · 2017-10-18T12:11:13.000Z

dbrisendine post:13:

You can download and install the two programs again if you like. Please make sure you get them from the original source ( the OEM / vendor web site ) and not some file sharing site if possible. The the files should be fine to install.

After that, please re-scan your system with FRST64 and post the new logs here for my review. There may be some files that still need to be removed.
Start FRST64 by double clicking and allowing the software to run when the User Access Control asks (if it does).
When the tool opens click Yes to disclaimer. (if it does)
The tool will start to run and check for an update; please allow it to update and it will inform you when it is ready to run.
Select Additional.txt and 90 Days Files in the Optional Scans section of FRST64.
Press the Scan button.
It will make two logs (FRST.txt and addition.txt) in the same folder as FRST64 is run from. Please attach both here for my review.

FRST tool is constantly restarting and updating after new update released. New update came today 7am, so I’ll wait for them to fix this. I can’t use older version becouse automatic update of program. Anyway, I installed popcorn time and kmplayer and scanned with avast, no suspicious files found. Also run boot scan last night. Everything is okay. I wiil send you logs when I could use app. Have a nice day and thank you for help!

dbrisendine · 2017-10-18T14:40:44.000Z

FRST should be updated: latest version I just received was 18-10-2017.

system · 2017-10-18T17:44:13.000Z

dbrisendine post:15:

FRST should be updated: latest version I just received was 18-10-2017.

The Tool is working now. Here you go:

dbrisendine · 2017-10-19T07:19:04.000Z

Let’s take care of some leftover files …

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[b] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/b]
Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

Please close any other programs you are using and save your work / files. The FRST script will close all unneeded processes and then reboot the system (if needed) when finished.
- Right-click on
  https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
  icon and select
  https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
- Press the Fix button just once and wait.
- If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
- When finished FRST will generate a log on the Desktop, called Fixlog.txt.
  Please attach it to your reply.

system · 2017-10-19T08:39:56.000Z

dbrisendine post:17:

Let’s take care of some leftover files …

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[b] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/b]
Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

Please close any other programs you are using and save your work / files. The FRST script will close all unneeded processes and then reboot the system (if needed) when finished.

Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).

Press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please attach it to your reply.

Here you go

dbrisendine · 2017-10-20T05:48:56.000Z

That looks great! Unless you need anything else, we are done now!

Clean up of Malware Removal Tools
Now that we are through using these tools, let’s clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.

[]Download Delfix from here to your desktop and double click it to start the program
[*]Ensure Remove disinfection tools is ticked
Also tick:
[]Create registry backup
[*]Purge system restore

https://s26.postimg.org/kbyc61th5/Del_Fix_Standard_Selection.png

[*]Click Run
[*]The program will run for a few moments and then notepad will open with a log. Note: Please save this log first before rebooting your system (if asked to); DelFix does not save the log as it is trying to remove all traces of our work on your system. Please attach the log in your next reply.

You can delete any log files left on your desktop as these are no longer needed.

system · 2017-10-20T08:41:44.000Z

dbrisendine post:19:

That looks great! Unless you need anything else, we are done now!

Clean up of Malware Removal Tools
Now that we are through using these tools, let’s clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.

[]Download Delfix from here to your desktop and double click it to start the program
[*]Ensure Remove disinfection tools is ticked
Also tick:
[]Create registry backup
[*]Purge system restore

https://s26.postimg.org/kbyc61th5/Del_Fix_Standard_Selection.png

[*]Click Run
[*]The program will run for a few moments and then notepad will open with a log. Note: Please save this log first before rebooting your system (if asked to); DelFix does not save the log as it is trying to remove all traces of our work on your system. Please attach the log in your next reply.

You can delete any log files left on your desktop as these are no longer needed.

Thats it

Announcements