Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Sathurbot.A trojan [Solved]

Started by mdfire , Nov 18 2014 01:48 PM

  • This topic is locked This topic is locked

#16
mdfire
Posted 19 November 2014 - 01:51 AM

mdfire

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Oh, sorry about that, when i reinstalled ESET it wanted to do a scan. In terms of IOBit what programme is it? Obviously if it is going to cause problems again in the future i would want rid of it.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-11-2014
Ran by Martin at 2014-11-19 07:48:58 Run:2
Running from C:\Users\Martin\Desktop
Loaded Profile: Martin (Available profiles: Martin)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
C:\ProgramData\Microsoft\Secure
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\13917333.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\13917333.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
Task: {D68B5107-D27E-454F-B474-9A1B1D2069CC} - \SPDriver No Task File <==== ATTENTION
Task: {199B0E3A-BEA8-4B7B-95EE-D41FACE500A7} - \ShopperPro No Task File <==== ATTENTION
Task: {00315A0B-EFB1-417F-918A-DE6471200735} - \Installer_iwebar No Task File <==== ATTENTION
Task: {0642BDB4-CA36-4486-87E3-44B315B1C479} - System32\Tasks\Installer_sense => C:\Users\Martin\AppData\Local\Installer\Installsense_13978\delay.exe <==== ATTENTION
Hosts:
CustomCLSID: HKU\S-1-5-21-2771184575-196515422-916519425-1001_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe /Automation No File
CustomCLSID: HKU\S-1-5-21-2771184575-196515422-916519425-1001_Classes\CLSID\{B77E471C-FBF3-4CB5-880F-D7528AD4B349}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe /Automation No File
CustomCLSID: HKU\S-1-5-21-2771184575-196515422-916519425-1001_Classes\CLSID\{C92FB640-AD4D-498A-9979-A51A2540C977}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe /Automation No File
CustomCLSID: HKU\S-1-5-21-2771184575-196515422-916519425-1001_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe No File
CustomCLSID: HKU\S-1-5-21-2771184575-196515422-916519425-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acadficn.dll No File
C:\Program Files\Enigma Software Group
S1 Capsax64Drv0; System32\Drivers\Capsax64Drv0.sys [X]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
S1 CSN5PDTS82; System32\Drivers\CSN5PDTS82.sys [X]
S1 CSN5PDTS82x64; System32\Drivers\CSN5PDTS82x64.sys [X]
S1 CsNdisLWF; System32\Drivers\CsNdisLWF.sys [X]
S3 MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [X]
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]
EmptyTemp:
end
*****************

Processes closed successfully.
C:\ProgramData\Microsoft\Secure => Moved successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\13917333.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\13917333.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\CleanHlp" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys" => Key deleted successfully.
C:\ProgramData\TEMP => ":56E2E879" ADS removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D68B5107-D27E-454F-B474-9A1B1D2069CC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D68B5107-D27E-454F-B474-9A1B1D2069CC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPDriver" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{199B0E3A-BEA8-4B7B-95EE-D41FACE500A7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{199B0E3A-BEA8-4B7B-95EE-D41FACE500A7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ShopperPro" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{00315A0B-EFB1-417F-918A-DE6471200735}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00315A0B-EFB1-417F-918A-DE6471200735}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Installer_iwebar" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0642BDB4-CA36-4486-87E3-44B315B1C479}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0642BDB4-CA36-4486-87E3-44B315B1C479}" => Key deleted successfully.
C:\Windows\System32\Tasks\Installer_sense => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Installer_sense" => Key deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
"HKU\S-1-5-21-2771184575-196515422-916519425-1001_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}" => Key deleted successfully.
"HKU\S-1-5-21-2771184575-196515422-916519425-1001_Classes\CLSID\{B77E471C-FBF3-4CB5-880F-D7528AD4B349}" => Key deleted successfully.
"HKU\S-1-5-21-2771184575-196515422-916519425-1001_Classes\CLSID\{C92FB640-AD4D-498A-9979-A51A2540C977}" => Key deleted successfully.
"HKU\S-1-5-21-2771184575-196515422-916519425-1001_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}" => Key deleted successfully.
"HKU\S-1-5-21-2771184575-196515422-916519425-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}" => Key deleted successfully.
C:\Program Files\Enigma Software Group => Moved successfully.
Capsax64Drv0 => Service deleted successfully.
cleanhlp => Service deleted successfully.
CSN5PDTS82 => Service deleted successfully.
CSN5PDTS82x64 => Service deleted successfully.
CsNdisLWF => Service deleted successfully.
MBAMSwissArmy => Service deleted successfully.
C:\Program Files (x86)\IObit Apps Toolbar\FF not found.
EmptyTemp: => Removed 330.4 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====


  • 0

Advertisements

#17
Naathim
Posted 19 November 2014 - 01:57 AM

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
This script will remove IOBit.




FRST.gif Fix with Farbar Recovery Scan Tool
 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif


Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire content of the codebox below and paste into the Notepad document:
    start
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\nzkcg8q4.default-1411303533820\Extensions\[email protected] [2014-11-18]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2282272 2014-08-19] (IObit)
Task: {8D6E6793-7822-443C-A383-3F3DD0B8B8E6} - System32\Tasks\ASC7_SkipUac_Martin => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe
Task: C:\windows\Tasks\ASC7_SkipUac_Martin.job => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe
C:\Program Files (x86)\IObit Apps Toolbar
2014-11-18 10:38 - 2014-11-18 10:38 - 101949440 _____ () C:\windows\system32\config\SOFTWARE.iobit
2014-11-18 10:38 - 2014-11-18 10:38 - 00262144 _____ () C:\windows\system32\config\DEFAULT.iobit
2014-11-18 10:38 - 2014-11-18 10:38 - 00069632 _____ () C:\windows\system32\config\SAM.iobit
2014-11-18 10:38 - 2014-11-18 10:38 - 00028672 _____ () C:\windows\system32\config\SECURITY.iobit
2014-11-18 10:35 - 2014-11-18 10:35 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\ProductData
2014-11-18 10:33 - 2014-11-18 10:35 - 00000000 ____D () C:\ProgramData\IObit
2014-11-18 10:33 - 2014-11-18 10:33 - 00002362 _____ () C:\windows\System32\Tasks\ASC7_SkipUac_Martin
2014-11-18 10:33 - 2014-11-18 10:33 - 00000260 _____ () C:\windows\Tasks\ASC7_SkipUac_Martin.job
2014-11-18 10:33 - 2014-11-18 10:33 - 00000000 ____D () C:\ProgramData\ProductData
2014-11-18 10:33 - 2014-11-18 10:33 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-11-18 10:32 - 2014-11-18 12:12 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-11-18 10:31 - 2014-11-18 10:33 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\IObit
end
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please include it in your reply.
  • 0

#18
mdfire
Posted 19 November 2014 - 02:01 AM

mdfire

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Hey many thanks, is that it fixed?

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-11-2014
Ran by Martin at 2014-11-19 08:00:38 Run:3
Running from C:\Users\Martin\Desktop
Loaded Profile: Martin (Available profiles: Martin)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\nzkcg8q4.default-1411303533820\Extensions\[email protected] [2014-11-18]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2282272 2014-08-19] (IObit)
Task: {8D6E6793-7822-443C-A383-3F3DD0B8B8E6} - System32\Tasks\ASC7_SkipUac_Martin => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe
Task: C:\windows\Tasks\ASC7_SkipUac_Martin.job => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe
C:\Program Files (x86)\IObit Apps Toolbar
2014-11-18 10:38 - 2014-11-18 10:38 - 101949440 _____ () C:\windows\system32\config\SOFTWARE.iobit
2014-11-18 10:38 - 2014-11-18 10:38 - 00262144 _____ () C:\windows\system32\config\DEFAULT.iobit
2014-11-18 10:38 - 2014-11-18 10:38 - 00069632 _____ () C:\windows\system32\config\SAM.iobit
2014-11-18 10:38 - 2014-11-18 10:38 - 00028672 _____ () C:\windows\system32\config\SECURITY.iobit
2014-11-18 10:35 - 2014-11-18 10:35 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\ProductData
2014-11-18 10:33 - 2014-11-18 10:35 - 00000000 ____D () C:\ProgramData\IObit
2014-11-18 10:33 - 2014-11-18 10:33 - 00002362 _____ () C:\windows\System32\Tasks\ASC7_SkipUac_Martin
2014-11-18 10:33 - 2014-11-18 10:33 - 00000260 _____ () C:\windows\Tasks\ASC7_SkipUac_Martin.job
2014-11-18 10:33 - 2014-11-18 10:33 - 00000000 ____D () C:\ProgramData\ProductData
2014-11-18 10:33 - 2014-11-18 10:33 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-11-18 10:32 - 2014-11-18 12:12 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-11-18 10:31 - 2014-11-18 10:33 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\IObit
end
*****************

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect" => Key deleted successfully.
C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\nzkcg8q4.default-1411303533820\Extensions\[email protected] => Moved successfully.
LiveUpdateSvc => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D6E6793-7822-443C-A383-3F3DD0B8B8E6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D6E6793-7822-443C-A383-3F3DD0B8B8E6}" => Key deleted successfully.
C:\Windows\System32\Tasks\ASC7_SkipUac_Martin => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC7_SkipUac_Martin" => Key deleted successfully.
C:\windows\Tasks\ASC7_SkipUac_Martin.job => Moved successfully.
"C:\Program Files (x86)\IObit Apps Toolbar" => File/Directory not found.
C:\windows\system32\config\SOFTWARE.iobit => Moved successfully.
C:\windows\system32\config\DEFAULT.iobit => Moved successfully.
C:\windows\system32\config\SAM.iobit => Moved successfully.
C:\windows\system32\config\SECURITY.iobit => Moved successfully.
C:\Users\Martin\AppData\Roaming\ProductData => Moved successfully.
C:\ProgramData\IObit => Moved successfully.
"C:\windows\System32\Tasks\ASC7_SkipUac_Martin" => File/Directory not found.
"C:\windows\Tasks\ASC7_SkipUac_Martin.job" => File/Directory not found.
C:\ProgramData\ProductData => Moved successfully.
C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} => Moved successfully.
C:\Program Files (x86)\IObit => Moved successfully.
C:\Users\Martin\AppData\Roaming\IObit => Moved successfully.

==== End of Fixlog ====


  • 0

#19
Naathim
Posted 19 November 2014 - 02:31 AM

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Let's now search for any remnants.


mbam-old.png Uninstall outdated Malwarebytes' Anti-Malware

Please download MBAM-clean and save it to your desktop.
  • Right-click on mbam-clean.exe icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • It will ask you to reboot the machine - please do so.
After that follow my next instructions to download & install the newset MBAM version.

51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.
  • 0

#20
mdfire
Posted 19 November 2014 - 05:58 AM

mdfire

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

No threats detected by Malwarebytes. Scan log below

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 19/11/2014
Scan Time: 11:52:22
Logfile: scan log.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.19.03
Rootkit Database: v2014.11.18.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Martin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 322214
Time Elapsed: 4 min, 28 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


  • 0

#21
Naathim
Posted 19 November 2014 - 06:01 AM

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
As expected :)



51c9d14017fa0-SecurityCheck.PNG Scan with Security Check

Please download Security Check by Screen317 and save it to your desktop.
  • Right-click on 51c9d14017fa0-SecurityCheck.PNG icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow onscreen instructions inside the black box. This scan won't take long.
  • Soon a notepad document called checkup.txt will open automaticaly.
Please include the content of that document.
  • 0

#22
mdfire
Posted 19 November 2014 - 06:09 AM

mdfire

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Here it is

 

 Results of screen317's Security Check version 0.99.90  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
ESET NOD32 Antivirus 8.0   
Windows Defender           
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 71  
 Adobe Flash Player     15.0.0.152  
 Mozilla Firefox (33.1)
 Google Chrome (38.0.2125.122)
 Google Chrome (chrome.exe..)
 Google Chrome (Dictionaries...)
````````Process Check: objlist.exe by Laurent````````  
 ESET NOD32 Antivirus egui.exe  
 ESET NOD32 Antivirus ekrn.exe  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 


  • 0

#23
Naathim
Posted 19 November 2014 - 06:13 AM

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Yeah, should know that it will be this way :)



51a5ce45263de-delfix.png Clean with DelFix

Please download DelFix by Xplode and save it to your desktop.
  • Right-click on 51a5ce45263de-delfix.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Ensure that Remove disinfection tools, Purge system restore and Reset system settings are checked.
  • Push Run.
  • When finished, it will display a notepad report.
Include it for my review.
Please also manually reboot your machine after posting your logfile.
  • 0

#24
mdfire
Posted 19 November 2014 - 06:17 AM

mdfire

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Here it is

 

# DelFix v10.8 - Logfile created 19/11/2014 at 12:15:51
# Updated 29/07/2014 by Xplode
# Username : Martin - SURFACE
# Operating System : Windows 8.1 Pro  (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\TDSSKiller.3.0.0.41_18.11.2014_18.02.21_log.txt
Deleted : C:\TDSSKiller.3.0.0.41_18.11.2014_18.03.32_log.txt
Deleted : C:\TDSSKiller.3.0.0.41_18.11.2014_18.08.49_log.txt
Deleted : C:\Users\Martin\Desktop\FRST64.exe
Deleted : C:\Users\Martin\Desktop\SecurityCheck.exe
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Cleaning system restore ...

Deleted : RP #21 [Installed TuneUp Utilities 2014 | 11/18/2014 10:44:52]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########
 


  • 0

#25
Naathim
Posted 19 November 2014 - 06:19 AM

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Below you will find my thoughts about securing your machine. Go ahead through it, you will benefit from some useful advice about safe computing.

 

Recommended reading:


icon_exclaim.gif MUST READ - security tips: Computer Security - a short guide to staying safer online.
icon_exclaim.gif MUST READ - general maintenance: What to do if your Computer is running slowly?




Recommended additional software:


icon_arrow.gif TFC - to clean unneeded temporary files.
icon_arrow.gif Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
icon_arrow.gif Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
icon_arrow.gif McShield - to prevent infections spread by removable media.
icon_arrow.gif CryptoPrevent - to secure yourself from very severe CryptoLocker infection.
icon_arrow.gif Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.


Now if you have any other questions, feel free to ask me. Otherwise simply acknowledge my recommendations and this topic will be closed.




Minion-Bye-smaller.jpg


Stay safe,
Naat :)


  • 0

Advertisements

#26
mdfire
Posted 19 November 2014 - 06:25 AM

mdfire

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Hey Naathim, just want to say a big thanks for your help with this!!!

 

very much appreciated


  • 0

#27
Naathim
Posted 19 November 2014 - 06:29 AM

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

You are welcome! :)


  • 0

#28
Naathim
Posted 19 November 2014 - 06:29 AM

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP