Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Redirects, Trojan Virus, Unwanted Programs [Solved]


  • This topic is locked This topic is locked

#16
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello LoFig

I want you to reset firefox back to defaults, this will remove everything from Firefox

I will let you keep your bookmarks so to do that you can go here - Export BookMarks

Now to reset firefox do the following.

  • At the top of the Firefox window, click the "Firefox" button,
  • go over to the "Help" sub-menu
    • (on Windows XP, click the Help menu at the top of the Firefox window) and select "Troubleshooting Information".
  • Click the "Reset Firefox" button in the upper-right corner of the Troubleshooting Information page.
  • click "Reset Firefox" in the confirmation window that opens.
  • Firefox will close and be reset. When it's done. Click "Finish" and Firefox will open.

restart the computer and check firefox for me now

Gringo
  • 0

Advertisements


#17
LoFig

LoFig

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi Gringo, thanks so much, gave that a go with Firefox... however it didn't help... Flash is still inoperable. I even downloaded the latest player again, just to see if that would help.

I ran the clean up utility, it left a lot of programs still installed (hijack this, JRT, Adwcleaner). Should I just uninstall those manually?

I ran my computer through you guys and man, did it help! This is my mom's computer, and it still seems to be quite slow... especially on startup... I'm wondering, did we miss uninstalling some potentially dangerous software?

Windows defender is also still inoperable. So the computer has no anti virus.

Thanks for all your time!
  • 0

#18
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello LoFig

I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================

and I will see if I want to see the whole report

--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+

send me the reports made from TDSSKiller and Roguekiller and also let me know how the computer is doing at this time.

Gringo
  • 0

#19
LoFig

LoFig

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Here's the reports. TDSSKiller didn't find anything, but I'll post the log anyways... Rogue Killer found a few things, but the log it generated had a different name than the one you asked for. I'll include that log... The computer is running a tiny bit faster, Firefox is still not working correctly, and windows defender still says it's turned off... Thank you again for your patience in helping us!!




10:46:51.0603 0x1378 ============================================================
10:46:51.0603 0x1378 Scan finished
10:46:51.0603 0x1378 ============================================================
10:46:51.0618 0x1370 Detected object count: 0
10:46:51.0619 0x1370 Actual detected object count: 0




RogueKiller V8.7.11 _x64_ [Nov 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : lofig [Admin rights]
Mode : Scan -- Date : 12/07/2013 10:53:21
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 1 ¤¤¤
[lofig][SUSP PATH] Verizon Wireless Software Utility Application for Android ??� Samsung.lnk : C:\Users\lofig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android ??� Samsung.lnk @C:\Users\lofig\AppData\Roaming\Verizon\UA_ar\UA.exe [-][7] -> FOUND

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST500DM0 02-1BD142 SATA Disk Device +++++
--- User ---
[MBR] a111cf260cab8db59abab5f4146afa69
[BSP] 680c11f3179a15d45c7a356b51055820 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_12072013_105321.txt >>
  • 0

#20
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello LoFig

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit
2.Unzip the contents to a folder in a convenient location.
3.Open the folder where the contents were unzipped and run mbar.exe
4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
6.Wait while the system shuts down and the cleanup process is performed.
7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
•Internet access
•Windows Update
•Windows Firewall9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
10.Verify that your system is now functioning normally.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

When you are complete please send me both reports

Gringo
  • 0

#21
LoFig

LoFig

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Okay ran those programs. Mbar didn't find anything. The aswMBR program didn't ask to update any files, said there was an error, and finished the scan in about 2 seconds, not sure if it's behaving correctly. Here's the log:


aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-12-08 15:45:59
-----------------------------
15:45:59.918 OS Version: Windows x64 6.2.9200
15:45:59.918 Number of processors: 2 586 0x1001
15:45:59.919 ComputerName: BIGBOB UserName: lofig
15:46:00.302 Initialze error 1
15:46:00.495 AVAST engine defs: 13120801
15:46:49.462 Disk 0 MBR fix error
15:47:01.244 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000031
15:47:01.246 Disk 0 Vendor: ST500DM002-1BD142 HP73 Size: 476940MB BusType: 11
15:47:01.249 Disk 0 MBR read successfully
15:47:01.251 Disk 0 MBR scan
15:47:01.254 Disk 0 unknown MBR code
15:47:01.257 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
15:47:01.266 Disk 0 scanning C:\windows\system32\drivers
15:47:01.270 Service scanning
15:47:01.863 Modules scanning
15:47:01.871 Disk 0 trace - called modules:
15:47:01.883
15:47:01.891 AVAST engine scan C:\windows
15:47:01.901 AVAST engine scan C:\windows\system32
15:47:01.910 AVAST engine scan C:\windows\system32\drivers
15:47:01.917 AVAST engine scan C:\Users\lofig
15:47:01.923 AVAST engine scan C:\ProgramData
15:47:01.929 Scan finished successfully
15:47:43.747 Disk 0 MBR has been saved successfully to "C:\Users\lofig\Desktop\MBR.dat"
15:47:43.754 The log file has been saved successfully to "C:\Users\lofig\Desktop\aswMBR.txt"
  • 0

#22
LoFig

LoFig

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hiya, did you get busy? Thinking maybe a clean install of windows is my best option if problems persist? What do you think?
  • 0

#23
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Very sorry for the delays - I keep coming back to you and going over things but I am not seeing what could be the problem


gringo
  • 0

#24
LoFig

LoFig

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
No problem! Thank you for replying. Windows 8 did this weird thing and forced us to upgrade to 8.1, and forced the us to get a windows live account. Shortly after my mom was browsing, and saw a remote access notification, she checked where the windows live account was being used from and it was being used from San Francisco, we don't live in San Fran. Anyways, thank you so much for all your time and effort..!
  • 0

#25
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
you are more than welcome

gringo
  • 0

Advertisements


#26
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP