Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hijacked and multiple viruses

Started by Lisa Huffman , Jul 17 2014 11:57 AM

  • Please log in to reply

#16
zep516
Posted 04 August 2014 - 04:11 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Thanks,

I'll get a fix ready for you. No need for any scans....
  • 0

Advertisements

#17
zep516
Posted 04 August 2014 - 04:59 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Here's a fix,

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

HKLM-x32\...\Run: [pcreg] => C:\Program Files\pcmax\service.exe
ProxyServer: http=127.0.0.1:49191;https=127.0.0.1:49191
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - DefaultScope value is missing.
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Task: {1D22DD03-5172-4D2B-B4F7-0F1FDCE22664} - \Digital Sites No Task File <==== ATTENTION
Task: {4865492C-B6BE-4B83-A652-182E3C7B86BD} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {85ABA8F4-931A-49D5-8A0D-B27DD9EC330B} - \ViewPassword_wd No Task File <==== ATTENTION
Task: {A0BB6197-2190-403E-B3AB-A2E6E5E3CC01} - \Mext Guard FBE8818C-5B13-48C2-A93E-AD731167DBF2 No Task File <==== ATTENTION
Task: {AEB9464B-78FB-420B-B230-706337A99081} - \PC Speed Maximizer Schedule No Task File <==== ATTENTION
Task: {C9F5DE95-7C4F-487C-B27E-7924C388FE9D} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {E919F5BE-B6E2-48D9-BE92-C8A090AE0DF3} - \FF Watcher {B0C7D911-4C15-4E0F-939A-8BE8966A261C} No Task File <==== ATTENTION
C:\Program Files\PC-Doctor\pcdrcui.exe
C:\Program Files\PC-Doctor\pcdrrealtime.p5x
C:\Program Files\PC-Doctor\pcdrharddrive.p5x
HKU\S-1-5-21-144739551-2177794648-3174304158-1000\...\MountPoints2: {293cdfa6-483f-11e1-be9d-c89cdc393415} - D:\LaunchU3.exe -a
HKU\S-1-5-21-144739551-2177794648-3174304158-1000\...\MountPoints2: {a991886c-b214-11e0-895b-806e6f6e6963} - Q:\LenovoQDrive.exe
C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
Task: {C33703B7-52BF-4102-8BB3-F4A4F160B769} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-03-31] (PC-Doctor, Inc.)
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe
C:\Program Files\PC-Doctor\libAsapiCSharp.dll
C:\Program Files\PC-Doctor\libCSharpCommonCS.dll
C:\Program Files\PC-Doctor\libGapiCSharp.dll
C:\Program Files\PC-Doctor\libDataStoreCSharp.dll
C:\Program Files\PC-Doctor\libTonopahClientCSharp.dll
C:\Program Files\PC-Doctor\pcdcsharpcommon.dll
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.
  • 0

#18
Lisa Huffman
Posted 04 August 2014 - 06:19 PM

Lisa Huffman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts

Okkeedokee here is the log.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-07-2014 02
Ran by Amigo at 2014-08-04 20:17:03 Run:1
Running from C:\Users\Amigo\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM-x32\...\Run: [pcreg] => C:\Program Files\pcmax\service.exe
ProxyServer: http=127.0.0.1:49191;https=127.0.0.1:49191
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - DefaultScope value is missing.
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Task: {1D22DD03-5172-4D2B-B4F7-0F1FDCE22664} - \Digital Sites No Task File <==== ATTENTION
Task: {4865492C-B6BE-4B83-A652-182E3C7B86BD} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {85ABA8F4-931A-49D5-8A0D-B27DD9EC330B} - \ViewPassword_wd No Task File <==== ATTENTION
Task: {A0BB6197-2190-403E-B3AB-A2E6E5E3CC01} - \Mext Guard FBE8818C-5B13-48C2-A93E-AD731167DBF2 No Task File <==== ATTENTION
Task: {AEB9464B-78FB-420B-B230-706337A99081} - \PC Speed Maximizer Schedule No Task File <==== ATTENTION
Task: {C9F5DE95-7C4F-487C-B27E-7924C388FE9D} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {E919F5BE-B6E2-48D9-BE92-C8A090AE0DF3} - \FF Watcher {B0C7D911-4C15-4E0F-939A-8BE8966A261C} No Task File <==== ATTENTION
C:\Program Files\PC-Doctor\pcdrcui.exe
C:\Program Files\PC-Doctor\pcdrrealtime.p5x
C:\Program Files\PC-Doctor\pcdrharddrive.p5x
HKU\S-1-5-21-144739551-2177794648-3174304158-1000\...\MountPoints2: {293cdfa6-483f-11e1-be9d-c89cdc393415} - D:\LaunchU3.exe -a
HKU\S-1-5-21-144739551-2177794648-3174304158-1000\...\MountPoints2: {a991886c-b214-11e0-895b-806e6f6e6963} - Q:\LenovoQDrive.exe
C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
Task: {C33703B7-52BF-4102-8BB3-F4A4F160B769} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-03-31] (PC-Doctor, Inc.)
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe
C:\Program Files\PC-Doctor\libAsapiCSharp.dll
C:\Program Files\PC-Doctor\libCSharpCommonCS.dll
C:\Program Files\PC-Doctor\libGapiCSharp.dll
C:\Program Files\PC-Doctor\libDataStoreCSharp.dll
C:\Program Files\PC-Doctor\libTonopahClientCSharp.dll
C:\Program Files\PC-Doctor\pcdcsharpcommon.dll
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\pcreg => value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1D22DD03-5172-4D2B-B4F7-0F1FDCE22664}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D22DD03-5172-4D2B-B4F7-0F1FDCE22664}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Digital Sites" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4865492C-B6BE-4B83-A652-182E3C7B86BD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4865492C-B6BE-4B83-A652-182E3C7B86BD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{85ABA8F4-931A-49D5-8A0D-B27DD9EC330B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85ABA8F4-931A-49D5-8A0D-B27DD9EC330B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ViewPassword_wd" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A0BB6197-2190-403E-B3AB-A2E6E5E3CC01}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0BB6197-2190-403E-B3AB-A2E6E5E3CC01}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mext Guard FBE8818C-5B13-48C2-A93E-AD731167DBF2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AEB9464B-78FB-420B-B230-706337A99081}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AEB9464B-78FB-420B-B230-706337A99081}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Speed Maximizer Schedule" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C9F5DE95-7C4F-487C-B27E-7924C388FE9D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9F5DE95-7C4F-487C-B27E-7924C388FE9D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E919F5BE-B6E2-48D9-BE92-C8A090AE0DF3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E919F5BE-B6E2-48D9-BE92-C8A090AE0DF3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FF Watcher {B0C7D911-4C15-4E0F-939A-8BE8966A261C}" => Key deleted successfully.
C:\Program Files\PC-Doctor\pcdrcui.exe => Moved successfully.
C:\Program Files\PC-Doctor\pcdrrealtime.p5x => Moved successfully.
C:\Program Files\PC-Doctor\pcdrharddrive.p5x => Moved successfully.
"HKU\S-1-5-21-144739551-2177794648-3174304158-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{293cdfa6-483f-11e1-be9d-c89cdc393415}" => Key deleted successfully.
"HKCR\CLSID\{293cdfa6-483f-11e1-be9d-c89cdc393415}" => Key not found.
"HKU\S-1-5-21-144739551-2177794648-3174304158-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a991886c-b214-11e0-895b-806e6f6e6963}" => Key deleted successfully.
"HKCR\CLSID\{a991886c-b214-11e0-895b-806e6f6e6963}" => Key not found.
C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C33703B7-52BF-4102-8BB3-F4A4F160B769}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C33703B7-52BF-4102-8BB3-F4A4F160B769}" => Key deleted successfully.
C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDoctorBackgroundMonitorTask" => Key deleted successfully.
C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job not found.
C:\Windows\Tasks\SystemToolsDailyTest.job => Moved successfully.
C:\Program Files\PC-Doctor\libAsapiCSharp.dll => Moved successfully.
C:\Program Files\PC-Doctor\libCSharpCommonCS.dll => Moved successfully.
C:\Program Files\PC-Doctor\libGapiCSharp.dll => Moved successfully.
C:\Program Files\PC-Doctor\libDataStoreCSharp.dll => Moved successfully.
C:\Program Files\PC-Doctor\libTonopahClientCSharp.dll => Moved successfully.
C:\Program Files\PC-Doctor\pcdcsharpcommon.dll => Moved successfully.
 
==== End of Fixlog ====

  • 0

#19
zep516
Posted 04 August 2014 - 06:25 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Well done

Just to update you on how the computer is running-every time I click on a link a new tab opens to an "opensoftwareupdater" page.


Is that still happening above in Chrome or any browser ?
  • 0

#20
Lisa Huffman
Posted 04 August 2014 - 09:00 PM

Lisa Huffman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts

Actually yes, It does still keep happening in IE and Chrome.  I did reboot as well. On the web page, cnn.com, for example, there is a contentexplorerx section on both IE and Chrome.  It has headings like smartphones, business news etc. 


  • 0

#21
zep516
Posted 05 August 2014 - 02:37 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello Lisa,

Lets work on Chrome for now..

Lets try resetting chrome,
Please follow these instructions here to reset chrome.

See if that has any results.

Thanks
Joe :)
  • 0

#22
Lisa Huffman
Posted 05 August 2014 - 03:09 PM

Lisa Huffman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts

stsructionI just reset chrome per your instructions, but no luck


  • 0

#23
zep516
Posted 05 August 2014 - 03:27 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello

* Download Shortcutcleaner to your desktop.
* Right click on sc-cleaner.exe and choose run as administrator, Windows XP user can just doubleclick on sc-cleaner.exe to start the program.
* The tool will scan all the windows shortcuts that belong to your installed browsers.
* If the tool detects hijacked shortcuts, it will automatically clean them.
* When the tool is ready, it will save a log file on your desktop, this file contains the information of the scanned and repaired shortcuts.

Could you post that log.

Joe
  • 0

#24
Lisa Huffman
Posted 05 August 2014 - 04:02 PM

Lisa Huffman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts

Here is the log

 

Shortcut Cleaner 1.3.3 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
 
Windows Version: Windows 7 Professional Service Pack 1
Program started at: 08/05/2014 06:01:42 PM.
 
Scanning for registry hijacks:
 
 * No issues found in the Registry.
 
Searching for Hijacked Shortcuts:
 
Searching C:\Users\Amigo\AppData\Roaming\Microsoft\Windows\Start Menu\
 
Searching C:\ProgramData\Microsoft\Windows\Start Menu\
 
Searching C:\Users\Amigo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\
 
Searching C:\Users\Public\Desktop\
 
Searching C:\Users\Amigo\Desktop
 
 
0 bad shortcuts found.
 
Program finished at: 08/05/2014 06:01:44 PM
Execution time: 0 hours(s), 0 minute(s), and 2 seconds(s)

  • 0

#25
zep516
Posted 05 August 2014 - 05:53 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello Lisa,

Please remove this program from you programs an features list. It's an adware producing program that I missed :(

1-SmartMediaConverter<-----Remove me

Reboot the computer.

Then
Run An online scan called ESET. This scan could take a long time so be prepared !

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt).
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)
Thanks for being patient...

Joe
  • 0

Advertisements

#26
Lisa Huffman
Posted 07 August 2014 - 12:32 PM

Lisa Huffman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts

No worries, thanks for the help.  BTW I found content explorer on the programs list too and uninstalled it. Solved the problem of it being on the browser.

 

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=cefb319d41b1fd418be690e9ba3ac4ec
# engine=19548
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-07 06:02:18
# local_time=2014-08-07 02:02:18 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 9896022 100658148 0 0
# scanned=175402
# found=9
# cleaned=0
# scan_time=7351
sh=5401AF79ABD9AA85CC8B27099A9AF412F852AF33 ft=1 fh=c71c0011d00751e1 vn="a variant of Win32/AdWare.AddLyrics.BH application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\-ViewPassword-soft\174.dll.vir"
sh=687B4946BC5E5810A1285AF55F1010BC17824674 ft=1 fh=c71c00110c148457 vn="a variant of Win32/AdWare.AddLyrics.BB application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\-ViewPassword-soft\ViewPasswordVA174.dll.vir"
sh=6DAF776E124B4CBA50F8D3916406D85A60F370EB ft=1 fh=acdcf8078c777759 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Program Files (x86)\DDNI\Lenovo Central\BIN\AskInstallChecker-1.1.0.0.exe"
sh=47E1AAB49E4BBE6ED704F804A4B402ACA07D74FE ft=1 fh=d4dd8a748ee934d3 vn="MSIL/Tuguu.C potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\07232014_124546\C_Program Files (x86)\NewPlayer\LTV.exe"
sh=1A7079075C6FCB76253019D9F642B9648705AB9D ft=1 fh=5bcb01b64949eb6f vn="a variant of MSIL/NewPlayer.A potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\07232014_124546\C_Program Files (x86)\NewPlayer\NewPlayer.exe"
sh=9151592DCBBBA22DA88A7D1EB5CB8DCD422C11A8 ft=1 fh=7f79c4a3570c96e6 vn="MSIL/NewPlayer.A potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\07232014_124546\C_Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe"
sh=5416A12A9D3D9A4BCC4D675EB6013F1881C66616 ft=1 fh=98db3d886a06d0e8 vn="a variant of MSIL/NewPlayer.A potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\07232014_124546\C_Program Files (x86)\NewPlayer\references\NewPlayerChecker.exe"
sh=2FCA2173F2DD16DF8F1F990170FA4479FC5D5BFC ft=1 fh=c528dd1cda99a111 vn="a variant of Win32/ELEX.AR potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\07232014_124546\C_Program Files (x86)\SupTab\RSHP.exe"
sh=E97CBDBD7CFED2C58464C1ABF186520022DE5666 ft=1 fh=7a2ea5ecc33ad0e3 vn="a variant of Win64/Thinknice.C potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\07232014_124546\C_Program Files (x86)\SupTab\SpAPPSv64.dll"
 


  • 0

#27
zep516
Posted 07 August 2014 - 01:52 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

The ESET scan is good, all the items have already been taken care of and are in Quarantine, those will go away when we remove the tools we used as the Quarantine folders get deleted.

What issues remain ?

Joe
  • 0

#28
Lisa Huffman
Posted 08 August 2014 - 12:41 PM

Lisa Huffman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts

Looks like everything is running smoothly and perfectly!  Thanks!

 

Lisa


  • 0

#29
zep516
Posted 09 August 2014 - 08:27 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Great !

Next

Since your log reports are clean and free of malware, lets clean up after ourselves.


OTL Clean-Up

Right click on the OTLicon.jpg icon on your desktop and choose Run as administrator to open the main window.

Next click on the CleanUpButtonOTL.jpg button.

Once clean up is complete you will be prompted to reboot your computer. Please do so.

This will remove most of the programs we have used including itself.


Next

Double-click on AdwCleaner.exe to run the tool again.
  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.
Right click on the JRT Icon and select delete.
If there are any left over tools or logs on your computer please delete them now.


Next

Clear Restore Points

Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button.


You usually get infected because your security settings are too low.

Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:

Safe Computing Practices please read Here

Thanks
Joe :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP