Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Desktop has tons of pop ups [Closed] [Solved]


  • This topic is locked This topic is locked

#16
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm curiouser and curiouser

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Juno Offer!.lnk -> C:\Windows\Installer\{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}\_18be6784.exe ()
C:\Windows\Installer\{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec\1.0b beta\Uninstall.lnk -> C:\Program Files (x86)\MyFree Codec\1.0b beta\uninstall.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\muvee\Quick Tour.lnk -> C:\Program Files (x86)\muvee Technologies\muvee Reveal - SE\reveal_quicktour\deploy_ready\launchquicktour.exe ()
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    http://img.photobuck...claimer_ENG.png

    NSIS_extraction.png
    • When finished, it shall produce a log for you.
    • Please include the C:\ComboFix.txt in your next reply.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

    3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


    Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

  • 0

Advertisements


#17
tdjones813

tdjones813

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
ComboFix 15-05-07.01 - Tracy 05/07/2015  12:20:09.1.2 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.6133.4020 [GMT -4:00]
Running from: c:\users\Tracy\Downloads\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
FW: Norton Security Suite *Disabled* {6BFC5632-188D-B806-D13E-C607121B42A0}
SP: Norton Security Suite *Enabled/Updated* {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Tracy\AppData\Local\DeSmuME
c:\users\Tracy\AppData\Local\DeSmuME\desmume.ini
.
.
(((((((((((((((((((((((((   Files Created from 2015-04-07 to 2015-05-07  )))))))))))))))))))))))))))))))
.
.
2015-05-05 15:42 . 2015-04-04 06:25 12032440 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1D50B4AB-8346-40E2-8BB5-21FEA141D2F0}\mpengine.dll
2015-05-05 14:15 . 2015-05-05 14:15 -------- d-----w- c:\users\Tracy\AppData\Local\WinZip
2015-05-05 14:10 . 2015-05-05 14:11 -------- d-----w- c:\programdata\WinZip
2015-05-05 14:10 . 2015-05-05 14:10 -------- d-----w- c:\program files\WinZip
2015-05-05 13:54 . 2015-05-05 13:54 -------- d-----w- c:\users\Tracy\AppData\Local\Apps
2015-04-19 17:03 . 2015-04-19 17:03 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-04-19 17:03 . 2015-04-19 17:03 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-04-16 07:32 . 2015-03-05 02:25 304128 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-04-16 07:32 . 2015-03-05 01:58 390144 ----a-w- c:\windows\system32\gdi32.dll
2015-04-16 07:31 . 2015-03-13 01:44 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2015-04-16 07:31 . 2015-03-13 01:44 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2015-04-16 07:31 . 2015-03-13 01:30 301568 ----a-w- c:\windows\system32\wow64win.dll
2015-04-16 07:31 . 2015-03-13 01:30 234496 ----a-w- c:\windows\system32\wow64.dll
2015-04-16 07:31 . 2015-03-13 01:30 17408 ----a-w- c:\windows\system32\wow64cpu.dll
2015-04-16 07:31 . 2015-03-13 01:30 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2015-04-16 07:31 . 2015-03-13 00:08 26112 ----a-w- c:\windows\SysWow64\setup16.exe
2015-04-16 07:31 . 2015-03-13 00:08 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2015-04-16 07:31 . 2015-03-13 00:08 2560 ----a-w- c:\windows\SysWow64\user.exe
2015-04-16 07:31 . 2015-03-14 02:22 1168080 ----a-w- c:\windows\SysWow64\ntdll.dll
2015-04-16 07:31 . 2015-03-13 01:44 4691384 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-04-16 07:31 . 2015-03-14 02:22 1585248 ----a-w- c:\windows\system32\ntdll.dll
2015-04-16 07:04 . 2015-03-05 02:23 57344 ----a-w- c:\windows\SysWow64\clfsw32.dll
2015-04-16 07:04 . 2015-03-05 02:14 360384 ----a-w- c:\windows\system32\clfs.sys
2015-04-16 07:04 . 2015-03-05 01:58 77824 ----a-w- c:\windows\system32\clfsw32.dll
2015-04-16 07:03 . 2015-03-09 01:01 1249280 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-04-16 07:03 . 2015-03-09 00:40 1869824 ----a-w- c:\windows\system32\msxml3.dll
2015-04-08 00:26 . 2015-04-30 19:49 -------- d-----w- c:\windows\system32\drivers\N360x64\1507000.00B
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-16 07:07 . 2006-11-02 12:35 128913832 ----a-w- c:\windows\system32\mrt.exe
2015-04-15 12:46 . 2013-06-23 20:51 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-15 12:46 . 2013-06-23 20:51 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-13 01:43 . 2015-04-16 07:31 43008 ----a-w- c:\windows\apppatch\acwow64.dll
2015-03-06 04:01 . 2015-03-11 07:00 279040 ----a-w- c:\windows\SysWow64\schannel.dll
2015-03-06 03:35 . 2015-03-11 07:00 347136 ----a-w- c:\windows\system32\schannel.dll
2015-03-03 20:07 . 2014-05-05 17:26 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-26 20:08 . 2014-10-01 21:33 444912 ----a-w- c:\windows\CouponPrinter.ocx
2015-02-26 20:08 . 2014-10-01 21:34 659440 ----a-w- c:\windows\couponprinter_x64.ocx
2015-02-26 00:31 . 2015-03-11 07:12 2792960 ----a-w- c:\windows\system32\win32k.sys
2015-02-24 08:17 . 2010-03-24 11:18 295552 ------w- c:\windows\system32\MpSigStub.exe
2015-02-20 02:03 . 2015-03-11 07:17 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-02-20 01:44 . 2015-03-11 07:17 48128 ----a-w- c:\windows\system32\atmlib.dll
2015-02-20 00:39 . 2015-03-11 07:17 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-02-20 00:28 . 2015-03-11 07:17 296960 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-02-18 01:42 . 2015-03-11 07:12 12899840 ----a-w- c:\windows\system32\shell32.dll
2015-02-17 20:04 . 2015-02-17 20:04 1202848 ----a-w- c:\windows\SysWow64\FM20.DLL
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\users\Tracy\AppData\Roaming\mjusbsp\cdloader2.exe" [2010-02-26 50520]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"HP Deskjet 3510 series (NET)"="c:\program files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2014-05-23 1564992]
"MusicManager"="c:\users\Tracy\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2015-03-31 7475200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
c:\users\Tracy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 3510 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN35T1JJ7705Y7;CONNECTION=NW;MONITOR=1; [2006-11-2 46592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe /startdesktopidv /startup [2015-4-14 2284512]
Fast Connect.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe /startdesktopidv /startup [2015-4-14 2284512]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2014-12-15 565616]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe"
"Easy Dock"=
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-04-29 07:01 988488 ----a-w- c:\program files (x86)\Google\Chrome\Application\42.0.2311.135\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-05-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-23 12:46]
.
2015-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-04 13:59]
.
2015-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-04 13:59]
.
2015-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1953429275-1861937841-2176962007-1000Core.job
- c:\users\Tracy\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-30 10:42]
.
2015-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1953429275-1861937841-2176962007-1000UA.job
- c:\users\Tracy\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-30 10:42]
.
2015-05-07 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2012-11-10 21:12]
.
2015-04-20 c:\windows\Tasks\HPCeeScheduleForTracy.job
- c:\program files (x86)\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2009-04-07 03:01]
.
2015-04-14 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-11-05 17:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-11-03 182808]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1612880]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 154648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 227352]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 202264]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 225792]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/tt2/?cid=tbid09152014
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = 
mDefault_Page_URL = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\taimr24r.default\
FF - prefs.js: browser.search.selectedEngine - Connect Search
FF - ExtSQL: !HIDDEN! 2010-06-23 19:09; [email protected]; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{1B9604EE-B104-45C8-8551-5F63BA631E23} - c:\programdata\{E0A9340B-C01B-42C1-9910-C307D7BE4756}\WeatherBugSetup.exe
AddRemove-MyFreeCodec - c:\program files (x86)\MyFree Codec\1.0b beta\uninstall.exe
AddRemove-PDF Reader - c:\program files (x86)\PDFReader\Uninstall\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\21.7.0.11\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\21.7.0.11\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{8AAF211B-043E02A9-05040000}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC_x64.pkms"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1507000.00B\SYMTDIV.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Security Suite\Engine\21.7.0.11;c:\program files (x86)\Norton Security Suite\Engine64\21.7.0.11"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2015-05-07  12:34:27
ComboFix-quarantined-files.txt  2015-05-07 16:34
.
Pre-Run: 414,855,766,016 bytes free
Post-Run: 413,743,976,448 bytes free
.
- - End Of File - - AC0768E9CEDC6DB45CCACF6B5AD30689
03BA8F890B47C0BE359A4D5A636D214D

  • 0

#18
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Do these occur in Chrome, Firefox, IE or all of the browsers
  • 0

#19
tdjones813

tdjones813

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts

I opened my other browsers such as internet explorer and firefox and nothing happened but when I opened google chrome and came on the geekstogo page.  I advertisement for a game automatically popped up in another window.


  • 0

#20
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK there is a big problem with the security of Chrome at the moment where bad extensions mimic legitimate ones. The only way to determine which it is, is to read each one manually. This can take a long time and may still miss the miscreant.

So the fastest option is to

Re-install Chrome

1. If you have bookmarks, let's save them by exporting them - Export Bookmarks
2. Then I need you to go Google Sync and sign into your account
3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
4. Now we need to uninstall chrome. Do this via control panel
Note: When asked about user data or settings you must remove this also so please check the box.
5. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome
6. Import your bookmarks back into Chrome
7. Sign back in to your Chrome browser so that your bookmarks sync with your online account.

Once re-installed let me know if the popups are totally gone
  • 0

#21
tdjones813

tdjones813

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts

I page came up asking me to install a chrome extension what should I do?


  • 0

#22
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Is it one you normally use or need ? Also what name was it
  • 0

#23
tdjones813

tdjones813

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts

It popped up when I downloaded chrome and it says next step install the fcps extension for chrome


  • 0

#24
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That is part of Comcast security (constant guard) and is adware http://forums.comcas...on/td-p/2430626

So that may have been the cause of your earlier problems
  • 0

#25
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If you wish I can recommend a free antivirus to replace the Comcast one
  • 0

Advertisements


#26
tdjones813

tdjones813

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts

Sure and I'm not getting any more popups


  • 0

#27
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets first remove all my rubbish and tidy you up. I will then make another post with a nice little security regimen


Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove Combofix

Click Start then Run.
On Windows7 or Vista you may use Start Search field if Run is not available.
In the box copy/paste the following command:

ComboFix /Uninstall

Note that there is a space between " ComboFix " and " /Uninstall " .

Then click OK (or press Enter ).
Wait for the uninstall process to complete.

Remove tools

Download and run Delfix
Select the options as shown
delfix.JPG


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version
javara.JPG


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes.

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#28
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How to set up a reasonable and light security regime for your system. Apart from cryptoprevent all other elements are install and forget.

DOWNLOAD AND INSTALL ANTIVIRUS

Download Avast - direct link Avast 2015

Download the Norton removal tool from here ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe
Download Constant Guard removal tool from here http://downloads.idv...leaninstall.exe
Then from Control Panel > Programs and Features uninstall any reference to Norton/Symantec. There are no entries for the Comcast programme
Then once done run both tools that you have downloaded (Norton removal tool - constantguardcleaning)

After the necessary reboots Run the Avast install programme that is on your desktop

Select Custom install
Remove the ticks from the first page for the following unless you want them :
avastchrome.JPG
Dropbox
Chrome
Chrome toolbar


Select Next
Deselect the following from the middle column as you will not need them :
avasttools.JPG
SecureLine
Grimefighter


Select Continue and allow the programme to install

Be aware that the first reboot may take a few minutes as Avast builds the virtual machine

Avast will need to be registered as this helps them determine the server load, as updates are downloaded in small bursts every few minutes each is about 2Kb

How to register

Right click the Avast orange blob on the task bar
Select registration
Select Standard Protection
avast%20register1.JPG
Fill in your e-mail address
avast%20register2.JPG
Click register with e-mail address and you are done
Once registered open Avast
Go to Settings > General
Place a tick in "Scan for Potentially Unwanted Programmes (PUP's) "
Place a tick in "Silent /Gaming mode"
pups.JPG

PROTECT AGAINST RANSOMEWARE

CryptoPrevent install this programme to lock down and prevent crypto ransome ware.
Manually update monthly

CryptoPrevent.JPG

PROTECT AGAINST UNWANTED BUNDLED SOFTWARE

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
unchecky.JPG
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

IF YOU USE USB DRIVES

Download MCShield to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives
mcshield%20unhide.JPG
Plug in the drive and McShield will start a scan

BACKUP AND IMAGING

It is always advisable to have a backup of your current windows set up on a seperate USB external drive
I recommend Macrium Reflect for this
I have a small tutorial here on how to use it http://www.geekstogo...t-imaging-tool/
The restore from backup usually completes in about 20 minutes (depending on the size of your drive )
macrium%20reflect.JPG
  • 0

#29
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP