Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

SuperantiSpyware is blocked, wont' run. Wireless printer not print


  • This topic is locked This topic is locked

#16
rileyfam3

rileyfam3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts

I think I'm confused. I copy and pasted all that info into the notepad and clicked "save as" and saved it as "fixlist.txt"  but I don't understand the part about it saying "Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!"

 

Do I have to do something for that, or was saving it as fixlist.txt all I had to do?


  • 0

Advertisements


#17
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
It means that these two files have to be next to each other in order to work.

frst-fixlist.jpg
  • 1

#18
rileyfam3

rileyfam3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts

I don't have one of those R icons on my desktop so I went to my downloads and put it on my desktop. When I click on it, it brings up that same window as before, with the search engine box and then under that it has the tabs for Scan, Search Files, Search Registry,  and Fix. Is that the box where I am suppose to fun the thing to Run As Administrator? I'm not sure where....?


  • 0

#19
rileyfam3

rileyfam3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts

It means that these two files have to be next to each other in order to work.

frst-fixlist.jpg

 

 

Where do I find those two things? (Sorry, I am really bad with computer things)


  • 0

#20
rileyfam3

rileyfam3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts

Oh wait, if I look in my downloads, I do see a notepad looking icon that says Addition and then under it the R logo icon thing that says FRST and then under that is another notepad looking icon that also says FRST, and under that is another R looking icon that says FRST64 (1). Are those all suppose to be there, and in correct order?


  • 0

#21
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
After you see the console (and having the fixlist saved next to FRST), the only one thing you have to do is to press Fix .

It's after 1 AM here and I'm going offline. Will respond tomorrow.
  • 1

#22
rileyfam3

rileyfam3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts

Thanks so much for all your help. I really appreciate it. Have a good night.


  • 0

#23
rileyfam3

rileyfam3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts

I clicked on the Fix button last night. I had the two files one  on top of another. But now I am wondering, was I suppose to put them on my desktop, side by side, not one on top of another? Anyway, I ran the Fix button, and then my computer did a re-start. One thing I noticed when it came back on was there was an update on my SuperantiSpyware and that hasn't happened since this whole virus issue started. I didn't run the SuperantiSpyware though. I wasn't sure if I should.

 

 

So, I am not sure if it's all fixed? (My wireless printer is still not working though)


  • 0

#24
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

That means the fix has worked. I have removed the policy that was set there.

 

I don't know now where you have FRST saved, but in the same location should be a file named fixlog. Please post it.


  • 1

#25
rileyfam3

rileyfam3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts

I have them in a folder in my downloads. Here is the Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Laurie at 2015-03-24 20:17:36 Run:1
Running from C:\Users\Laurie\Downloads\New folder
Loaded Profiles: Laurie (Available profiles: scott & Laurie & Morgan)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
 
CreateRestorePoint:
CloseProcesses:
HKLM Group Policy restriction on software: C:\Program Files\SUPERAntiSpyware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=CPNTDF
SearchScopes: HKLM-x32 -> DefaultScope {82D49C3D-6CEC-495A-B675-572AC32446DF} URL =
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=CPNTDF
SearchScopes: HKLM-x32 -> {38bc6857-67fa-4358-afae-28e0f9ad2128} URL = http://search.mywebs...or={searchTerms}
SearchScopes: HKU\S-1-5-21-3102672133-3772107906-1656686465-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL =
SearchScopes: HKU\S-1-5-21-3102672133-3772107906-1656686465-1001 -> {38bc6857-67fa-4358-afae-28e0f9ad2128} URL = http://search.mywebs...or={searchTerms}
SearchScopes: HKU\S-1-5-21-3102672133-3772107906-1656686465-1001 -> {82D49C3D-6CEC-495A-B675-572AC32446DF} URL = http://search.condui...0934701126&UM=2
Toolbar: HKU\S-1-5-21-3102672133-3772107906-1656686465-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
CMD: netsh winsock reset
FF SearchEngineOrder.1: Ask Search
FF user.js: detected! => C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\rl45r5i0.default\user.js [2014-10-18]
FF SearchPlugin: C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\rl45r5i0.default\searchplugins\ask-search.xml [2014-07-16]
FF Extension: {{EXT_NAME}} - C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\rl45r5i0.default\Extensions\[email protected] [2014-10-02]
FF Extension: No Name - C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\rl45r5i0.default\extensions\[email protected] [Not Found]
FF Extension: No Name - C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\rl45r5i0.default\extensions\[email protected] [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR DefaultSearchKeyword: Default -> blekko
CHR DefaultSearchURL: Default -> http://blekko.com/ws...&q={searchTerms}
CHR DefaultSuggestURL: Default ->
S2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 cpuz134; \??\C:\Users\Laurie\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
R3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
2015-03-23 12:54 - 2015-03-23 12:54 - 00004276 _____ () C:\Windows\System32\Tasks\ReimageUpdater
2015-03-23 12:34 - 2015-03-23 21:02 - 00000000 ____D () C:\Program Files\Reimage
2015-03-23 12:26 - 2015-03-23 12:54 - 00000165 _____ () C:\Windows\Reimage.ini
2015-03-23 12:13 - 2015-03-23 12:26 - 00768512 _____ (Reimage®) C:\Users\Laurie\Downloads\ReimageRepair.exe
2014-09-18 01:55 - 2014-09-18 01:55 - 0000112 _____ () C:\ProgramData\1r7bsq3n5.dat
2014-10-07 08:36 - 2015-03-23 11:18 - 0000112 _____ () C:\ProgramData\75uRt613w.dat
C:\$Recycle.Bin\S-1-5-21-3102672133-3772107906-1656686465-1000\$ec33501a4ccc5055382d11e4e0c8280d
C:\$Recycle.Bin\S-1-5-18\$ec33501a4ccc5055382d11e4e0c8280d
C:\Users\scott\AppData\Roaming\skype.ini
DeleteJunctionsIndirectory: C:\Windows\system64
Task: {0247A51F-F7C5-42D2-AC41-5239203CB7B2} - \DealPly No Task File <==== ATTENTION
Task: {23F98067-6D1D-4601-A13B-14967C2FFECD} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
C:\Program Files (x86)\MyPC Backup
Task: {9253D290-3608-4F18-8351-F7734AD1258E} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe <==== ATTENTION
C:\Program Files\Reimage
Task: {931349CB-D3FB-4529-93CD-9809078B60AC} - System32\Tasks\FoxTab => C:\Users\Laurie\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Users\Laurie\AppData\Roaming\FoxTab
Task: {966217BD-8D66-45CB-8DA5-5387AB12BAF5} - System32\Tasks\{AF171429-BE6F-437B-9EBC-D16DF71513D7} => pcalua.exe -a E:\SETUP.EXE -d E:\
Task: {D19295C4-7D49-448D-9003-6759116C7D22} - System32\Tasks\UpdaterEX => C:\Users\Laurie\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Users\Laurie\AppData\Roaming\UPDATE~1
Task: C:\Windows\Tasks\FoxTab.job => C:\Users\Laurie\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\Laurie\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:B4273EB5
CMD: bitsadmin /reset /allusers
Reboot:
end
*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
"HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{38bc6857-67fa-4358-afae-28e0f9ad2128}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{38bc6857-67fa-4358-afae-28e0f9ad2128} => Key not found.
"HKU\S-1-5-21-3102672133-3772107906-1656686465-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found.
"HKU\S-1-5-21-3102672133-3772107906-1656686465-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{38bc6857-67fa-4358-afae-28e0f9ad2128}" => Key deleted successfully.
HKCR\CLSID\{38bc6857-67fa-4358-afae-28e0f9ad2128} => Key not found.
"HKU\S-1-5-21-3102672133-3772107906-1656686465-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{82D49C3D-6CEC-495A-B675-572AC32446DF}" => Key deleted successfully.
HKCR\CLSID\{82D49C3D-6CEC-495A-B675-572AC32446DF} => Key not found.
HKU\S-1-5-21-3102672133-3772107906-1656686465-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll

=========  netsh winsock reset =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

Firefox SearchEngineOrder.1 deleted successfully.
C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\rl45r5i0.default\user.js => Moved successfully.
C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\rl45r5i0.default\searchplugins\ask-search.xml => Moved successfully.
C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\rl45r5i0.default\Extensions\[email protected] => Moved successfully.
C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\rl45r5i0.default\extensions\[email protected] not found.
C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\rl45r5i0.default\extensions\[email protected] not found.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} not found.
Chrome DefaultSearchKeyword deleted successfully.
Chrome DefaultSearchURL deleted successfully.
Chrome DefaultSuggestURL deleted successfully.
ReimageRealTimeProtector => Service deleted successfully.
clwvd => Service deleted successfully.
cpuz134 => Service deleted successfully.
MBAMSwissArmy => Service stopped successfully.
MBAMSwissArmy => Service deleted successfully.
C:\Windows\System32\Tasks\ReimageUpdater => Moved successfully.
C:\Program Files\Reimage => Moved successfully.
C:\Windows\Reimage.ini => Moved successfully.
C:\Users\Laurie\Downloads\ReimageRepair.exe => Moved successfully.
C:\ProgramData\1r7bsq3n5.dat => Moved successfully.
C:\ProgramData\75uRt613w.dat => Moved successfully.
C:\$Recycle.Bin\S-1-5-21-3102672133-3772107906-1656686465-1000\$ec33501a4ccc5055382d11e4e0c8280d => Moved successfully.
C:\$Recycle.Bin\S-1-5-18\$ec33501a4ccc5055382d11e4e0c8280d => Moved successfully.
C:\Users\scott\AppData\Roaming\skype.ini => Moved successfully.
"C:\Windows\system64" => Deleting reparse point and unlocking started.
"C:\Windows\system64" => Deleting reparse point and unlocking done.
"C:\Windows\system64" => Deleting reparse point and unlocking completed.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0247A51F-F7C5-42D2-AC41-5239203CB7B2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0247A51F-F7C5-42D2-AC41-5239203CB7B2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPly" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{23F98067-6D1D-4601-A13B-14967C2FFECD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23F98067-6D1D-4601-A13B-14967C2FFECD}" => Key deleted successfully.
C:\Windows\System32\Tasks\LaunchSignup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key deleted successfully.
"C:\Program Files (x86)\MyPC Backup" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9253D290-3608-4F18-8351-F7734AD1258E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9253D290-3608-4F18-8351-F7734AD1258E}" => Key deleted successfully.
C:\Windows\System32\Tasks\ReimageUpdater not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ReimageUpdater" => Key deleted successfully.
"C:\Program Files\Reimage" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{931349CB-D3FB-4529-93CD-9809078B60AC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{931349CB-D3FB-4529-93CD-9809078B60AC}" => Key deleted successfully.
C:\Windows\System32\Tasks\FoxTab => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FoxTab" => Key deleted successfully.
C:\Users\Laurie\AppData\Roaming\FoxTab => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{966217BD-8D66-45CB-8DA5-5387AB12BAF5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{966217BD-8D66-45CB-8DA5-5387AB12BAF5}" => Key deleted successfully.
C:\Windows\System32\Tasks\{AF171429-BE6F-437B-9EBC-D16DF71513D7} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AF171429-BE6F-437B-9EBC-D16DF71513D7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D19295C4-7D49-448D-9003-6759116C7D22}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D19295C4-7D49-448D-9003-6759116C7D22}" => Key deleted successfully.
C:\Windows\System32\Tasks\UpdaterEX => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdaterEX" => Key deleted successfully.
C:\Users\Laurie\AppData\Roaming\UPDATE~1 => Moved successfully.
C:\Windows\Tasks\FoxTab.job => Moved successfully.
C:\Windows\Tasks\UpdaterEX.job => Moved successfully.
C:\ProgramData\Temp => ":B4273EB5" ADS removed successfully.

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{CED6CEB4-1C23-4B2C-B75E-86AA9326622F} canceled.
{1C7AF89D-5892-4559-872E-23993AD6C87A} canceled.
{2298DA79-24F5-4471-A37D-3F792358872D} canceled.
{C67A7EDF-224B-45F6-947B-66AB61CEF3BA} canceled.
{39E8B062-8352-4C25-9DB5-10A9A479E87B} canceled.
{CAF840EE-081B-42F8-BA43-EC6C8C96D6A4} canceled.
{AE5D6BFE-9763-4932-B212-4AC4EBD9479F} canceled.
{09173B40-7DCC-4407-B00C-60BCC56CA5AB} canceled.
{BC752562-0439-4709-972D-2C47CF1EF98D} canceled.
{8AD9C597-B2B2-4FDD-A15A-9618FF3A7509} canceled.
{C4B620B3-970B-4039-B204-3CB5CDFA9348} canceled.
{18ED8FD2-1B59-423D-867A-B79EE3D9740A} canceled.
{A15AE026-A912-4F7E-A2C9-4236B5DDFA7F} canceled.
{07583C6A-C344-4C7F-A8BD-C67E8DFF54BB} canceled.
{3946FC65-C024-4A73-A110-263D0A7AF135} canceled.
{192B1E5B-A6B7-48C8-A249-FAC828CCC73D} canceled.
{E905686E-F1AA-4841-96FC-E14D7D4EA92E} canceled.
{77D78C6B-54E0-4C68-A291-24DD0B8C7F04} canceled.
{78BABA40-D3F0-47FD-9E38-47790DEF9459} canceled.
{3BB88287-63EA-4D13-B03B-CC8BBE2BDC60} canceled.
{FFDA418D-4B80-40C4-B0C2-F8AC87FC67BD} canceled.
{65A936FB-5EB7-458E-85D3-F1D53F11AA1B} canceled.
{56E8A26D-A060-4B21-A44F-FD74184847F3} canceled.
{0E18FC5D-3D48-4FC4-9D5B-AC9A088F3DFF} canceled.
{05F8CF88-360C-4183-852C-175ABF0E6492} canceled.
{049DDEEC-9183-4E7E-8578-0147104947A8} canceled.
{75DDCE89-37F5-4F98-80D6-6304CD62D5EF} canceled.
{1AE694FB-A165-47DB-B262-70FDED17986B} canceled.
{8A55CA9A-1222-41DD-8BFF-1B1CFC83B8D6} canceled.
{461D698E-81DB-47B1-9691-F1168D8B01FA} canceled.
{D1549EFB-A88E-41A8-A251-8521357185B4} canceled.
{742EC158-3BFB-4F79-AD36-3295635011AC} canceled.
{AD4B04B0-A35D-406A-9F0B-CCD0E3BC1B2C} canceled.
{A756DE32-EE80-4D48-AA93-9387DE9A2D81} canceled.
{8022546C-7497-402C-9777-E04499413FE4} canceled.
{C00E803F-AE24-4745-B0B7-834106F61055} canceled.
{DFCF623E-AD3F-4218-933C-6E326840B91E} canceled.
{1DC4E036-D051-48CA-B540-771B9EE64902} canceled.
{5CF9F40C-0B14-449B-B19C-8FD66A1A869B} canceled.
{E2B7A90F-D8DE-47D7-939F-FEE164694467} canceled.
{AEA0516A-C972-4ABA-A8FC-0CEEB6B2A466} canceled.
{88831312-96A6-4C52-B1DC-1F61B398BDE6} canceled.
{A3D97FBE-1220-475E-B88D-4A290E54B622} canceled.
{6FA00DC4-716D-4087-A256-C43952ED4A61} canceled.
{193A5CA8-CD7C-47BF-BAC4-E2A859145B7B} canceled.
{8B7FD342-1756-448E-A79D-29D9976D577C} canceled.
{8FE460F7-D56F-4A6A-9A85-6A944521FC48} canceled.
{F9D05601-3277-419B-BD3C-D9733922CE54} canceled.
{093B8001-ABBE-4242-A802-457A58F2EB0A} canceled.
{97989E8A-6F5B-4A10-9713-5085D172D96E} canceled.
{8018E028-B479-4688-8263-7E782334B910} canceled.
{F96E2FB0-D95F-4C03-A941-006982288223} canceled.
{F14580B9-9E2E-4A0E-8E8A-35F9B4D36661} canceled.
{6A300684-F251-48F4-A783-E482875C2AE0} canceled.
{9009818D-B237-405D-8FD3-151FB95A456D} canceled.
{2AEFB6A4-3B10-4500-82F8-B8DD4232DFF1} canceled.
{16036C38-3F02-4EFB-948D-2743376F7BD4} canceled.
{ADF6C3B4-9E3F-45E0-8844-30C8B2DAE110} canceled.
58 out of 58 jobs canceled.

========= End of CMD: =========

 

The system needed a reboot.

==== End of Fixlog 20:17:51 ====


  • 0

Advertisements


#26
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Looks good. But I'd like to take a look from a different angle now.


gmericon.png Scan with Gmer

This type of scan often produces false positives. At any point do not take any action for any suspicious entries you may see there. Instead post the log to be analyzed.

Please download GMER by Gmer and save the file to your desktop.
It will come as a randomly named file (like a6ge38b4.exe) - that's absolutely normal.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.
  • Right-click on randomly named gmericon.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • It is very important that you do not use your computer while Gmer is running!
  • Gmer will open to the Rootkit/Malware tab and perform an automatic quick scan.
  • If you receive a warning about rootkit activity and are asked to fully scan your system click NO!
When the pre-scan is completed, please do the following:
  • Please check in the Quick scan box.
  • Please uncheck the IAT/EAT and Show All.
  • Click Scan.
  • If you see a rootkit warning window click OK.
  • When the scan is finished, Save the results to your desktop as gmer.log.
Please include the content of this file in your next reply.
Don't forget to re-enable previously switched-off protection software!

icon_idea.gif If you encounter any problems, try running GMER in Safe Mode.
icon_idea.gif If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning.
  • 1

#27
rileyfam3

rileyfam3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts

I clicked on the GMER link. It did not bring up a desktop icon. But it brought up a window that at the very top says Rookit/Malrware and under that has some columns that are titled Type, Name, and Value, and has stuff under those columns. And then to the very right, it has words with boxes next to them, most of the boxes checked, and says things like System, Sections, IAT/EAT, Devices, and more....then at the bottom right you can click on Scan, Copy, Save, or Exit. Do I click on any of those?


  • 0

#28
rileyfam3

rileyfam3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts

If this box is the one I am suppose to click on scan, what needs to be checked or unchecked?

 

Right now, all these are checked:

 

System

Sections

IAT/EAT

Devices

Trace I/0

Modules

Processes

Threads

Libraries

Services

Registry

Files

Quick Scan

ADS

 

 

And these boxes are unchecked:

C:\

D:\

Show All (it's unchecked and the writing is sort of pale, not dark black)

3rd party

 

 

 

I see the directions say to check the Quick scan, and it's already checked, so that's all set.

And to uncheck the IAT/EAT box, so I just unchecked that one. (That made the "Show All" words that were pale before, now show up in dark black, but its box for Show all is still unchecked.)

 

So I guess I click Scan now, and all the other boxes are okay as they are? Here goes....


  • 0

#29
rileyfam3

rileyfam3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts

Okay, I scanned and then saved it as gmer.log and here is that copied and pasted:

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-03-25 13:01:10
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.ES2O 298.09GB
Running: nd0wx9g8.exe; Driver: C:\Users\Laurie\AppData\Local\Temp\fgtiypow.sys

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\svchost.exe [460:2488]   000007fef5f24f84
Thread  C:\Windows\system32\svchost.exe [460:5400]   000007fef5706ed4
Thread  C:\Windows\system32\svchost.exe [460:5596]   000007fef5706b8c
Thread  C:\Windows\system32\svchost.exe [460:4380]   000007feee81d3c8
Thread  C:\Windows\system32\svchost.exe [460:5832]   000007feee81d3c8
Thread  C:\Windows\system32\svchost.exe [460:1756]   000007feee81d3c8
Thread  C:\Windows\system32\svchost.exe [460:4444]   000007feee81d3c8
Thread  C:\Windows\system32\svchost.exe [1384:1920]  000007fef72835c0
Thread  C:\Windows\system32\svchost.exe [1384:2276]  000007fef7285600
Thread  C:\Windows\system32\svchost.exe [1384:2344]  000007fef5c62940
Thread  C:\Windows\system32\svchost.exe [1384:2616]  000007fef5812888
Thread  C:\Windows\system32\svchost.exe [1384:2756]  000007fef5812a40
Thread  C:\Windows\system32\svchost.exe [3416:3532]  000007fef82f5fd0
Thread  C:\Windows\system32\svchost.exe [3416:3540]  000007fef82f63ec
Thread  C:\Windows\system32\svchost.exe [3416:4048]  000007feec898470
Thread  C:\Windows\system32\svchost.exe [3416:4052]  000007feec8a2418
Thread  C:\Windows\system32\svchost.exe [3416:3892]  000007feec0ff130
Thread  C:\Windows\system32\svchost.exe [3416:3700]  000007feec0f4734
Thread  C:\Windows\system32\svchost.exe [3416:4240]  000007feec0f4734
Thread  C:\Windows\SysWOW64\ntdll.dll [1960:2904]    000000000040fe61
Thread  C:\Windows\SysWOW64\ntdll.dll [1960:3652]    000000000040f565
Thread  C:\Windows\system32\DllHost.exe [2520:2752]  000007feeb69ae40
Thread  C:\Windows\SysWOW64\ntdll.dll [4676:4680]    0000000000432b2f

---- EOF - GMER 2.1 ----


  • 0

#30
rileyfam3

rileyfam3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts

Is there anything else I need to do to get info for you?


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP