|
addaware problems.
|
|
AfterDawn Addict
|
10. October 2013 @ 00:46 |
Link to this message
|
Quote:
Are those blue highlighted items virus?Because I have no idea what the battlefield heroes is from and don't want it,or that 'bing' crap.
Oh, I did miss a bug.... I missed that note at the bottom of one of your posts.
If you will run a Hijackthis Log and post it I think we can remove those with it..
I just know you're not Old, I probably got socks older than you. LOL
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
Advertisement
|
|
|
|
|
Alryss
Newbie
|
24. October 2013 @ 15:31 |
Link to this message
|
|
This is Heaseba's hubby. I have a few issues with my comp as well. She told me you may be able to assist me with them. One is a Malwarebyte notification of a pmb.exe virus. Thank you.
|
AfterDawn Addict
|
24. October 2013 @ 17:12 |
Link to this message
|
Originally posted by Alryss:
This is Heaseba's hubby. I have a few issues with my comp as well. She told me you may be able to assist me with them. One is a Malwarebyte notification of a pmb.exe virus. Thank you.
Hello Alryss,
I will be more than glad to assist you..
First I need for you to run a few programs and post the Logs so I can see into your computer and determine what we will need to do in order to fix it...
-Security Check-
Download Security Check by screen317.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
--AdwCleaner--
Please download AdwCleaner by Xplode to your Desktop.
? Close all open programs and internet browsers.
? Double click on AdwCleaner.exe to run the tool.
? Click on Delete tab follow the prompts.
? A log file will automatically open after the scan has finished.
? Please post the content of that log file with your next answer.
? You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
?Junkware Removal Tool--
Please download Junkware Removal Tool to your Desktop.
? Please close your security software to avoid potential conflicts.
? Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
? The tool will open and start scanning your system.
? Please be patient as this can take a while to complete, depending on your system's specifications.
? On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
? Please post the contents of JRT.txt into your reply.
--RogueKiller--
? Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
? Quit all programs that you may have started.
? Please disconnect any USB or external drives from the computer before you run this scan!
? For Vista or Windows 7, right-click and select "Run as Administrator to start"
? For Windows XP, double-click to start.
? Wait until pre-scan has finished ...
? Then Click on "Scan" button
? Wait until the Status box shows "Scan Finished"
? click on "delete"
? Wait until the Status box shows "Deleting Finished"
? Click on "Report" and copy/paste the content of the Notepad into your next reply.
? The log should be found in RKreport[1].txt on your Desktop
? Exit/Close RogueKiller+
Please paste the logs in your next reply.
Let me know what problem persists.
2oG
|
|
Heather59
Junior Member
|
28. October 2013 @ 10:31 |
Link to this message
|
|
Lost my password so had to remake the account. For the last 2 days, my computer has been freezing and stalling and driving me nuts...
|
|
Heather59
Junior Member
|
28. October 2013 @ 10:44 |
Link to this message
|
Originally posted by Heaseba:
Originally posted by 2oldGeek:
Quote:
didnt ask to reboot.Hope this is the right report.
Hi Heather,
Lets not worry about it, youre clean. How is your computer doing now?
You shouldnt have any problems and should be running faster...
Avast! is very good and should keep you well protected. Run MalwareBytes ever so often and you will be able to keep the bad guys out.:)
Have your Hubby come on to this thread and we will get him cleaned up also.
Nice working with you. You did an excellent job and I thank you for not making it rough on me. LOL
Til we meet again, have a "happy and safe surfing".
2old Geek, The number "2" not Too, old with a small "o" and Geek with a Capital "G"
I get the Bugs Out!
you are too funny... love the bug.
My comp is running better than I can ever remember it running, so you did an awesome job of helping this OLD (with a capital O) lady get sorted out.
I lost my password and had to recreate the account.
I'm having problems again. the last couple of days my computer has been freezing all the time. And also.. how do you USE Avast? I can't find a way to start a scan.
work smart..not hard.
This message has been edited since posting. Last time this message was edited on 28. October 2013 @ 10:52
|
|
Heather59
Junior Member
|
28. October 2013 @ 11:11 |
Link to this message
|
|
He asked me to apologize for him. He didn't notice there was a 2nd page so thought you had not replied. He actually thought his post hadn't posted.
work smart..not hard.
|
|
Alryss
Newbie
|
28. October 2013 @ 12:10 |
Link to this message
|
Originally posted by 2oldGeek:
Originally posted by Alryss:
This is Heaseba's hubby. I have a few issues with my comp as well. She told me you may be able to assist me with them. One is a Malwarebyte notification of a pmb.exe virus. Thank you.
Hello Alryss,
I will be more than glad to assist you..
First I need for you to run a few programs and post the Logs so I can see into your computer and determine what we will need to do in order to fix it...
-Security Check-
Download Security Check by screen317.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
--AdwCleaner--
Please download AdwCleaner by Xplode to your Desktop.
? Close all open programs and internet browsers.
? Double click on AdwCleaner.exe to run the tool.
? Click on Delete tab follow the prompts.
? A log file will automatically open after the scan has finished.
? Please post the content of that log file with your next answer.
? You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
?Junkware Removal Tool--
Please download Junkware Removal Tool to your Desktop.
? Please close your security software to avoid potential conflicts.
? Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
? The tool will open and start scanning your system.
? Please be patient as this can take a while to complete, depending on your system's specifications.
? On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
? Please post the contents of JRT.txt into your reply.
--RogueKiller--
? Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
? Quit all programs that you may have started.
? Please disconnect any USB or external drives from the computer before you run this scan!
? For Vista or Windows 7, right-click and select "Run as Administrator to start"
? For Windows XP, double-click to start.
? Wait until pre-scan has finished ...
? Then Click on "Scan" button
? Wait until the Status box shows "Scan Finished"
? click on "delete"
? Wait until the Status box shows "Deleting Finished"
? Click on "Report" and copy/paste the content of the Notepad into your next reply.
? The log should be found in RKreport[1].txt on your Desktop
? Exit/Close RogueKiller+
Please paste the logs in your next reply.
Let me know what problem persists.
2oG
Here are the reports of the programs you asked for:
Results of screen317's Security Check version 0.99.74
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Spybot - Search & Destroy
Java(TM) 6 Update 24
Java version out of Date!
Adobe Flash Player 11.7.700.224
Adobe Reader XI
Mozilla Firefox (24.0)
Google Chrome 30.0.1599.101
Google Chrome 30.0.1599.69
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
----------------------------------------------------------------------------
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Ultimate x64
Ran by Administrator on Mon 10/28/2013 at 11:40:26.56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211181104}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211181104}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181104}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AF501D62-E51C-4FA1-916E-5680531EAA5F}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{362269bd-c93c-460f-9255-3bd667eb7f0a}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Administrator\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Administrator\appdata\local\visualbeeclient"
Successfully deleted: [Folder] "C:\Users\Administrator\appdata\locallow\iwonie"
~~~ FireFox
Successfully deleted: [File] C:\user.js
Successfully deleted: [File] C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\bigp7qk9.default\extensions\fgegmtgkxq@fgegmtgkxq.org.xpi [Tracur]
Emptied folder: C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\bigp7qk9.default\minidumps [89 files]
~~~ Event Viewer Logs were cleared
------------------------------------------------------------------
RogueKiller V8.7.6 _x64_ [Oct 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Remove -- Date : 10/28/2013 11:55:38
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 24 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : uTorrent ("C:\Users\Administrator\Desktop\utorrent.exe" [7]) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-19\[...]\Run : Apple (rundll32.exe "C:\Users\Administrator\AppData\Local\Apps\Apple\lylkgxka.dll",DllRegisterServer [x][x][x]) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-20\[...]\Run : Apple (rundll32.exe "C:\Users\Administrator\AppData\Local\Apps\Apple\lylkgxka.dll",DllRegisterServer [x][x][x]) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-2499208692-1834819155-3519375275-500\[...]\Run : uTorrent ("C:\Users\Administrator\Desktop\utorrent.exe" [7]) -> [0x2] The system cannot find the file specified.
[RUN][SUSP PATH] HKUS\.DEFAULT\[...]\RunOnce : SpybotDeletingB8232 (command.com /c del "C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly Help.lnk" [x][x]) -> DELETED
[RUN][SUSP PATH] HKUS\.DEFAULT\[...]\RunOnce : SpybotDeletingD3154 (cmd.exe /c del "C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly Help.lnk" [x][x]) -> DELETED
[RUN][SUSP PATH] HKUS\.DEFAULT\[...]\RunOnce : SpybotDeletingB9464 (command.com /c del "C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly.lnk" [x][x]) -> DELETED
[RUN][SUSP PATH] HKUS\.DEFAULT\[...]\RunOnce : SpybotDeletingD623 (cmd.exe /c del "C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly.lnk" [x][x]) -> DELETED
[RUN][SUSP PATH] HKUS\.DEFAULT\[...]\RunOnce : SpybotDeletingB2627 (command.com /c del "C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\Uninstall DealPly.lnk" [x][x]) -> DELETED
[RUN][SUSP PATH] HKUS\.DEFAULT\[...]\RunOnce : SpybotDeletingD8392 (cmd.exe /c del "C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\Uninstall DealPly.lnk" [x][x]) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-18\[...]\RunOnce : SpybotDeletingB8232 (command.com /c del "C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly Help.lnk" [x][x]) -> [0x2] The system cannot find the file specified.
[RUN][SUSP PATH] HKUS\S-1-5-18\[...]\RunOnce : SpybotDeletingD3154 (cmd.exe /c del "C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly Help.lnk" [x][x]) -> [0x2] The system cannot find the file specified.
[RUN][SUSP PATH] HKUS\S-1-5-18\[...]\RunOnce : SpybotDeletingB9464 (command.com /c del "C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly.lnk" [x][x]) -> [0x2] The system cannot find the file specified.
[RUN][SUSP PATH] HKUS\S-1-5-18\[...]\RunOnce : SpybotDeletingD623 (cmd.exe /c del "C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly.lnk" [x][x]) -> [0x2] The system cannot find the file specified.
[RUN][SUSP PATH] HKUS\S-1-5-18\[...]\RunOnce : SpybotDeletingB2627 (command.com /c del "C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\Uninstall DealPly.lnk" [x][x]) -> [0x2] The system cannot find the file specified.
[RUN][SUSP PATH] HKUS\S-1-5-18\[...]\RunOnce : SpybotDeletingD8392 (cmd.exe /c del "C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\Uninstall DealPly.lnk" [x][x]) -> [0x2] The system cannot find the file specified.
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1)
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[BROK VAL] HKCR\[...]\command : () -> CREATED ("%1" %*)
¤¤¤ Scheduled tasks : 4 ¤¤¤
[V1][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv.job : C:\Windows\TEMP\{ADD8AE58-934A-4DC2-BC99-F1A517B60908}.exe - --uninstall=1 [x] -> DELETED
[V2][ROGUE ST] 4790 : wscript.exe - C:\Users\ADMINI~1\AppData\Local\Temp\launchie.vbs //B -> DELETED
[V2][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv : C:\Windows\TEMP\{ADD8AE58-934A-4DC2-BC99-F1A517B60908}.exe - --uninstall=1 [x] -> ERROR DELETING TASK
[V2][SUSP PATH] VisualBeeRecovery : C:\Users\Administrator\AppData\Local\VisualBeeExe\VisualBeeRecovery.exe - /s [x] -> DELETED
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD5000AAKS-75A7B0 ATA Device +++++
--- User ---
[MBR] f1fee3af5807ba734d5a4b30e66cb16a
[BSP] 9c75935db8957562dda106d67294767c : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476837 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST31000528AS ATA Device +++++
--- User ---
[MBR] 4dd5e74579c1c842a6af9bcb29d47aa1
[BSP] 2bbbc00a79a32f5787f23fb6c6762e51 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ IDE) Hitachi HDP725050GLA360 ATA Device +++++
--- User ---
[MBR] 622aaacc0368c2844e82777eea019a88
[BSP] 90a0ef11c76e8dcd1160fa81e496d5ce : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476937 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[0]_D_10282013_115538.txt >>
RKreport[0]_S_10282013_115407.txt
|
AfterDawn Addict
|
28. October 2013 @ 16:35 |
Link to this message
|
Originally posted by Alryss:
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Spybot - Search & Destroy
Java(TM) 6 Update 24
Java version out of Date!
