Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My homepage keeps changing [Solved]


  • This topic is locked This topic is locked

#31
passingthru

passingthru

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts

See my last post.



Right.
  • 0

Advertisements


#32
passingthru

passingthru

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
This was quite the odyssey just to fix my homepage.

Here's the logs:


"Fixlog.txt"

------------------------

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-12-2013
Ran by Larry Valencia at 2013-12-12 23:41:47 Run:1
Running from C:\Users\Larry Valencia\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
C:\Program Files (x86)\IObit
C:\Windows\system32\config\SOFTWARE.iobit
C:\Windows\system32\config\COMPONENTS.iobit
C:\Windows\system32\config\DEFAULT.iobit
C:\Windows\system32\config\SAM.iobit
C:\ProgramData\IObit
C:\Users\Larry Valencia\AppData\Roaming\IObit
C:\Users\Larry Valencia\Downloads\asc7-setup.exe
Task: {7F37211A-71DE-45F5-9FC1-C7B8ABD7555E} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2013-11-08] (IObit)
C:\Program Files (x86)\IObit\Driver Booster
Task: {DFDF4BDC-C734-4F1C-A64E-633CE0A4D51F} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2013-11-04] (IObit)


*****************

C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe => Moved successfully.
WinRing0_1_2_0 => Service deleted successfully.
C:\Program Files (x86)\IObit => Moved successfully.
C:\Windows\system32\config\SOFTWARE.iobit => Moved successfully.
C:\Windows\system32\config\COMPONENTS.iobit => Moved successfully.
C:\Windows\system32\config\DEFAULT.iobit => Moved successfully.
C:\Windows\system32\config\SAM.iobit => Moved successfully.
C:\ProgramData\IObit => Moved successfully.
C:\Users\Larry Valencia\AppData\Roaming\IObit => Moved successfully.
C:\Users\Larry Valencia\Downloads\asc7-setup.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7F37211A-71DE-45F5-9FC1-C7B8ABD7555E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F37211A-71DE-45F5-9FC1-C7B8ABD7555E} => Key deleted successfully.
C:\Windows\System32\Tasks\Driver Booster Scan => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scan => Key deleted successfully.
"C:\Program Files (x86)\IObit\Driver Booster" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DFDF4BDC-C734-4F1C-A64E-633CE0A4D51F} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFDF4BDC-C734-4F1C-A64E-633CE0A4D51F} => Key deleted successfully.
C:\Windows\System32\Tasks\Driver Booster Update => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Update => Key deleted successfully.


The system needs a manual reboot.

==== End of Fixlog ====



Here's "JRT.txt"

----------------------------------------

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Larry Valencia on Fri 12/13/2013 at 0:18:53.97
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\search settings



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Larry Valencia\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\spigot"
Successfully deleted: [Empty Folder] C:\Users\Larry Valencia\appdata\local\{1B5B1EDE-9D36-4317-8C83-3683900C94AE}
Successfully deleted: [Empty Folder] C:\Users\Larry Valencia\appdata\local\{88E715B1-C894-4DBF-AA06-8A6FCC9B3B19}



~~~ FireFox

Successfully deleted: [File] C:\Users\Larry Valencia\AppData\Roaming\mozilla\firefox\profiles\t6hker2i.default\user.js
Successfully deleted: [File] C:\Users\Larry Valencia\AppData\Roaming\mozilla\firefox\profiles\t6hker2i.default\invalidprefs.js
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{acaa314b-eeba-48e4-ad47-84e31c44796c}
Successfully deleted the following from C:\Users\Larry Valencia\AppData\Roaming\mozilla\firefox\profiles\t6hker2i.default\prefs.js

user_pref("extensions.trusted-ads.TrustAd", "{\"r\":[{\"t\":\"FQDN\",\"r\":\"trustedads.adtrustmedia.com\",\"c\":[{\"i\":\"1\",\"s\":[\"display.clickpoint.com\",\"www.africawi



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 12/13/2013 at 0:31:02.01
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#33
passingthru

passingthru

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
I closed the black window.
  • 0

#34
passingthru

passingthru

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
I guess you're busy looking thru a TON of logs there, but I just wanted to ask, how does one determine the computer's status stability-wise? If you don't have Systemcare that is?

And how do you determine how many privacy issues you currently have?
  • 0

#35
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello again passingthru,

This was quite the odyssey just to fix my homepage.


Correct but you implied you had difficulty changing it and there were signs of trackware/foistware there.

I open my Firefox again and once again my homepage is back to being the yahoo searchpage.

And, you had IOBit which has a record of trackware and adware which we have found and removed.

Further

You are using Comodo which nowadays brings it's own foistware in the form of the Yahoo search engine. See my comments:

In the past I had Comodo and recommended it. I thought it one of the best Firewalls around. A while ago they decided to go the Ask way although lately it has been changed to Yahoo i.e. you have to uncheck a box to avoid having your search provider changed. That is Foistware which I don't agree with. For that reason and because they have added a quasi AV to their Firewall which sometimes runs into conflict issues with other AVs on a particular machine I no-longer have it.

Posted Image

Alternatively this is what I recommend at the moment.

Here are two good firewalls free for personal use:

For you own situation though you might think about these comments:

Microsoft Security Essentials together with Windows Firewall (which comes with Windows) is probably a good choice for the run of the mill user. This because it is light on resources, it is unobtrusive (it works away in the background without interrupting) and you don't have to be an expert. Firewalls have a habit of flagging suspicious files and asking the user to decide whether to accept the file or not. Often the run of the mill user has no idea about what a particular file does and just says no to everything... down the track they wonder why programs they use regularly suddenly stop working or maybe they try and download something they frequently downloaded in the past but now find they can't.

One other comment I would make:

How does somebody create a system restore point, that's something you do before undertaking something big right?


That is good policy and in some situations where I think risk is likely, I do recommend setting a restore point or depending on the OS creating one with the tools we use. In your machines situation however I was 99% sure that there was a relatively recent restore point already there.

Now

It's good practise to run an on line scan to check that we haven't missed anything.

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • If you are given an option to quarantine files ensure the scan is set to do so.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

  • 0

#36
passingthru

passingthru

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
"Another antivirus software was detected. This may effect the performance and quality of the scan."

I clicked "show list" expecting it to detect my Microsoft Security Essentials, but instead, it says "Comodo Antivirus".

Wha?.. I don't have Comodo Antivirus, I have Comodo Firewall. The only antivirus I have is MSE and MalwareBytes.


Regarding Comodo.. I've been known to visit some of the naughtier sections of the internet from time to time for women pics or vids. Because of that I always figured I was much more vulnerable to attack from potential hackers if I click on a link or try to download a video. That's why I installed Comodo, I was told it was the 'extra super safe' firewall. However, you're right, it would constantly flag applications and ask me if I would allow. I would look at the program and have no idea if it was actually vital to my computer or just a threat. It seems the only way NOT to screw up your computer is to leave your firewall so open that the hacker can do it for you. : (

What should I do?

Edited by passingthru, 13 December 2013 - 01:00 AM.

  • 0

#37
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

Wha?.. I don't have Comodo Antivirus, I have Comodo Firewall.


See my note about Comodo and the AV that comes with it.
  • 0

#38
passingthru

passingthru

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts

Wha?.. I don't have Comodo Antivirus, I have Comodo Firewall.


See my note about Comodo and the AV that comes with it.



Should I go thru with the ESET Scan and take my chances?



What about this?(below)

Regarding Comodo.. I've been known to visit some of the naughtier sections of the internet from time to time for women pics or vids. Because of that I always figured I was much more vulnerable to attack from potential hackers if I click on a link or try to download a video. That's why I installed Comodo, I was told it was the 'extra super safe' firewall. However, you're right, it would constantly flag applications and ask me if I would allow. I would look at the program and have no idea if it was actually vital to my computer or just a threat. It seems the only way NOT to screw up your computer is to leave your firewall so open that the hacker can do it for you. : (



What would you recommend in that situation? Am I better off with "OnLine-Armour"?
  • 0

#39
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

Should I go thru with the ESET Scan and take my chances?


Up to you. It is a good thing to run an online anti-virus check just to make sure.

See if you can disable Comodo AV.

If it doesn't work, tell me.
  • 0

#40
passingthru

passingthru

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Alright it's done, two threats found. Went into C:\Program Files\ESET\EsetOnlineScanner\log.txt. and copied the log. "Uninstall application on close" box is checked.

Do I also check the box that says "delete quarantined files" before I hit finish?
  • 0

Advertisements


#41
passingthru

passingthru

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Here's the log text by the way:

------------------------------------

[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b205846df36ff8439c8daeb2ca591554
# engine=16253
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-12-13 08:26:24
# local_time=2013-12-13 03:26:24 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3074 16777213 100 84 0 20767624 0 0
# compatibility_mode=5893 16776574 100 94 1582037 138466634 0 0
# scanned=116524
# found=2
# cleaned=2
# scan_time=4032
sh=C5A07C6647A4228B39A382EE5246235CFDD94A82 ft=1 fh=1901ca3fd08316cd vn="a variant of Win32/CNETInstaller.B application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Larry Valencia\Downloads\cbsidlm-cbsi134-RealPlayer-SEO-10073040.exe"
sh=440FBA60C8C5A5E9A78E68D2BB601C0085D657A2 ft=1 fh=6c3bd88ea8dd5a4e vn="Win32/OpenCandy application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Larry Valencia\Downloads\FreeStudio.exe"
  • 0

#42
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello passingthru,

how does one determine the computer's status stability-wise? If you don't have Systemcare that is?


Depends on what you mean. I just watch the symptoms on my machine. If it becomes slow or makes noises or gets too hot, then I take remedial action e.g. clean it out (remove the dust) or run some scans. I don't bother with monitoring programs.

Can you install Advanced System Care without the rest of the stuff from IOBit? If so, and you feel the need to monitor things, then do that.

What would you recommend in that situation? Am I better off with "OnLine-Armour"?


You have read my piece on Microsoft Security Essentials and Windows Firewall. If you want something more than that then one of those I listed would do the job or you could stay with Comodo; up to you.

And how do you determine how many privacy issues you currently have?


I am not sure what you want here. I just use MSI and the Windows firewall and common sense. There are a number of products out there to protect your privacy but I am not an expert in them.

A colleague has carried out some research on Keyloggers though that might be of interest.

He says:

"If the keylogger is software based, the best free antikeylogger software I know is IHateKeyloggers.. I tested it myself on 5 different commercial keyloggers.. While it can't block screencapture, it blocks all commercial keystroke logging software that I tested (yes, all commercial keylogger program that I tested).. It won't remove the keylogger software, but it will blok the keystroke from being logged. There maybe others but I strongly recommend IHateKeyloggers"

http://dewasoft.com/...-keyloggers.htm

For hardware based keyloggers he provides these links with some information:

http://dewasoft.com/...-keyloggers.htm

http://www.keelog.com/diy.html

If you're afraid of keylogging passwords use a password program like Password Corral or Password Vault. That way the only things logged will be stuff like Ctrl-F1, Ctrl-V instead of ***************************************** ( I guess you use good passwords?).

KeyScrambler is very good as well, its a Firefox add-on

Do I also check the box that says "delete quarantined files" before I hit finish?


In my instruction. I see you must have seen it.

Now

I assume your Home page is okay now. Unless your machine is still showing problems we will go to clearing away the tools we have been using.

There are a couple of last steps to perform and then you're all set.Posted Image

  • Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
Step 2

To uninstall ESET OnlineScanner

Go to Start and type in the Search programs and files box ESET

Click on the ESET folder

Right Click on OnlineScannerUninstaller and run as Administrator

Click yes to run

Step 3

To remove Farbar Recovery Scan Tool files navigate to the %SystemDrive%\FRST (usually C:\FRST) folder and delete the folder. If for some reason it doesn't work, tell me.

Any remaining tools may be deleted.

Next, we need to clean your restore points and set a new one:

Open System by clicking the Start button, right-clicking Computer, and then clicking Properties.

  • In the left pane, click System protection. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
  • Under Protection Settings, click the radio button Configure.
  • Under Disk Space Usage, click the radio button Delete.
  • Click Continue, and then click OK.
-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to (re-install if uninstalled during cleaning) update and turn back on any anti-malware programs you may have turned off during the cleaning process.
-------------------------------------------------------------------------------------------------------------------

Here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them.

----------------------------------------------------------------------------------------------------------------------

Java warning

Java is a popular point of entry to your computer for malicous programs. The United States Department of Homeland Security recommends that computer users disable Java, see here. Unless you need it to run an important software the safest approach is to completely uninstall Java. Where you do require it, then the next safest option is to disable it in your browsers until you need it, then enable it.

How to disable Java in your web browser and How to unplug Java from the browser

If you do still need Java then regularly check that it is up to date. Older versions are the most vulnerable to malicious attack.

  • Download Java for Windows

    Reboot your computer.
    You also need to unininstall older versions of Java.
  • Click Start > Control Panel > Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
--------------------------------------------------------------------------------------------------------------------

CryptoLocker Warning

There is a particularly nasty infection out there at the moment.

Go here for information about CryptoLocker Ransomeware

Download CryptoPrevent free for home use.

--------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future:



If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

* Click Start > Control Panel > System and Security > Windows Update
* Under Windows Update click on Turn automatic updating on or off
* Check items shown to ensure you receive updates automatically. Click OK.

Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

A fun way to check your online safety literacy.

Quiz - getsafeonline

Have a safe and happy computing day!
  • 0

#43
passingthru

passingthru

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts

Step 2

To uninstall ESET OnlineScanner

Go to Start and type in the Search programs and files box ESET

Click on the ESET folder

Right Click on OnlineScannerUninstaller and run as Administrator

Click yes to run




When I click on ESET folder I get "The item 'ESET Online scanner' that this shortcut refers to has been changed or moved, so this shortcut will no longer work properly. Do you want to delete this shortcut?"
  • 0

#44
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

When I click on ESET folder I get "The item 'ESET Online scanner' that this shortcut refers to has been changed or moved, so this shortcut will no longer work properly. Do you want to delete this shortcut?"


Yes, just delete it and the ESET folder. My instructions must need updating. Thanks for the heads up.
  • 0

#45
passingthru

passingthru

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
I'm looking in the C drive, but I'm having trouble finding this:

%SystemDrive%\FRST (usually C:\FRST)



What about JRT?

Edited by passingthru, 13 December 2013 - 05:33 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP