Welcome to WindowsInstructed Forums

Welcome to the WindowsInstructed Forums

Sign-up for an account today to receive free malware removal help. Personal Windows help and much more. Or continue as a guest and ask any question you would like to ask us! Please do remember that being a member you get advantages like notifications of replies and faster replies from most members. Also members don't see ads ;) 

We hope to help you with your issues.

The WindowsInstructed Forums Staff

Kris

Forum Moderator
  • Content count

    2,319
  • Joined

  • Last visited

Everything posted by Kris

  1. Can you turn the machine off then back on by holding the power button. Then perform a system restore from the recovery console.
  2. ZHP Diag Scan Download ZHP Diag to your desktop. 1. Right Click Run as Admin. 2. Click the Options button. Click on Check All Then Click Validate Then click close. 2. Click the Scanner button. When complete please push the report button. A notepad will open... copy and paste the report in your next reply.
  3. Download the Ultimate Boot CD for windows. Start the video below at 53 minutes. Follow the instructions for using the Ultimate Boot CD.
  4. You still need help? ZHP Diag Scan Download ZHP Diag to your desktop. 1. Right Click Run as Admin. 2. Click the Scanner button. When complete please push the report button. A notepad will open... copy and paste the report in your next reply.
  5. O&O shut up 10 http://win10epicfail.proboards.com/thread/100/interested-participating-tweaker-development-test
  6. Sorry for the delay, anymore issues?
  7. Disable useless items. Download easy service optmizer, save it to your desktop and unzip it there. Right click it and run as admin, then select tweaked at the bottom. Then click on the rocket, this will turn off a lot of useless items. You will however need to change one setting. Right Click on Wlansvc — WLAN AutoConfig, then select start service, the edit service. Make sure it is automatic across the board, as per the picture.
  8. Please re-run ZHP cleaner, along with this scanner... We need you to run ESET Online Scanner to check and report on your PC. As Eset may take an extended time to run it is important to ensure your PC does not enter Sleep Mode. See HERE if you are not sure how to disable sleep mode. Click HERE to download ESET Online Scanner and save it to your desktop. Disable all Antivirus/Antimalware software. If you are unsure how to do this please ask? Right click on the downloaded Esetonlinescanner_enu.exe desktop icon and select "Run as Administrator" from the drop down menu. If you receive any security warnings you can safely allow Eset to run. On the opening screen click on Accept to agree with the Terms of Use. As per picture below Click "Enable detection of potentially unsafe applications" Click the Advanced settings link. Ensure all options shown ticked here are selected. Click "Scan". Eset will download a virus signature database and commence the scan. Depending on the amount of data on your PC this may take some time, please be patient. At the completion of the scan Eset will display a results dialogue: Click "Save to text file" Another box will open and ask you to name it and also where to save it. Suggest call it Eset.txt and save it to the Desktop. Then choose "Select all". Finally "Clean all". Another dialogue box will open where you can select Finish to complete the scan and clean. Please Copy and paste the contents of the new Eset.txt file in your next reply
  9. : Hijack This Fix. Start HijackThis , Right Click Run as Admin. Close all other open programs prior to running this tool!! Click System Scan Only. Then check mark the items listed below. R1 - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] C:\Program Files (x86)\DAEMON Tools Lite\DTAgent.exe -autorun O4 - HKLM\..\Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKU\S-1-5-19\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe /autoRun O4 - HKU\S-1-5-20\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe /autoRun O4 - MSConfig\startupreg: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (HKLM) (2017/04/19) O4 - MSConfig\startupreg: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (HKLM) (2017/04/19) O4 - MSConfig\startupreg: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (HKLM) (2017/04/19) O4 - MSConfig\startupreg: [AdobeBridge] (no file) (HKCU) (2017/04/19) O4 - MSConfig\startupreg: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe -launchedbylogin (HKLM) (2017/04/19) O4 - MSConfig\startupreg: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun (HKCU) (2017/04/19) O4 - MSConfig\startupreg: [GamecomSound] C:\Program Files\Plantronics\GameCom780\GameCom780.exe (HKLM) (2017/04/19) O4 - MSConfig\startupreg: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe (HKLM) (2017/04/19) O4 - MSConfig\startupreg: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s (HKLM) (2017/04/19) O4 - MSConfig\startupreg: [ShadowPlay] C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart (HKLM) (2017/04/19) O4 - MSConfig\startupreg: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (file missing) (HKLM) (2017/04/19) O4 - MSConfig\startupreg: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (HKLM) (2017/04/19) O4 - MSConfig\startupreg: [f.lux] C:\Users\Logan\AppData\Local\FluxSoftware\Flux\flux.exe /noshow (HKCU) (2017/04/19) O15 - Trusted Zone: *.clonewarsadventures.com O15 - Trusted Zone: *.freerealms.com O15 - Trusted Zone: *.soe.com O15 - Trusted Zone: *.sony.com O22 - Task (Queued): \Microsoft\Office\OfficeTelemetryAgentFallBack - C:\Program Files\Microsoft Office\Office15\msoia.exe scan upload mininterval:2880 O22 - Task (Queued): \Microsoft\Office\OfficeTelemetryAgentLogOn - C:\Program Files\Microsoft Office\Office15\msoia.exe scan upload O22 - Task (Ready): \Microsoft\Office\Office 15 Subscription Heartbeat - C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe (file missing) O22 - Task (Ready): \Microsoft\Windows\Application Experience\ProgramDataUpdater - C:\Windows\system32\rundll32.exe aepdu.dll,AePduRunUpdate O22 - Task (Ready): \Microsoft\Windows\MUI\Lpksetup - C:\Windows\System32\lpksetup.exe -v O22 - Task (Ready): \Microsoft\Windows\MUI\Mcbuilder - C:\Windows\System32\mcbuilder.exe O22 - Task (Ready): \Microsoft\Windows\Windows Activation Technologies\ValidationTask - C:\Windows\system32\Wat\WatAdminSvc.exe /run O22 - Task (Ready): \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline - C:\Windows\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" O22 - Task (Ready): \OfficeSoftwareProtectionPlatform\SvcRestartTask - C:\Windows\system32\sc.exe start osppsvc O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service R2: Adobe Genuine Software Integrity Service - (AGSService) - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe O23 - Service R2: Apple Mobile Device Service - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service R2: NVIDIA Telemetry Container - (NvTelemetryContainer) - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service S3: Intel(R) Update Manager - (iumsvc) - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service S3: Overwolf Updater Windows SCM - (OverwolfUpdater) - C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe Now click on fix checked. After the fix is complete, then reboot your machine.
  10. AdsFix Scan and clean. Disable Windows Defender, Firewall & Antivirus prior to running this tool!! Save AdsFix to your desktop. Right Click & Run As Administrator. With an infected machine, it could take several seconds to be charged. You will then be prompted to install Certificates. Install then click OK. Right Click & Run As Administrator Again. Click Options then select Unlock the deletion. Then click on clean. Enter your country Don’t use the machine while scanning and be patient Once the scan has completed, please copy and paste the report in your next reply. The report will be C:\AdsFix_date_hour.txt or on your dektop with the same name. Malwarebytes. Download MalwareBytes Anti-Malware : https://www.malwarebytes.com/mwb-download/ take the free version ( on the left ) Perform the installation Uncheck "Enable Free Trial of Malwarebytes Anti-Malware Premium" if it's asked Malwarebytes will update, let this update, Click on the "Settings" tab and then on the "Detection and Protection" tab, Check the box "Search for Rootkits" Click on the "Analysis" tab and then on "Start analysis" Once the review is complete, check that all detections are checked and then click [Delete Selection] If Malwarebytes asks you to restart your PC, click "Yes" When restarting your PC, restarts Malwarebytes Opens the "History" tab and then "Application logs" Double click on the last Scan Log in date (the one above) At the bottom click [Export] -> select "Text file (* .txt)" In the explorer selects the desktop, name it mbam.txt, click [Save]
  11. Update all of your old programs with Patch My PC Uninstall the programs below with Geek Uninstaller. µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - ) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation) Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT) FRST Fix. fixlist.txt Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply. Eliminate restrictive settings with this tool. Temporarily disable your antivirus --- Your antivirus may flag this tool as malware, it is safe to run I assure you. Download SupRestric.exe save to your desktop. Close all running programs. Double click the file to launch it. Windows: 7/8/10 Vista and run as administrator Click Yes at any prompt. The analysis takes only a few moments. The report is on the desktop ( CTR.txt ) Copy paste report in next reply. A reboot is needed to complete the repairs. HijackThis. 1- Please Click HERE to download HijackThis. -- Unzip to your desktop. 2- Right click run as admin. 3- Click on the Main Menu button if not already there. 4- Select Do a system scan and save a logfile. 5- Copy paste the log here.
  12. Clean up temp files and reduce startup load with CCleaner. Note: This tool will clean your browsing history as well. Download CCleaner from here. After install Click Options. Go to monitoring. Uncheck All Monitoring items. Go to advanced -- Click close program after cleaning. Go to settings -- click run ccleaner when the computer starts. Now that you have ccleaner installed and set-up: Open the program. Go to Tools Go to Startup Now double click each item. To Disable. Leave only your antivirus enabled. Then disable All items in your scheduled task as well. Unless they are related to windows defender.Or your antivirus. Reboot the machine. ZHP Scan. Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator. Once you have started the program, you will need to click the scanner button. The program will close all open browsers! Once the scan is completed, the you will want to click the Repair button. At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop. Copy and paste the report here in your next reply. Rogue Killer Scan. Download RogueKiller -- (Portable) -- from one of the following links and save it to your Desktop: Link 1 Link 2 Close all other the running programs Disable ALL Antivirus -- Antimalware -- Applications. Right Click Rogue Killer and Run as Administrator. Click the Start Scan button. Allow the scan to run -- it can take ten minutes or more. Once the scan is complete check All items for removal. After All items are checked then press Remove Selected. Wait until the Status box shows Deleting Finished. Click on open report -- then open txt Copy the content of the report and paste it here in your next reply. JRT Scan. Please download Junkware Removal Tool and save it on your desktop. Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator. The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log is saved to your desktop and will automatically open. Please post the JRT log. Adware Cleaner Scan. Please download AdwCleaner by Xplode onto your desktop. Close all open programs and internet browsers. Double click on adwcleaner.exe to run the tool. Click on Scan button. When the scan has finished click on Clean button. Your computer will be rebooted automatically. A text file will open after the restart. Please post the contents of that logfile with your next reply. You can find the logfile at C:\AdwCleaner[S1].txt as well.
  13. log from Farbar Scan & Recovery Tool (FRST). Please download and save FRST 64bit or FRST 32 bit to your DESKTOP. CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows. Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. Make sure that Addition option is checked. Press Scan button. It will produce a log called FRST.txt in the same directory the tool is run from. Please copy and paste contents of the log back here. The first time the tool is run, or Additions.txt is selected in the options it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste contents of that log along with the FRST.txt into your reply.
  14. Upload the logs so I can help.
  15. Still having issues?
  16. Upload the log to SendSpace.com and send me the link.
  17. Still having issues?
  18. Download the Ultimate Boot CD for windows. Or the FalconFour CD Start the video below at 53 minutes. Follow the instructions for using the Ultimate Boot CD. Run the Fix HDC Hard Drive Controller fix...
  19. Sorry for the delay, you still having issues?
  20. Sorry for delay, still having issues?
  21. Not a problem. In return buy the next home less person you see a 24 ounce beer for me. That will certainly bring that person joy.
  22. Yes unfortunate.... I just remove trash, I'd suggest not running it. I really do not care to go into detail. Optimize your internet connection. Click here for instructions. suggest the following in place of adblock. Alternate DNS Server. Ad Blocking DNS. Ublock Origin. Anti Ad Block Killer. Also, keep your browsing private with these tools: Self Destructing Cookies. Self Destructing Cookies Chrome. Some items to keep you safe on the internet. VooDoo Shield. control of what is running on your machine Qualys BrowserCheck To update plugins. Web Of Trust To Avoid Shady Websites. Unchecky To Avoid Bundled Software. Privazer To Clean up your mahcine. Now Lets Clean up the tools we used and remove old restore points. Download DelFix by "Xplode" to your Desktop. Right Click the tool and Run as Admin ( Xp Users Double Click) Put a check mark next the items below: Remove disinfection tools Create registry backup Purge System Restore Now click on "Run" button. allow the program to complete its work. all the tools we used will be removed. Tool will create and open a log report (DelFix.txt) Note: The report can be located at the following location C:\DelFix.txt
  23. If the above fixlist fails to solve the issue, then please upload a new ZHP Diag log and we will go from there.
  24. FRST Fix. Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply. fixlist.txt ClearLNK Download ClearLNK save it to your desktop. Drag the file Shortcut.txt made with FRST earlier. As per picture. A report on the work as a file ClearLNK- <date> .log Will be produced, post that log.

WindowsInstructed Forums

Welcome on the WindowsInstructed Forums. If you have any Windows question or Malware related question then this is the place to be. All your connections are securely encrypted with our server so your privacy is protected as well!