|
Post by colour blue on Jul 2, 2015 5:08:15 GMT -8
Heres the Emsisoft report -
Emsisoft Emergency Kit - Version 10.0
Last update: 02/07/2015 14:01:57
User account: blue\bluepiglet
Scan settings:
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
Scan start: 02/07/2015 14:03:28
C:\Program Files (x86)\DriverUpdate detected: Application.InstallDrive (A)
Key: HKEY_USERS\S-1-5-21-3463171804-1537994893-3906066650-1001\SOFTWARE\PARTYGAMING detected: Application.Win32.CasOnline (A)
Scanned 77673
Found 2
Scan end: 02/07/2015 14:06:53
Scan time: 0:03:25
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Jul 2, 2015 20:32:55 GMT -8
Open notepad by pressing the Windows Key + R key, typing notepad in the Run box and pressing Enter. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txtNOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemStart FRST that is on the desktop by right clicking on file and selecting "Run as Administrator..." and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
|
|
|
Post by colour blue on Jul 3, 2015 1:45:19 GMT -8
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Jul 3, 2015 15:12:58 GMT -8
If you did not do so at the end of its scan, please uninstall ESET Online Scanner at this time. You can use the Control Panel 'Add / Remove Programs' or 'Programs and Features' utility to uninstall it. The Emsisoft Emegency Kit you can keep if you want as it is a stand alone scanner (has to be manually started whenever you want to scan). Next, we need to remove the tools we've used during cleaning your machine. [/a] Ensure the following is ticked: - Activate UAC
- Remove disinfection tools
- Create registry backup
- Purge system restore
- Reset system settings
[/ul] Then click Run. The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply. Once you have the log file saved, please reboot your system to complete the clean up process. Your system looks clean and your logs are fine. Unless you want something else done, you are done and free to go.Final word from me: Surf safely, and watch when installing or letting anything add itself to your system. Remember, the best security is not on your system but in the chair in front of it. Take care and thanks for sticking with us in this rushed time.
|
|
|
Post by colour blue on Jul 4, 2015 1:27:15 GMT -8
Whenever i open a text document it says - New Text Document.txt for some reason where the name of it would be. Video file names have .mp4 or .avi in the name aswel. Also - ZeroTier One Virtual Network Port #2 is not working properly. In device manager properties it says - Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19). I tried updating the driver but it didnt work.
Heres the Delfix log -
# DelFix v1.010 - Logfile created 04/07/2015 at 05:00:29
# Updated 26/04/2015 by Xplode
# Username : bluepiglet - BLUE
# Operating System : Windows 8 Pro (64 bits)
~ Activating UAC ... OK
~ Removing disinfection tools ...
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\bluepiglet\Desktop\AdwCleaner.exe
Deleted : C:\Users\bluepiglet\Desktop\FRST64.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
~ Creating registry backup ... OK
~ Cleaning system restore ...
Deleted : RP #245 [Restore Point Created by FRST | 06/30/2015 09:38:54]
Deleted : RP #247 [Restore Point Created by FRST | 07/03/2015 09:40:13]
New restore point created !
~ Resetting system settings ... OK
########## - EOF - ##########
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Jul 4, 2015 21:56:09 GMT -8
The Network Port was damaged before the malware; usually [in my past experience] from AVG Firewall software. The only way I've ever seen anything firewall / network related fixed when AVG is involved is to remove AVG, reboot the system, remove the problem device / software, reboot, install the device / software, reboot and reinstall AVG. Just disabling the AVG drivers / firewall is never enough to let the OS set up the device / software / VPN.
|
|
|
Post by colour blue on Jul 5, 2015 0:16:33 GMT -8
What about the file type now being part of every files name ?
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Jul 5, 2015 14:20:17 GMT -8
Let's see if the file associations have been changed: Please download Farbar Recovery Scan Tool 64bit and save it to your Desktop. Place FRST64.exe onto your desktop from where ever it downloaded to. IF IT IS NOT ON THE DESKTOP (YOU DID NOT DOWNLOAD DIRECTLY TO DESKTOP), THEN RIGHT CLICK ON THE DOWNLOADED FILE AND SELECT CUT. FIND A BLANK SPOT ON YOUR DESKTOP AND RIGHT CLICK ON IT, SELECT PASTE AND THE FILE WILL BE ON THE DESKTOP. Thank You (this is very important later on)! Start FRST64 that is on your Desktop by right clicking on it and selecting "Run as Administrator..." .The tool will start to run. When the tool opens click Yes to disclaimer. (if it does) Press Scan button. It will make two logs ( FRST.txt and addition.txt) on your Desktop. Please attach the logs in your reply back. Or open the logs in notepad and copy the logs and paste back in a message as a reply. ( Ask if you don't know how to do either of these). Notes:If your Security software blocks the running or download of FRST / FRST64, please disable the security software or make an exception for this file. FRST is updated very frequently and is safe to run but because of the frequent changes (to keep up with newest malware techniques) most Security Software does not approve of the unknown file. Right now the forum will not allow one to attach the Addition.txt file so please use wikisend.com or pastebin.com to upload the file and then post the download link here in your reply post.
|
|
|
Post by colour blue on Jul 6, 2015 1:42:04 GMT -8
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Jul 6, 2015 11:40:25 GMT -8
Download the attached file and double click on it to start the merge to your registry. This will reset the .txt, .mp4, .avi and unknown file types to defaults for Win8 / 8.1. Note that you will need to run this merge as a Administrator or the merge will not happen. Restart your system to apply the fix and then tell me how your system is now. Attachments:reg_fix.reg (13.56 KB)
|
|