Hi. Do you also have the EST log please?
trovi.com changed my home page, and new tab page [Solved]
Started by
inobgirl
, Sep 07 2014 03:51 PM
-
This topic is locked
#17
Posted 14 September 2014 - 08:11 PM
inobgirl
- Topic Starter
-
- Member
-
- 13 posts
Member
This is the ESET log:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=48e8f0c984ed6b4bb25b123e80711ab5
# engine=20142
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-15 02:09:38
# local_time=2014-09-14 07:09:38 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 97 0 19104047 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 35952503 162290428 0 0
# scanned=175270
# found=17
# cleaned=0
# scan_time=22517
sh=10AB6F5BF2AE7B357A7E1BEE97AA30A6512DE7DE ft=1 fh=fc4a296bcfd5af48 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe"
sh=BB6E4EFDCDDC5C876EF941A8E8FC8C37A558C6D3 ft=1 fh=5a3b188cd9c263c2 vn="probably a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll"
sh=6E92E96780D7A012AEC66D81A04C1C1644989A7D ft=1 fh=42eab3640c7f75db vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe"
sh=EBB8454D4017FE184FD4B1A4D390C8CE099213C1 ft=1 fh=438201fe522fde58 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe"
sh=119E149747A552877117A6D91EFD3BE4B26418AE ft=1 fh=d60c8402287380a1 vn="Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Vanessa\AppData\Roaming\MP3Rocket\FCD5F0F06AB946D7AD3CC1361D57FCF1\sp-downloader.exe"
sh=436B3E6DAA0A56438977FEE1487D24D1560C7905 ft=1 fh=ef505f3f0d02e0f8 vn="a variant of Win32/OpenCandy.A potentially unsafe application" ac=I fn="C:\FRST\Quarantine\C\Users\Vanessa\Downloads\mp3rocket(3).exe.xBAD"
sh=436B3E6DAA0A56438977FEE1487D24D1560C7905 ft=1 fh=ef505f3f0d02e0f8 vn="a variant of Win32/OpenCandy.A potentially unsafe application" ac=I fn="C:\FRST\Quarantine\C\Users\Vanessa\Downloads\mp3rocket(4).exe.xBAD"
sh=48C394D63199FB090F6E3F396B5D1A761937CE3D ft=1 fh=3971e129ce21934a vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\Vanessa\Downloads\cbsidlm-cbsi4_1_1-Simple_Sticky_Notes-10864689.exe"
sh=EB1A59F0D9816869D206FDBC5FDEFA379203C581 ft=1 fh=677f3aa79684bc97 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Users\Vanessa\Downloads\mp3rocket(1).exe"
sh=D40C78F34EEE7EBE424D10FA0CFC2F23850D6414 ft=1 fh=6bb40ae616a39eef vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Users\Vanessa\Downloads\mp3rocket(2).exe"
sh=33331E392952A366D256C6A6FD1DED785A2085C9 ft=1 fh=af95dcaa1fa27914 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\Vanessa\Downloads\mp3rocket.exe"
sh=7F851F7F3AB08BB489A9E9553635ACFF24BD2F4F ft=1 fh=480bb73806aecf9e vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\09092014_190834\C_Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe"
sh=ED0BB5C058DD66D8CF7FC430901119E5FA9460E8 ft=1 fh=493186a480a7c1be vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\09092014_190834\C_Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe"
sh=3ECB52E629A307F1154A11FFC420FEABA8805651 ft=1 fh=7eaccb99bfbac335 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\09092014_190834\C_Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll"
sh=3009704625F497D74601071243D3260D3C026D48 ft=1 fh=29c0ddfe71de86ad vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\09092014_190834\C_Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll"
sh=3F252E848CE5BA3571A8FA3B9CE9FD8D7EE86634 ft=1 fh=af780bdc59dfdab5 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\09092014_190834\C_Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll"
sh=68E215FD9A959DD28595B0DA25EC5100EFB98253 ft=1 fh=50730cf0e69141f8 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\09092014_190834\C_Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll"
#18
Posted 14 September 2014 - 08:16 PM
inobgirl
- Topic Starter
-
- Member
-
- 13 posts
Member
Sorry for the delay there, it was a busy weekend! 
my new tab has been fixed, as well! i do not see the trovi.com address any more
#19
Posted 15 September 2014 - 07:53 AM
ruggie_uk
-
- Malware Removal
-
- 2,083 posts
Trusted Helper
Hi there, it's looking good from this end now as well. You are all clean apart from a few files in your downloads folder that still need removing. Once that is done, you are good to go.
Please navigate to C:\Users\Vanessa\Downloads
And delete the following files:
- cbsidlm-cbsi4_1_1-Simple_Sticky_Notes-10864689.exe
- mp3rocket(1).exe
- mp3rocket(2).exe
- mp3rocket.exe
Good news, it looks like your system is now clean. A good workman cleans up after himself so let's now attend to that
Tool Removal
We need to remove the tools we've used during cleaning your machine
- Download Delfix from here
- Ensure Remove disinfection tools is ticked
Also tick:- Activate UAC
- Create registry backup
- Purge system restore
- Click Run
Keep your machine updated
Due to the ever-present tide of malware, it is important to ensure your computer is kept up-to-date to minimize the risk of future infection. An important step is to ensure that automatic updates are enabled.
To enable automatic updates:
Windows 7
To turn on Automatic Updates yourself, follow these steps:
- Click Start, type Windows update in the search box, and then click Windows Update in the Programs list.
- In the left pane, click Change settings.
- Select the option that you want.
- Under Recommended updates, select the Give me recommended updates the same way I receive important updates or Include recommended updates when downloading, installing, or notifying me about updates check box, and then click OK.
Below are some free ones that can help keep you clean.
Malwarebytes AntiMalware
As you have installed Malwarebytes, I recommend that you keep this program and use it to help you stay clean.
The free version will scan your computer and fix the problems it finds but will not provide real-time protection. You must scan regularly to find any threats.
Consider purchasing the full version for active monitoring of threats.
Update Other Programs
Alongside keeping Windows updated, other programs installed on your computer should also be kept current as they too can introduce security risks.
Filehippo Update Checker will scan your computer for out of date programs and provide download links for the updates. This is worth doing on a regular basis.
Recommended Programs
Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing. By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed. CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system.Web Of Trust is a browser add-on designed to alert the user before interacting with a potentially malicious website. It will highlight green if a site is known to be safe.
Adblock is a firefox browser add-on that blocks annoying banners, pop-ups and video ads.
General Advice
- When browsing the internet, look closely at the links you click on. Some aren't always what they seem
- Avoid Peer to Peer file sharing utilities, these are a minefield of malware infections.
- Don't open email attachments unless you are expecting them. Even an email from your best friend can be infected, they might not have sent it.
- Pay attention when installing a program to your computer, particularly to any check boxes that may appear during installation, it is common for unwanted software to be installed in this way.
#20
Posted 16 September 2014 - 11:40 AM
inobgirl
- Topic Starter
-
- Member
-
- 13 posts
Member
# DelFix v10.8 - Logfile created 16/09/2014 at 10:37:07
# Updated 29/07/2014 by Xplode
# Username : Vanessa - VANESSA-HP
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
~ Activating UAC ... OK
~ Removing disinfection tools ...
Deleted : C:\_OTL
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Vanessa\Desktop\FRST-OlderVersion
Deleted : C:\Users\Vanessa\Desktop\Addition.txt
Deleted : C:\Users\Vanessa\Desktop\AdwCleaner.exe
Deleted : C:\Users\Vanessa\Desktop\Fixlog.txt
Deleted : C:\Users\Vanessa\Desktop\FRST.txt
Deleted : C:\Users\Vanessa\Desktop\FRST64.exe
Deleted : C:\Users\Vanessa\Desktop\JRT.exe
Deleted : C:\Users\Vanessa\Desktop\JRT.txt
Deleted : C:\Users\Vanessa\Desktop\OTL.exe
Deleted : C:\Users\Vanessa\Downloads\esetsmartinstaller_enu.exe
Deleted : C:\Users\Vanessa\Downloads\Extras.Txt
Deleted : C:\Users\Vanessa\Downloads\OTL.Txt
Deleted : C:\Users\Vanessa\Downloads\OTL(1).exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
~ Creating registry backup ... OK
~ Cleaning system restore ...
Deleted : RP #127 [Installed Java 7 Update 67 | 08/06/2014 04:12:39]
Deleted : RP #128 [avast! antivirus system restore point | 08/06/2014 22:47:17]
Deleted : RP #129 [Windows Update | 08/19/2014 17:33:52]
Deleted : RP #130 [Windows Update | 08/21/2014 04:31:41]
Deleted : RP #131 [Windows Update | 09/01/2014 16:03:40]
Deleted : RP #132 [Scheduled Checkpoint | 09/09/2014 04:05:39]
Deleted : RP #133 [Windows Update | 09/11/2014 13:55:55]
New restore point created !
########## - EOF - ##########
What does it mean that the new restore point was created? So it created it to that point that i ran that DelFix?
Also, I know it's way too late for this, but my boyfriend was asking me how do I know that geekstogo is not just a scam site and actually all those scanners weren't storing all my personal information? It's a valid question so I'll ask it anyway even though we're already done
And I understand that you are a volunteer? no one pays you to do this!? how do you have the time!? Do you get any kind of benefit from doing this?
Thank you A MILLION for your help. Much obliged!
#21
Posted 16 September 2014 - 11:42 AM
inobgirl
- Topic Starter
-
- Member
-
- 13 posts
Member
Also, what happens with all of those files that the ESET scanner just found but I had unchecked the "remove files" box?
They are still on my computer? or am I missing something?
#22
Posted 16 September 2014 - 12:38 PM
ruggie_uk
-
- Malware Removal
-
- 2,083 posts
Trusted Helper
Hi there.
Ok I will go in reverse order and answer your questions.
ESET found quite a few files that were in quarantine from the other tools we have used. Apart from the few that I asked you to delete manually as it was only a few, was much quicker just to delete them than run through ESET again. The ones already in quarantine are removed when delfix removed the other tools.
Some virus' and malware are backed up in restore points, so Delfix purges them and creates a new restore point at a good clean stage as you are now. Here at GeekstoGo, all those tasks were performed manually or by using each tool in turn to clean up after ourselves so Delfix saves lots of time for both yourself and us.
This site has been around for many many years now and along with a select few other sites is renowned for its professionalism and dedication. Some of the volunteer staff here are regular staff at some major reputable anti malware companies( and the other reputable sites) and the tools that we use to help clean your system are often tested by us because of the unique position we are in in working with many infected machines. It is in no way a scam but I do understand the valid question.
There is no personal information submitted by yourself, we do not know who you are, where you are or the contents of your computer other than some file names in the logs. We never actually see the contents of any of your files. All we ever see is the text files that you paste in for us which if you have a look through, only contain certain specific types of information relevant to the fixes we will be providing.
No payment is requested so we do not have any bank or financial information whatsoever.
We all have different reasons why we do this, what we get out of it and how much time we have.
For myself, I do it for several reasons:
Knowledge - I have been training here for a year now and have learnt a massive amount, which grows daily with each new person I help and new infection I come across. The teachers here are amazing and put so much work in you wouldn't believe. Don't forget they have been training us, then when we reach the final stage such as now, checking each and every answer we provide. To do this they also have to go through every log such as you provided, but for many students and their numerous posters.
Challenge - I am a technically oriented person, and I enjoy applying what I have learnt along with my real world experiences. Some people do crossword puzzles or sudoku, I do this
Satisfaction - I genuinely enjoy helping people. I have learnt many things in many different areas from the help that people across the world have provided me with on internet forums, from DIY problems to car issues. It is nice to give something back.
Time is always an issue, but personally, I work in computer repair and although I am very busy, there is also a lot of waiting. When I repair a computer in front of me(well 3 or 4 at a time really), like you have to wait for ESET etc, I also have to wait for scans and diagnosis to complete or files to copy so I do this inbetween events such as those. Then when I get spare slots of time between other tasks in the evening.
Hope this answers your questions.
#23
Posted 16 September 2014 - 12:45 PM
inobgirl
- Topic Starter
-
- Member
-
- 13 posts
Member
Ruggie you are the bomb.com. Thank you so much for helping me then, I am thankful there are helpful people like you out there in the world!!
#24
Posted 16 September 2014 - 12:56 PM
ruggie_uk
-
- Malware Removal
-
- 2,083 posts
Trusted Helper
No problem, surf safe
#25
Posted 16 September 2014 - 12:59 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