Adobe Flash Player 11.7.700.224
Adobe Reader XI
Mozilla Firefox (24.0)
Google Chrome 30.0.1599.101
Google Chrome 30.0.1599.69
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
1.)Update your Win 7 and install SP1.
2.)Uninstall Ad-Aware and install Avast 9 - it's much better!
3.)Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Uninstall Java(TM) 6 Update 24
4.)Upgrading Java:
? Download the latest version of JRE 7 Update 45.
? Click the "Free Java Download" button.
? Click the ?Agree and Start Free Download? button.
? Click on the download link for your system and save it to your desktop.
Close any programs you may have running - especially your web browser.
? Then from your desktop double-click on the download to install the newest version.(Vista/7 users, right click on the JRE download and select "Run as an Administrator.")
5.)--OTL--
Please download OTL by OldTimer to your Desktop.
If you already have a copy of OTL, delete it and use this version.
Double click OTL.exe to launch the program.
Check the following.
Scan all users.
Standard Output.
Lop check.
Purity check.
Under Extra Registry section, select Use SafeList
Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
When finished it will produce two logs.
OTL.txt (open on your desktop).
Extras.txt (minimized in your taskbar)
Please post me both logs
2oG
P.S. please have Heather59 start a new thread so I may help her. At 71 it's very difficult to multi-task in the same thread. Very confusing..
|
|
Heather59
Junior Member
|
29. October 2013 @ 09:34 |
Link to this message
|
|
NVM I downloaded and ran malwarebytes. found 66 issues and cleaned those. I think I may be ok for now. I will scream for help, if I find I still need it. Thanks :D
work smart..not hard.
|
AfterDawn Addict
|
29. October 2013 @ 11:22 |
Link to this message
|
Originally posted by Heather59:
NVM I downloaded and ran malwarebytes. found 66 issues and cleaned those. I think I may be ok for now. I will scream for help, if I find I still need it. Thanks :D
Gee Heather, I can't understand how you came up with that many issues. The last Log I have for you was clean. I sure would like to see that Log. You sure you have your AV running?
The log can be found in MBAM under the Logs Tab.
2oG
|
|
Heather59
Junior Member
|
1. November 2013 @ 12:43 |
Link to this message
|
Originally posted by 2oldGeek:
Originally posted by Heather59:
NVM I downloaded and ran malwarebytes. found 66 issues and cleaned those. I think I may be ok for now. I will scream for help, if I find I still need it. Thanks :D
Gee Heather, I can't understand how you came up with that many issues. The last Log I have for you was clean. I sure would like to see that Log. You sure you have your AV running?
The log can be found in MBAM under the Logs Tab.
2oG
No.. I'm not sure. The icon is in the toolbar, but I can't find a way to scan. Does it run automatically, or do you have to set something on it?
work smart..not hard.
|
AfterDawn Addict
|
1. November 2013 @ 13:36 |
Link to this message
|
Quote:
No.. I'm not sure. The icon is in the toolbar, but I can't find a way to scan. Does it run automatically, or do you have to set something on it?
Are we talking about the MBAM icon or the AV icon.. Which program are we looking at to scan with? Sorry, confused:(
|
|
Heather59
Junior Member
|
10. November 2013 @ 20:29 |
Link to this message
|
Originally posted by 2oldGeek:
Quote:
No.. I'm not sure. The icon is in the toolbar, but I can't find a way to scan. Does it run automatically, or do you have to set something on it?
Are we talking about the MBAM icon or the AV icon.. Which program are we looking at to scan with? Sorry, confused:(
avast..actually. This is my latest malwarebytes log..
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2013.11.10.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Administrator :: HEATHERPC [administrator]
Protection: Enabled
11/10/2013 7:45:47 PM
mbam-log-2013-11-10 (19-45-47).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 388349
Time elapsed: 40 minute(s), 8 second(s)
Memory Processes Detected: 2
C:\Program Files (x86)\Optimizer Pro\OptProCrash.exe (PUP.Optional.OptimizerPro) -> 3592 -> Delete on reboot.
C:\Program Files (x86)\SaltarSmart\updateSaltarSmart.exe (PUP.Optional.SaltarSmart.A) -> 4296 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 25
HKLM\SYSTEM\CurrentControlSet\Services\70e6ca8c (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
HKCR\CLSID\{d99a4ec9-00bd-4fe4-85a5-4db018351265} (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{6f2d4806-f281-4721-89f4-9835bb9eb954} (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
HKCR\Interface\{5B725BC8-C263-4783-BE79-D3A812FBB42B} (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D99A4EC9-00BD-4FE4-85A5-4DB018351265} (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\Update SaltarSmart (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1 (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Quarantined and deleted successfully.
HKCU\Software\SaltarSmart (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\OPTIMIZER PRO (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\dosearchesSoftware (PUP.Optional.DoSearches.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\SaltarSmart (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Quarantined and deleted successfully.
HKCR\CLSID\{4634A024-1754-4A6D-B4C0-4968168E3B7B} (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully.
HKCR\Toolbar.CT3314312 (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4634A024-1754-4A6D-B4C0-4968168E3B7B} (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4634A024-1754-4A6D-B4C0-4968168E3B7B} (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully.
HKCR\CLSID\{93ec97bf-fe43-4bca-a735-5c5d6a0a40c4} (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93EC97BF-FE43-4BCA-A735-5C5D6A0A40C4} (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{93EC97BF-FE43-4BCA-A735-5C5D6A0A40C4} (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{93EC97BF-FE43-4BCA-A735-5C5D6A0A40C4} (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully.
Registry Values Detected: 6
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Optimizer Pro (PUP.Optional.OptimizerPro.A) -> Data: C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe -> Quarantined and deleted successfully.
HKCU\Software\Optimizer Pro|AdsBuyNowURL (PUP.Optional.OptimizerPro.A) -> Data: http://domore.pcutilitiespro.revenuewir...D6-310CEABE778D -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{93EC97BF-FE43-4BCA-A735-5C5D6A0A40C4} (PUP.Optional.Sweetpacks) -> Data: ¿?ì?CþÊK§5\]j
@Ä -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{93EC97BF-FE43-4BCA-A735-5C5D6A0A40C4} (PUP.Optional.Sweetpacks) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{93EC97BF-FE43-4BCA-A735-5C5D6A0A40C4} (PUP.Optional.Sweetpacks) -> Data: SweetPacks A5 Toolbar -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{93EC97BF-FE43-4BCA-A735-5C5D6A0A40C4} (PUP.Optional.Sweetpacks) -> Data: -> Quarantined and deleted successfully.
Registry Data Items Detected: 6
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.DoSearches) -> Bad: (http://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=hp&from=tugs&uid=WDCXWD5000AAKS-75A7B2_WD-WMASY695117251172&ts=1384114876) Good: (http://www.google.com) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope (PUP.Optional.Qone8) -> Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}) Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.OptimizerPro.A) -> Bad: (c:\progra~2\optimi~1\optpro~1.dll) Good: () -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.DoSearches) -> Bad: (http://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=hp&from=tugs&uid=WDCXWD5000AAKS-75A7B2_WD-WMASY695117251172&ts=1384114876) Good: (http://www.google.com) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.DoSearches) -> Bad: (http://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=hp&from=tugs&uid=WDCXWD5000AAKS-75A7B2_WD-WMASY695117251172&ts=1384114876) Good: (http://www.google.com) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.DoSearches) -> Bad: (http://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=hp&from=tugs&uid=WDCXWD5000AAKS-75A7B2_WD-WMASY695117251172&ts=1384114876) Good: (http://www.google.com) -> Quarantined and repaired successfully.
Folders Detected: 5
C:\Program Files (x86)\SaltarSmart (PUP.Optional.SaltarSmart.A) -> Delete on reboot.
C:\Program Files (x86)\Optimizer Pro (PUP.Optional.OptimizerPro.A) -> Delete on reboot.
C:\Users\Administrator\Documents\Optimizer Pro (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2 (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetPacks_A5 (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully.
Files Detected: 52
C:\Program Files (x86)\Optimizer Pro\OptProCrash.exe (PUP.Optional.OptimizerPro) -> Delete on reboot.
C:\Program Files (x86)\SaltarSmart\SaltarSmartBHO.dll (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Optimizer Pro\OptimizerPro.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Optimizer Pro\OptProGuard.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Optimizer Pro\OptProSchedule.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Optimizer Pro\OptProStart.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CNREA1Z5\Setup[1].exe (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
C:\Users\Administrator\AppData\Local\Temp\fullpackage_temp\eGdpSvc.exe (PUP.Optional.Wsys.A) -> Quarantined and deleted successfully.
C:\Users\Administrator\AppData\Local\Temp\Setup.exe\0b1d8865260e48f8b4741875580dc0f4\parent.txt (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
C:\Users\Administrator\AppData\Local\Temp\Setup.exe\0b1d8865260e48f8b4741875580dc0f4\Setup.exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
C:\Users\Administrator\AppData\Local\Temp\Setup.exe\0b1d8865260e48f8b4741875580dc0f4\software\OptimizerPro.exe (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\Users\Administrator\AppData\Local\Temp\Setup.exe\0b1d8865260e48f8b4741875580dc0f4\software\SaltarSmart_tg.exe (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
C:\Users\Administrator\Desktop\Setup.exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SaltarSmart\SaltarSmart.ico (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SaltarSmart\chdboodilddefglllfoimeceomkpmkbi.crx (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SaltarSmart\SaltarSmartUninstall.exe (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SaltarSmart\sqlite3.exe (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SaltarSmart\updateSaltarSmart.exe (PUP.Optional.SaltarSmart.A) -> Delete on reboot.
C:\Program Files (x86)\SaltarSmart\updateSaltarSmart.InstallState (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Optimizer Pro\OptimizerPro.chm (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Optimizer Pro\CookiesException.txt (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Optimizer Pro\English.ini (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Optimizer Pro\file_id.diz (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Optimizer Pro\HomePage.url (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Optimizer Pro\OptProCrash.dll (PUP.Optional.OptimizerPro.A) -> Delete on reboot.
C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Optimizer Pro\OptProUninstaller.exe (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Optimizer Pro\scan.gif (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Optimizer Pro\sqlite3.dll (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Optimizer Pro\StartupList.txt (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Optimizer Pro\unins000.dat (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Optimizer Pro\unins000.exe (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Optimizer Pro\unins000.msg (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\Users\Administrator\Documents\Optimizer Pro\CookiesException.txt (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Optimizer Pro.lnk (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Check updates.lnk (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Help.lnk (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Optimizer Pro on the Web.lnk (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Uninstall Optimizer Pro.lnk (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetPacks_A5\GottenAppsContextMenu.xml (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetPacks_A5\hk64tbSwee.dll (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetPacks_A5\hktbSwee.dll (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetPacks_A5\ldrtbSwee.dll (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetPacks_A5\OtherAppsContextMenu.xml (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetPacks_A5\prxtbSwee.dll (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetPacks_A5\SharedAppsContextMenu.xml (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetPacks_A5\tbSwee.dll (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetPacks_A5\toolbar.cfg (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetPacks_A5\ToolbarContextMenu.xml (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully.
work smart..not hard.
This message has been edited since posting. Last time this message was edited on 10. November 2013 @ 20:31
|
|
ddp
Moderator
|
10. November 2013 @ 22:17 |
Link to this message
|
|
you sure did have a bunch of nasties there.
|
AfterDawn Addict
|
10. November 2013 @ 22:19 |
Link to this message
|
Quote:
avast..actually. This is my latest malwarebytes log..
You should be able to click the AVAST icon and then click Scan or Quick Scan for it to run..
Please DO NOT use the "Reply button" when posting. With these Big Logs it gets too hard to keep up with everything.
You were clean what happened? 
These guys get bundled with other downloads and you really have to watch out when downloading so as not to include them in your install:
Optimizer Pro
SaltarSmart
Sweetpacks
DoSearches
With everything I can see from that Log, let's just start Fresh...
-Security Check-
Download Security Check by screen317.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
--AdwCleaner--
Please download AdwCleaner by Xplode to your Desktop.
? Close all open programs and internet browsers.
? Double click on AdwCleaner.exe to run the tool.
? Click on Delete tab follow the prompts.
? A log file will automatically open after the scan has finished.
? Please post the content of that log file with your next answer.
? You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
?Junkware Removal Tool--
Please download Junkware Removal Tool to your Desktop.
? Please close your security software to avoid potential conflicts.
? Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
? The tool will open and start scanning your system.
? Please be patient as this can take a while to complete, depending on your system's specifications.
? On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
? Please post the contents of JRT.txt into your reply.
--RogueKiller--
? Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
? Quit all programs that you may have started.
? Please disconnect any USB or external drives from the computer before you run this scan!
? For Vista or Windows 7, right-click and select "Run as Administrator to start"
? For Windows XP, double-click to start.
? Wait until pre-scan has finished ...
? Then Click on "Scan" button
? Wait until the Status box shows "Scan Finished"
? click on "delete"
? Wait until the Status box shows "Deleting Finished"
? Click on "Report" and copy/paste the content of the Notepad into your next reply.
? The log should be found in RKreport[1].txt on your Desktop
? Exit/Close RogueKiller+
Please paste the logs in your next reply. DO NOT use the "reply" button. :)
Let me know what problems you are having and we can go from there.
|
AfterDawn Addict
|
10. November 2013 @ 22:32 |
Link to this message
|
|
Hi ddp, watup?
|
|
ddp
Moderator
|
10. November 2013 @ 22:49 |
Link to this message
|
|
no much, just keeping busy. how are you doing?
|
AfterDawn Addict
|
10. November 2013 @ 23:04 |
Link to this message
|
Been cleaning leftovers from registries using Systemlook. Have a list of 21 malware that leaves a lot of trash and looks like my list will expand after seeing Heather's Log.
|
|
ddp
Moderator
|
10. November 2013 @ 23:11 |
Link to this message
|
|
|
AfterDawn Addict
|
10. November 2013 @ 23:18 |
Link to this message
|
|
This message has been edited since posting. Last time this message was edited on 10. November 2013 @ 23:33
|
|
Heather59
Junior Member
|
12. November 2013 @ 09:03 |
Link to this message
|
Originally posted by 2oldGeek:
Been cleaning leftovers from registries using Systemlook. Have a list of 21 malware that leaves a lot of trash and looks like my list will expand after seeing Heather's Log.
O.O
work smart..not hard.
|
AfterDawn Addict
|
12. November 2013 @ 11:41 |
Link to this message
|
Originally posted by Heather59:
Originally posted by 2oldGeek:
Been cleaning leftovers from registries using Systemlook. Have a list of 21 malware that leaves a lot of trash and looks like my list will expand after seeing Heather's Log.
O.O
I have a list of the Foistware/Malware that is currently infecting computers out there and use it to clean my customers? computers. You just added a couple of new ones to my list.
Foistware and crapware is being bundled with almost every free program you download. That?s how they make money and keep their programs ?free?. Even the bigger respected software companies like Java and Adobe are doing it.
The useless crapware runs all the time taking up ram and resources thereby slowing you down.
After removing crapware the orphaned registry entries can do no harm but, I am very anal about having a computer leave my shop that is not as clean as an ?Old Maids Parlor? 
When possible always download from clean sites like Filehippo and Majorgeeks or the developers site. Stay away from CNET!
Be very careful when installing and pay close attention to the tricks that are used to fool you into installing something you don?t want. Read over this guide to gain some knowledge of the tricks they use:
http://www.freewaregenius.com/how-to-in...on-methods/#six
You must be vigilant when using the internet, there is something lurking behind almost every click you make.. 
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
Heather59
Junior Member
|
12. November 2013 @ 22:56 |
Link to this message
|
Originally posted by 2oldGeek:
Originally posted by Heather59:
Originally posted by 2oldGeek:
Been cleaning leftovers from registries using Systemlook. Have a list of 21 malware that leaves a lot of trash and looks like my list will expand after seeing Heather's Log.
O.O
I have a list of the Foistware/Malware that is currently infecting computers out there and use it to clean my customers? computers. You just added a couple of new ones to my list.
Foistware and crapware is being bundled with almost every free program you download. That?s how they make money and keep their programs ?free?. Even the bigger respected software companies like Java and Adobe are doing it.
The useless crapware runs all the time taking up ram and resources thereby slowing you down.
After removing crapware the orphaned registry entries can do no harm but, I am very anal about having a computer leave my shop that is not as clean as an ?Old Maids Parlor?
When possible always download from clean sites like Filehippo and Majorgeeks or the developers site. Stay away from CNET!
Be very careful when installing and pay close attention to the tricks that are used to fool you into installing something you don?t want. Read over this guide to gain some knowledge of the tricks they use:
http://www.freewaregenius.com/how-to-in...on-methods/#six
You must be vigilant when using the internet, there is something lurking behind almost every click you make..
2oG
ya.. I foolishly went to download a free program to play a music clip I wanted to listen to.. Have had nothing but trouble, ever since. I keep getting messages saying threat detected..dangerous URL blocked, etc.
It also installed a search engine that I can't find to get rid of, and hyjacked my home page
work smart..not hard.
This message has been edited since posting. Last time this message was edited on 12. November 2013 @ 22:57
|
|
ddp
Moderator
|
12. November 2013 @ 23:21 |
Link to this message
|
|
did you try a system restore to before that download?
|
|
Advertisement
|
|
|
AfterDawn Addict
|
13. November 2013 @ 00:45 |
Link to this message
|
Originally posted by ddp:
did you try a system restore to before that download?
Heather, please do not do a system restore.. Sorry ddp, I use it occasionally but Not for removing malware. I learned that System Restore will work ?sometimes? but most of the time NOT when removing some malware. It just was not designed for that purpose and will make it harder to clean the infected computer?
Go to my earlier post and run the 4 programs. Then post the logs here.
Please use the 64bit version of RogueKiller.
Go to -> http://forums.afterdawn.com/thread_jump.cfm/966455/5912771
After doing that, I will need a fresh OTL log.
--OTL--
Please download OTL by OldTimer to your Desktop.
If you already have a copy of OTL, delete it and use this version.
Double click OTL.exe to launch the program.
Check the following.
Scan all users.
Standard Output.
Lop check.
Purity check.
Under Extra Registry section, select Use SafeList
Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
When finished it will produce two logs.
OTL.txt (open on your desktop).
Extras.txt (minimized in your taskbar)
Please post me both logs
We can clean you and after I will recommend a couple of programs that should help greatly to keep you from getting messed again.
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
