Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Redirects, Pop Ups, IE cannot open [Solved]

Started by Evan_R , Dec 03 2013 09:30 PM

  • This topic is locked This topic is locked

#16
emeraldnzl
Posted 05 December 2013 - 06:30 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello Evan_R,

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

After that

Download : ADWCleaner to your desktop.

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon.

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy and paste back here. If a report doesn't appear, press the report button and Copy & Paste the contents on your next reply.

A copy of the report is also saved in the C:\AdwCleaner folder.

Finally in this post

Please run FRST again and post back the log it generates.

When you return please post
  • fixlist.txt
  • AswCleaner report
  • FRST.txt

  • 0

Advertisements

#17
Evan_R
Posted 05 December 2013 - 06:59 PM

Evan_R

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-12-2013
Ran by Evan at 2013-12-05 19:48:33 Run:3
Running from C:\Users\Evan\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
BHO-x32: Updater For Verizon Toolbar - {96673559-e653-4cdc-8923-f89347a952c0} - C:\Program Files (x86)\verizontb\auxi\verizonAu.dll No File
C:\Program Files (x86)\verizontb\auxi\verizonAu.dll
BHO-x32: Verizon Toolbar - {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll No File
C:\Program Files (x86)\verizontb\verizonDx.dll
Toolbar: HKLM-x32 - Verizon Toolbar - {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\verizontb.xml
C:\Program Files (x86)\mozilla firefox\searchplugins\verizontb.xml
*****************

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96673559-e653-4cdc-8923-f89347a952c0} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{96673559-e653-4cdc-8923-f89347a952c0} => Key deleted successfully.
"C:\Program Files (x86)\verizontb\auxi\verizonAu.dll" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f8d96645-337c-419b-8792-b6c126145811} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{f8d96645-337c-419b-8792-b6c126145811} => Key deleted successfully.
"C:\Program Files (x86)\verizontb\verizonDx.dll" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{f8d96645-337c-419b-8792-b6c126145811} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{f8d96645-337c-419b-8792-b6c126145811} => Key not found.
C:\Program Files (x86)\mozilla firefox\searchplugins\verizontb.xml => Moved successfully.
"C:\Program Files (x86)\mozilla firefox\searchplugins\verizontb.xml" => File/Directory not found.

==== End of Fixlog ====



# AdwCleaner v3.014 - Report created 05/12/2013 at 19:53:55
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Evan - EVAN-PC
# Running from : C:\Users\Evan\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[#] Folder Deleted : C:\ProgramData\BitGuard
[#] Folder Deleted : C:\ProgramData\Browser Manager
[#] Folder Deleted : C:\ProgramData\BrowserProtect
Folder Deleted : C:\Users\Evan\AppData\LocalLow\weDownload Manager Pro
Folder Deleted : C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\7oumt5cn.default\verizontb

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{96673559-E653-4CDC-8923-F89347A952C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8D96645-337C-419B-8792-B6C126145811}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{96673559-E653-4CDC-8923-F89347A952C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F8D96645-337C-419B-8792-B6C126145811}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Swift Browse
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\AppDataLow\Software\weDownload Manager Pro
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\weDownload Manager Pro
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\weDownload Manager Pro
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Swift Browse

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\7oumt5cn.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [4113 octets] - [05/12/2013 19:51:44]
AdwCleaner[S0].txt - [3953 octets] - [05/12/2013 19:53:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4013 octets] ##########




Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-12-2013
Ran by Evan (administrator) on EVAN-PC on 05-12-2013 19:57:09
Running from C:\Users\Evan\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgchsva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgrsa.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgtray.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgemca.exe
() C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [DellStage] - C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj [207350 2011-01-25] ()
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2399632 2011-04-13] (Microsoft Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5495680 2011-11-07] (SUPERAntiSpyware.com)
HKLM-x32\...\Run: [Dell Registration] - C:\Program Files (x86)\System Registration\prodreg.exe [4144448 2010-11-10] (Dell, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [79192 2011-02-18] (Research In Motion Limited)
HKLM-x32\...\Run: [AVG_TRAY] - C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2345592 2012-08-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG10\avgchsva.exe /syncC:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
DPF: HKLM-x32 {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://vpn.mlsli.com/XTSAC.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\7oumt5cn.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.amazon.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: New tab - C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\7oumt5cn.default\Extensions\{41B95867-9E43-5627-B90B-31E1FD82AD26}
FF Extension: Verizon Toolbar - C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\7oumt5cn.default\Extensions\{96ce3418-8ef3-45b5-8808-de5dbe03fb13}
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG10\Firefox4\
FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG10\Firefox4\

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2011-08-11] (SUPERAntiSpyware.com)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [350792 2013-09-13] (Verizon)
S3 PeerDistSvc; C:\Windows\system32\peerdistsvc.dll [1361920 2009-07-13] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [118864 2011-05-27] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [26704 2011-02-22] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [29264 2011-02-10] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [312160 2012-11-12] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [41552 2011-03-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [37456 2011-03-16] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [377936 2011-04-04] (AVG Technologies CZ, s.r.o.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74240 2011-02-16] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-05 19:57 - 2013-12-05 19:57 - 00011810 _____ C:\Users\Evan\Desktop\FRST.txt
2013-12-05 19:56 - 2013-12-05 19:56 - 00004129 _____ C:\Users\Evan\Desktop\AdwCleaner[S0].txt
2013-12-05 19:51 - 2013-12-05 19:53 - 00000000 ____D C:\AdwCleaner
2013-12-05 19:50 - 2013-12-05 19:50 - 01110034 _____ C:\Users\Evan\Desktop\AdwCleaner.exe
2013-12-05 18:55 - 2013-12-05 18:55 - 00000000 ____D C:\Users\Evan\Desktop\FRST-OlderVersion
2013-12-05 15:41 - 2013-12-05 15:41 - 02347384 _____ (ESET) C:\Users\Evan\Downloads\esetsmartinstaller_enu.exe
2013-12-05 15:41 - 2013-12-05 15:41 - 00000000 ____D C:\Program Files (x86)\ESET
2013-12-04 21:48 - 2013-12-04 21:48 - 00019763 _____ C:\ComboFix.txt
2013-12-04 21:35 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-04 21:35 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-04 21:35 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-04 21:35 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-04 21:35 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-04 21:35 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-04 21:35 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-04 21:35 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-04 21:33 - 2013-12-04 21:48 - 00000000 ____D C:\Qoobox
2013-12-04 21:33 - 2013-12-04 21:47 - 00000000 ____D C:\Windows\erdnt
2013-12-04 21:32 - 2013-12-04 21:32 - 05152313 ____R (Swearware) C:\Users\Evan\Desktop\ComboFix.exe
2013-12-04 17:30 - 2013-12-04 17:30 - 00000000 ____D C:\Windows\ERUNT
2013-12-04 17:28 - 2013-12-04 17:28 - 01034531 _____ (Thisisu) C:\Users\Evan\Desktop\JRT.exe
2013-12-04 16:02 - 2013-12-04 16:03 - 00032129 _____ C:\Users\Evan\Downloads\Addition.txt
2013-12-04 16:02 - 2013-12-04 16:03 - 00031187 _____ C:\Users\Evan\Downloads\FRST.txt
2013-12-04 16:00 - 2013-12-05 18:55 - 01925140 _____ (Farbar) C:\Users\Evan\Desktop\FRST64.exe
2013-12-04 16:00 - 2013-12-05 18:55 - 00000000 ____D C:\FRST
2013-12-04 15:59 - 2013-12-04 15:59 - 01092683 _____ (Farbar) C:\Users\Evan\Downloads\FRST.exe
2013-12-03 22:29 - 2013-12-03 22:29 - 00066278 _____ C:\Users\Evan\Downloads\Extras.Txt
2013-12-03 22:28 - 2013-12-03 22:28 - 00092984 _____ C:\Users\Evan\Downloads\OTL.Txt
2013-12-03 22:23 - 2013-12-03 22:23 - 00602112 _____ (OldTimer Tools) C:\Users\Evan\Downloads\OTL.exe
2013-12-03 22:02 - 2013-12-03 22:02 - 25326496 _____ (Microsoft Corporation) C:\Users\Evan\Downloads\EIE10-EN-US-WOL-Win7.EXE
2013-12-01 10:57 - 2013-12-01 10:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-17 23:04 - 2013-10-12 03:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-17 23:04 - 2013-10-12 03:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-17 23:04 - 2013-10-12 03:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-17 23:04 - 2013-10-12 03:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-17 23:04 - 2013-10-12 03:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-17 23:04 - 2013-10-12 03:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-17 23:04 - 2013-10-12 03:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-17 23:04 - 2013-10-12 03:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-17 23:04 - 2013-10-12 03:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-17 23:04 - 2013-10-12 03:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-17 23:04 - 2013-10-12 03:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-17 23:04 - 2013-10-12 03:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-17 23:04 - 2013-10-12 03:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-17 23:04 - 2013-10-12 03:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-17 23:04 - 2013-10-12 02:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-17 23:04 - 2013-10-12 02:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-17 23:04 - 2013-10-12 02:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-17 23:04 - 2013-10-12 02:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-17 23:04 - 2013-10-12 02:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-17 23:04 - 2013-10-12 02:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-17 23:04 - 2013-10-12 02:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-17 23:04 - 2013-10-12 02:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-17 23:04 - 2013-10-12 02:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-17 23:04 - 2013-10-12 02:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-17 23:04 - 2013-10-12 02:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-17 23:04 - 2013-10-12 02:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-17 23:04 - 2013-10-12 02:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-17 23:04 - 2013-10-12 01:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-17 23:04 - 2013-10-12 01:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-17 23:04 - 2013-10-12 00:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-17 23:04 - 2013-10-12 00:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-17 18:18 - 2013-10-11 21:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-17 18:18 - 2013-10-11 21:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-17 18:18 - 2013-10-11 21:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-17 18:18 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-17 18:18 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-17 18:18 - 2013-10-05 15:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-17 18:18 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-17 18:18 - 2013-10-03 21:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-17 18:18 - 2013-10-03 21:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-17 18:18 - 2013-10-03 21:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-17 18:18 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-17 18:18 - 2013-10-03 20:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-17 18:18 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-17 18:18 - 2013-10-02 21:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-17 18:18 - 2013-10-02 21:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-17 18:18 - 2013-09-27 20:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-17 18:18 - 2013-09-24 21:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-17 18:18 - 2013-09-24 21:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-17 18:18 - 2013-09-24 21:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-17 18:18 - 2013-09-24 21:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-17 18:18 - 2013-09-24 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-17 18:18 - 2013-09-24 21:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-17 18:18 - 2013-09-24 21:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-17 18:18 - 2013-09-24 21:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-17 18:18 - 2013-09-24 20:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-17 18:18 - 2013-09-24 20:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-17 18:18 - 2013-09-24 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-17 18:18 - 2013-09-24 20:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-17 18:18 - 2013-09-24 20:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-17 18:18 - 2013-07-04 07:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

==================== One Month Modified Files and Folders =======

2013-12-05 19:57 - 2013-12-05 19:57 - 00011810 _____ C:\Users\Evan\Desktop\FRST.txt
2013-12-05 19:56 - 2013-12-05 19:56 - 00004129 _____ C:\Users\Evan\Desktop\AdwCleaner[S0].txt
2013-12-05 19:55 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-05 19:55 - 2009-07-13 23:51 - 00080630 _____ C:\Windows\setupact.log
2013-12-05 19:54 - 2011-05-31 06:58 - 01295014 _____ C:\Windows\WindowsUpdate.log
2013-12-05 19:53 - 2013-12-05 19:51 - 00000000 ____D C:\AdwCleaner
2013-12-05 19:50 - 2013-12-05 19:50 - 01110034 _____ C:\Users\Evan\Desktop\AdwCleaner.exe
2013-12-05 19:08 - 2012-09-03 16:10 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-05 18:55 - 2013-12-05 18:55 - 00000000 ____D C:\Users\Evan\Desktop\FRST-OlderVersion
2013-12-05 18:55 - 2013-12-04 16:00 - 01925140 _____ (Farbar) C:\Users\Evan\Desktop\FRST64.exe
2013-12-05 18:55 - 2013-12-04 16:00 - 00000000 ____D C:\FRST
2013-12-05 17:29 - 2011-06-30 21:53 - 00000000 ____D C:\Windows\system32\Drivers\AVG
2013-12-05 16:51 - 2011-05-31 07:03 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-12-05 15:45 - 2009-07-13 23:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-05 15:45 - 2009-07-13 23:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-05 15:41 - 2013-12-05 15:41 - 02347384 _____ (ESET) C:\Users\Evan\Downloads\esetsmartinstaller_enu.exe
2013-12-05 15:41 - 2013-12-05 15:41 - 00000000 ____D C:\Program Files (x86)\ESET
2013-12-05 15:17 - 2013-05-21 19:37 - 00003440 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2013-12-05 15:10 - 2009-07-14 00:13 - 00779266 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-04 21:59 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-12-04 21:48 - 2013-12-04 21:48 - 00019763 _____ C:\ComboFix.txt
2013-12-04 21:48 - 2013-12-04 21:33 - 00000000 ____D C:\Qoobox
2013-12-04 21:48 - 2009-07-13 22:20 - 00000000 ____D C:\Users\Default
2013-12-04 21:47 - 2013-12-04 21:33 - 00000000 ____D C:\Windows\erdnt
2013-12-04 21:47 - 2011-06-30 11:59 - 00000000 ___RD C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-04 21:44 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2013-12-04 21:43 - 2010-11-20 22:47 - 00228108 _____ C:\Windows\PFRO.log
2013-12-04 21:32 - 2013-12-04 21:32 - 05152313 ____R (Swearware) C:\Users\Evan\Desktop\ComboFix.exe
2013-12-04 17:30 - 2013-12-04 17:30 - 00000000 ____D C:\Windows\ERUNT
2013-12-04 17:28 - 2013-12-04 17:28 - 01034531 _____ (Thisisu) C:\Users\Evan\Desktop\JRT.exe
2013-12-04 16:03 - 2013-12-04 16:02 - 00032129 _____ C:\Users\Evan\Downloads\Addition.txt
2013-12-04 16:03 - 2013-12-04 16:02 - 00031187 _____ C:\Users\Evan\Downloads\FRST.txt
2013-12-04 15:59 - 2013-12-04 15:59 - 01092683 _____ (Farbar) C:\Users\Evan\Downloads\FRST.exe
2013-12-03 22:29 - 2013-12-03 22:29 - 00066278 _____ C:\Users\Evan\Downloads\Extras.Txt
2013-12-03 22:28 - 2013-12-03 22:28 - 00092984 _____ C:\Users\Evan\Downloads\OTL.Txt
2013-12-03 22:23 - 2013-12-03 22:23 - 00602112 _____ (OldTimer Tools) C:\Users\Evan\Downloads\OTL.exe
2013-12-03 22:16 - 2011-07-01 14:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-03 22:14 - 2009-07-14 00:08 - 00032572 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-03 22:03 - 2013-06-05 22:20 - 00007849 _____ C:\Windows\IE10_main.log
2013-12-03 22:02 - 2013-12-03 22:02 - 25326496 _____ (Microsoft Corporation) C:\Users\Evan\Downloads\EIE10-EN-US-WOL-Win7.EXE
2013-12-01 18:20 - 2013-04-29 19:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-01 10:57 - 2013-12-01 10:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-29 17:29 - 2011-07-01 14:01 - 00000000 ____D C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2013-11-17 23:04 - 2011-07-09 11:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-17 18:26 - 2013-05-21 19:36 - 00000000 ____D C:\Program Files\My Dell
2013-11-17 18:26 - 2011-06-30 15:00 - 00000000 ____D C:\ProgramData\PCDr

Files to move or delete:
====================
C:\Users\Evan\Firefox-20Setup-2020.0.1.exe


Some content of TEMP:
====================
C:\Users\Evan\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-04-24 17:57

==================== End Of Log ============================
  • 0

#18
emeraldnzl
Posted 05 December 2013 - 07:08 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Also tell me how it looks now. Are you seeing any ASK or Conduit items?
  • 0

#19
Evan_R
Posted 05 December 2013 - 07:21 PM

Evan_R

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Hi, I'm not seeing Ask or Conduit anymore. Everything's running smoothly right now except my AVG alert just said it blocked a threat. Not sure if that's normal or not. I'm not seeing the java update request at the moment, if it comes back should I update? Thanks again, here's the log:




Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-12-2013
Ran by Evan at 2013-12-05 20:19:17 Run:4
Running from C:\Users\Evan\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Evan\Firefox-20Setup-2020.0.1.exe
C:\Users\Evan\AppData\Local\Temp\Quarantine.exe
*****************

C:\Users\Evan\Firefox-20Setup-2020.0.1.exe => Moved successfully.
C:\Users\Evan\AppData\Local\Temp\Quarantine.exe => Moved successfully.

==== End of Fixlog ====
  • 0

#20
emeraldnzl
Posted 05 December 2013 - 07:40 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

should I update?


Yes, allow it to update. There is a warning about Java that you will see below in my instructions about cleaning away the tools we have been using.

AVG alert just said it blocked a threat.


Don't know what that might be.

Unless you have anything else you want to bring up I think we will go to clearing away the tools we have been using. After that I will leave the topic open for a few days in case anything raises it's ugly head.

Now

We have a couple of last steps to perform and then you're all set.Posted Image

Follow these steps to uninstall Combofix and tools used in the removal of malware. This will also clean out and reset your Restore Points.

  • Go to Start > Programs > Accessories and click on Run
  • Copy and paste the the bolded text below in the box then hit OK

    Combofix /Uninstall

    Posted Image
Step 2
  • Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
To remove AdwCleaner double click on adwcleaner.exe to run the tool.
Click on Uninstall, then confirm with yes to remove AdwCleaner from your computer.

To uninstall ESET OnlineScanner

Go to Start and type in the Search programs and files box ESET

Click on the ESET folder

Right Click on OnlineScannerUninstaller and run as Administrator

Click yes to run

Any remaining tools may be deleted.

-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to (re-install if uninstalled during cleaning) update and turn back on any anti-malware programs you may have turned off during the cleaning process.
-------------------------------------------------------------------------------------------------------------------

Here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them.

----------------------------------------------------------------------------------------------------------------------

Java warning

Java is a popular point of entry to your computer for malicous programs. The United States Department of Homeland Security recommends that computer users disable Java, see here. Unless you need it to run an important software the safest approach is to completely uninstall Java. Where you do require it, then the next safest option is to disable it in your browsers until you need it, then enable it.

How to disable Java in your web browser and How to unplug Java from the browser

If you do still need Java then regularly check that it is up to date. Older versions are the most vulnerable to malicious attack.

  • Download Java for Windows

    Reboot your computer.
    You also need to unininstall older versions of Java.
  • Click Start > Control Panel > Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
--------------------------------------------------------------------------------------------------------------------

CryptoLocker Warning

There is a particularly nasty infection out there at the moment.

Go here for information about CryptoLocker Ransomeware

Download CryptoPrevent free for home use.

--------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future:



If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

* Click Start > Control Panel > System and Security > Windows Update
* Under Windows Update click on Turn automatic updating on or off
* Check items shown to ensure you receive updates automatically. Click OK.

Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

A fun way to check your online safety literacy.

Quiz - getsafeonline

Have a safe and happy computing day!
  • 0

#21
Evan_R
Posted 05 December 2013 - 08:05 PM

Evan_R

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Ok thank you so much! All programs are removed, java is updated and disabled and I will look into that cryptolocker blocker after I post this. Thanks again for all your help!

Evan
  • 0

#22
emeraldnzl
Posted 05 December 2013 - 08:10 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Ok thank you so much!


You are very welcome. :happy:

As I mentioned above, I will leave this topic open for a day or two in case any issues arise.
  • 0

#23
Evan_R
Posted 05 December 2013 - 08:15 PM

Evan_R

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Ok great, hopefully you won't hear from me. :)
  • 0

#24
emeraldnzl
Posted 09 December 2013 - 01:10 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP