Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

V-bates-Trovi-DuckDuckGo [Solved]


  • This topic is locked This topic is locked

#16
Elisheba

Elisheba

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

Here is the Fixlog Txt.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-05-2014
Ran by Owner at 2014-05-23 15:34:28 Run:1
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Task: {0FA78865-6ED5-46EF-8410-A6F906810811} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION
Task: {1BF428C8-8855-4C2F-8DA8-D3864A82EBEE} - \Mext Guard FBE8818C-5B13-48C2-A93E-AD731167DBF2 No Task File <==== ATTENTION
C:\Program Files (x86)\Ask.com
2014-05-12 17:15 - 2014-05-15 15:13 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-05-17 11:03 - 2014-05-17 11:03 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-05-17 00:48 - 2014-05-16 19:51 - 00000000 ____D () C:\ProgramData\Avg
2014-05-17 00:48 - 2014-05-16 19:51 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-05-17 00:40 - 2014-05-16 19:54 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-17 00:34 - 2012-04-19 21:52 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-16 23:08 - 2014-05-15 17:00 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-16 23:08 - 2014-05-15 17:00 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-05-17 08:30 - 2012-05-20 19:12 - 00000000 ____D () C:\Program Files (x86)\Movie Maker 2.6
End
*****************
 
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0FA78865-6ED5-46EF-8410-A6F906810811} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0FA78865-6ED5-46EF-8410-A6F906810811} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Desk 365 RunAsStdUser => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1BF428C8-8855-4C2F-8DA8-D3864A82EBEE} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1BF428C8-8855-4C2F-8DA8-D3864A82EBEE} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mext Guard FBE8818C-5B13-48C2-A93E-AD731167DBF2 => Key deleted successfully.
"C:\Program Files (x86)\Ask.com" => File/Directory not found.
C:\ProgramData\HitmanPro => Moved successfully.
C:\Windows\system32\bootdelete.exe => Moved successfully.
C:\ProgramData\Avg => Moved successfully.
C:\Program Files (x86)\AVG => Moved successfully.
C:\ProgramData\MFAData => Moved successfully.
C:\Program Files (x86)\VS Revo Group => Moved successfully.
C:\ProgramData\Spybot - Search & Destroy => Moved successfully.
C:\Program Files (x86)\Spybot - Search & Destroy => Moved successfully.
C:\Program Files (x86)\Movie Maker 2.6 => Moved successfully.
 
==== End of Fixlog ====
 
And thank you for the link to GeekU!  :thumbsup:

  • 0

Advertisements


#17
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

And thank you for the link to GeekU! :thumbsup:


You're quite welcome. :)

Let's run some scans and see if there's any remnants lurking and check for out of date programs. :thumbsup:


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

MBAMScan_zps8ba7d192.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop



Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 3: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

  • 0

#18
Elisheba

Elisheba

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

What version of Mbam do you have? Mine doesnt look like yours and I dont have 'protection and protection' or 'scan for rootkits'. Mine is 1.75.0.1300. 


  • 0

#19
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

What version of Mbam do you have? Mine doesnt look like yours and I dont have 'protection and protection' or 'scan for rootkits'. Mine is 1.75.0.1300.


This is a new version they released not long ago. It's Version 2.0.1.1004. :thumbsup:
  • 0

#20
Elisheba

Elisheba

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

I found a download for Malwarebytes anti rootkit beta 'removes and repairs rootkits' should I d/l it??  :D


  • 0

#21
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

I found a download for Malwarebytes anti rootkit beta 'removes and repairs rootkits' should I d/l it??  :D


No, just the Malwarebytes Anti-Malware at this time. :)
  • 0

#22
Elisheba

Elisheba

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

I cant find a good link to d/l it and I the one I have wont upgrade to that one. :/


  • 0

#23
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Do you have the paid version of MBAM or the freeware version? The link I provided has a link at the top of the page to download the new free version or the paid one. If you have either version, you can uninstall it first, then download the new version and install it. :thumbsup:
  • 0

#24
Elisheba

Elisheba

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

I have the free one. I'll go uninstall that one and d/l the one from the link, then I'll be off to do the other instructions. 


  • 0

#25
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

I have the free one. I'll go uninstall that one and d/l the one from the link, then I'll be off to do the other instructions.

:thumbsup:
  • 0

Advertisements


#26
Elisheba

Elisheba

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

Oh god I was loading the bookmark for this page, and the screen jumped while I was trying to click into this box to type in, and I {{think}} that I clicked on report....ack! I sure hope not!  :no: I hope that I would have gotten another box asking me something. But I didn't. 

 

I was going to tell you that every time I restart the computer now, I tiny window appears in the upper left corner and stays there for maybe 2 seconds, and at the top it says "DSD-3004 not responding". But the number is never the same. Once it was 2952. Once it was 2964. So yea Im not sure what that is but Im off to start the instructions with the new mbam. 


  • 0

#27
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Oh god I was loading the bookmark for this page, and the screen jumped while I was trying to click into this box to type in, and I {{think}} that I clicked on report....ack! I sure hope not!  :no: I hope that I would have gotten another box asking me something. But I didn't. 
 
I was going to tell you that every time I restart the computer now, I tiny window appears in the upper left corner and stays there for maybe 2 seconds, and at the top it says "DSD-3004 not responding". But the number is never the same. Once it was 2952. Once it was 2964. So yea Im not sure what that is but Im off to start the instructions with the new mbam.


No worries, if you did click Report, it would have popped up another box asking why you are reporting this topic. :thumbsup:

As for the DSD error, that's probably Dell System Detect, and you can uninstall that after completing the previous steps. It's easily downloadable if needed again. :)
  • 0

#28
Elisheba

Elisheba

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

Okie dokie. Thank you. Still scanning with mbam. Be back in a while.


  • 0

#29
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Okie dokie. Thank you. Still scanning with mbam. Be back in a while.

:thumbsup:
  • 0

#30
Elisheba

Elisheba

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

ESET LOG:

 

[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=e7a5ff433f8c254eb3a63eb0d70e2c28
# engine=18390
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-05-24 12:57:45
# local_time=2014-05-23 05:57:45 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 74 0 703105 0 0
# compatibility_mode=5893 16776573 100 94 0 152436515 0 0
# scanned=133984
# found=1
# cleaned=0
# scan_time=3230
sh=90A8A1543C5824343825D17AD63759D57F32DC40 ft=1 fh=580f0ecd7cd173d8 vn="a variant of Win32/RemoteAdmin.RemoteExec.AA potentially unsafe application" ac=I fn="C:\Support\SIWPortable\SIWPortable.exe"
 
MBAM Log:
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/23/2014
Scan Time: 4:30:35 PM
Logfile: mbamtxt.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.05.23.12
Rootkit Database: v2014.05.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Owner
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 295251
Time Elapsed: 13 min, 33 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Now moving on to SecurityCheck...
 

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP