|
Post by torgohype on Jan 28, 2015 6:45:47 GMT -8
I ran the cleaner and attached the log. I did see some odd things which made we want to reach out regarding COM_Surrogate and also when this machine is not being used my internet connection in the rest of the house is cut in half. Thank you again. What are the next steps? Attachments:AdwCleanerS0.txt (4.3 KB)
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jan 28, 2015 21:07:49 GMT -8
We will see what a couple of other tools say Download Malwarebytes Anti-Rootkit to your Desktop. Double-click "mbar.exe" to start the tool. Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.Click in the introduction screen "next" to continue. Click in the following screen "Update" to obtain the latest malware definitions. Once the update is complete select "Next" and click "Scan".When the scan is finished and no malware has been found select "Exit".Open the MBAR folder and paste or attach the content of the following files in your next reply: "mbar-log-{date} (xx-xx-xx).txt" "system-log.txt"
The below screenshot includes step 4 (cleanup) don't do that one yet Quads
|
|
|
Post by torgohype on Jan 28, 2015 22:07:00 GMT -8
Attached are the requested files.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jan 28, 2015 22:33:30 GMT -8
Please read carefully and follow these steps. Go to support.kaspersky.com/viruses/common/5350 Click on 1. How to disinfect a compromised system to expand the question then click on the TDSSkiller.exe green link to download and transfer the download to your desktop. Double click on TDSSKiller.exe that is on the Desktop to run the application, Open the Change Parameters option and select the detect TDL File system Click OK
Then on Start Scan.After the scan a report will be created the report can also be found in your root directory, (usually C:\ ) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please attach the log in the post back, or paste back in a message.
Quads
|
|
|
Post by torgohype on Jan 28, 2015 23:10:45 GMT -8
Thank you. Downloaded and ran the scan. Attached is the log.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jan 28, 2015 23:37:38 GMT -8
One thing I found out with my neighbours system (win 8.1) but win 8 would be the same, if you are using the Microsoft account type instead of local account type as soon as you logon, the account type continually accesses the net for apps, updating etc. He also notice net use with win 8.1, compared to his Win 7 machines. I fixed that by switching his a user account type from Microsoft account type (which is always connected) to Local account type, and in the switching process click the disconnect in the Account
On with step 4, Complete system check for any file and cleanup of items and tools used. Special attention to the different settings I have asked for below You can leave Norton Enabled even though ESET may warn about it. just makes the scan take longer. The pictures below showing what to click may be blue instead of green on the ESET website now, but the procedure is still the same Please read carefully and Slowly, Notice all the settings listed below to check before starting the scan. Take note of the NO tick in the Remove found threats setting below at it needs to have the tick removed.
Please download Online Scanner and save it to your Desktop. Start with administartor privileges. Select the option Yes, and click on . Choose the following settings: NO!! for Remove found threats (reason for this is we don't want something deleted and then Windows won't load). Click on Start. The virus signature database will begin to download. This may take some time. When completed the Online Scan will begin automatically. Note: This scan might take a long time! Please be patient.When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first! (List found Threats)Now click on Finish Quads
|
|
|
Post by torgohype on Jan 29, 2015 9:48:14 GMT -8
The scan just completed and attached is the results file. Thanks Attachments:ESET.txt (333 B)
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jan 29, 2015 14:38:14 GMT -8
I have also looked up on Microsoft about Windows 8 and 8.1 always using the internet for Windows Updates, Apps, Start Menu Tiles and data syncing with the Microsoft account Like I said in my last post about the account type windows.microsoft.com/en-NZ/windows-8/metered-internet-connections-frequently-asked-questionsPress the + R Keys on your keyboard at the same time. Type notepad and click OK. Copy the entire content of the codebox below and paste into the notepad (Including start and end) start C:\Program Files (x86)\Tftpd32\tftpd32.exe C:\Program Files (x86)\Tftpd32 C:\Windows\SECOH-QAD.exe F:\Newsbin Scratch\GameMaker Studio 1 99 44 Professional Edition\GMStudio-Installer-1.99.exe end Click File, Save As and type fixlist (.txt may be seen on the end depending on the system setup) as the File Name. Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Right-click on icon and select Run as Administrator to start FRST. (XP users click run after receipt of Windows Security Warning - Open File). Press the button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop, called Fixlog.txt. To paste or attach back here Quads
|
|
|
Post by torgohype on Jan 29, 2015 18:28:24 GMT -8
Thank you for that link it is quite odd that this machine affects the rest of the network so much when idle. Will also investigate QoS settings. Attached is the log file. Attachments:Fixlog.txt (904 B)
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jan 29, 2015 18:55:03 GMT -8
Windows actually does a lot of tasks and house keeping at times when the System the System is "Idle" actually meaning the user is not using the system (no keyboard and Mouse use for xx mins = Idle) From Net Framework, to System Restore, and Win 8 may do the syncing of data at that time and the Apps updates Tools and Quarantines we used to be removed Please download DelFix by Xplode to your Desktop. toolslib.net/downloads/viewdownload/2-delfix/Double-click to run the program; Note: Windows Vista/7/8 users right-click and choose Run as administratorMake sure the Remove Disinfection tools is ticked / selected in the list Click RunA log will be opened after the operation is finished Copy and Paste it in your next reply Quads
|
|