Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

afraid I have multiple infections

outbound info pop up shockwave crash pop up blocker

  • This topic is locked This topic is locked

#31
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
OK,

Did you reset Chrome if not do so..

Please do this one more time, need to make sure it's right. Unless you can find the fixlog.txt on your desktop post it.

A few items to fix;
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
start
CloseProcesses:
CreateRestorePoint:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: [S-1-5-21-615137952-235082984-2108559562-1004] ATTENTION => Default URLSearchHook is missing
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-09-26] (Oracle Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-09-26] (Oracle Corporation)
S3 TDKLIB; \??\C:\Users\Genna\AppData\Local\Temp\ExtactTemp\TdkLib64.sys [X]
2015-08-16 10:19 - 2014-11-16 12:43 - 00000000 __SHD C:\Users\Genna\AppData\Local\EmieBrowserModeList
2015-08-16 10:19 - 2014-04-30 18:21 - 00000000 __SHD C:\Users\Genna\AppData\Local\EmieUserList
2015-08-16 10:19 - 2014-04-30 18:21 - 00000000 __SHD C:\Users\Genna\AppData\Local\EmieSiteList
Task: {09724424-73E9-4985-AAF7-BABC1866DB36} - \DonutQuotes -> No File <==== ATTENTION
Task: {D11679FE-9AB7-4EBC-A6BC-DFBAEE673882} - System32\Tasks\{7EF4D32A-28FA-4CF4-8B23-FAB223BBA47D} => pcalua.exe -a "C:\Program Files (x86)\donutleads\uninstall.exe"
C:\Users\Genna\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptcy0dd.dll
C:\Users\Genna\AppData\Local\Temp\jna2660324884185932600.dll
C:\Users\Genna\AppData\Local\Temp\jna2968711618457328810.dll
C:\Users\Genna\AppData\Local\Temp\jna8485977506312132074.dll
C:\Users\Genna\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dll
C:\Users\Genna\AppData\Local\Temp\sqlite3.dll
C:\Program Files (x86)\donutleads
AlternateDataStreams: C:\Users\Genna\SkyDrive:ms-properties
2014-09-01 04:18 - 2014-09-01 04:18 - 0002086 _____ () C:\Users\Genna\AppData\Roaming\HRZHEL
2014-09-01 04:18 - 2014-09-01 04:18 - 0001248 _____ () C:\Users\Genna\AppData\Roaming\QCARYUG
2014-09-01 04:18 - 2014-09-01 04:18 - 0002086 _____ () C:\Users\Genna\AppData\Roaming\SWGXET
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state OFF
Emptytemp:
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.
 
  • 0

Advertisements


#32
growley

growley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Is this it?

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:14-08-2015 01
Ran by Genna (2015-08-16 19:30:25) Run:2
Running from C:\Users\Genna\Desktop
Loaded Profiles: Genna & UpdatusUser (Available Profiles: Genna & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: [S-1-5-21-615137952-235082984-2108559562-1004] ATTENTION => Default URLSearchHook is missing
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-09-26] (Oracle Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-09-26] (Oracle Corporation)
S3 TDKLIB; \??\C:\Users\Genna\AppData\Local\Temp\ExtactTemp\TdkLib64.sys [X]
2015-08-16 10:19 - 2014-11-16 12:43 - 00000000 __SHD C:\Users\Genna\AppData\Local\EmieBrowserModeList
2015-08-16 10:19 - 2014-04-30 18:21 - 00000000 __SHD C:\Users\Genna\AppData\Local\EmieUserList
2015-08-16 10:19 - 2014-04-30 18:21 - 00000000 __SHD C:\Users\Genna\AppData\Local\EmieSiteList
Task: {09724424-73E9-4985-AAF7-BABC1866DB36} - \DonutQuotes -> No File <==== ATTENTION
Task: {D11679FE-9AB7-4EBC-A6BC-DFBAEE673882} - System32\Tasks\{7EF4D32A-28FA-4CF4-8B23-FAB223BBA47D} => pcalua.exe -a "C:\Program Files (x86)\donutleads\uninstall.exe"
C:\Users\Genna\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptcy0dd.dll
C:\Users\Genna\AppData\Local\Temp\jna2660324884185932600.dll
C:\Users\Genna\AppData\Local\Temp\jna2968711618457328810.dll
C:\Users\Genna\AppData\Local\Temp\jna8485977506312132074.dll
C:\Users\Genna\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dll
C:\Users\Genna\AppData\Local\Temp\sqlite3.dll
C:\Program Files (x86)\donutleads
AlternateDataStreams: C:\Users\Genna\SkyDrive:ms-properties
2014-09-01 04:18 - 2014-09-01 04:18 - 0002086 _____ () C:\Users\Genna\AppData\Roaming\HRZHEL
2014-09-01 04:18 - 2014-09-01 04:18 - 0001248 _____ () C:\Users\Genna\AppData\Roaming\QCARYUG
2014-09-01 04:18 - 2014-09-01 04:18 - 0002086 _____ () C:\Users\Genna\AppData\Roaming\SWGXET
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state OFF
Emptytemp:
*****************

Processes closed successfully.
Restore point was successfully created.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
Could not restore Default URLSearchHook.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found.
"HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found.
"HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
TDKLIB => service removed successfully
C:\Users\Genna\AppData\Local\EmieBrowserModeList => moved successfully.
C:\Users\Genna\AppData\Local\EmieUserList => moved successfully.
C:\Users\Genna\AppData\Local\EmieSiteList => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{09724424-73E9-4985-AAF7-BABC1866DB36}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09724424-73E9-4985-AAF7-BABC1866DB36}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DonutQuotes => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D11679FE-9AB7-4EBC-A6BC-DFBAEE673882}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D11679FE-9AB7-4EBC-A6BC-DFBAEE673882}" => key removed successfully
C:\WINDOWS\System32\Tasks\{7EF4D32A-28FA-4CF4-8B23-FAB223BBA47D} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7EF4D32A-28FA-4CF4-8B23-FAB223BBA47D}" => key removed successfully
C:\Users\Genna\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptcy0dd.dll => moved successfully.
C:\Users\Genna\AppData\Local\Temp\jna2660324884185932600.dll => moved successfully.
C:\Users\Genna\AppData\Local\Temp\jna2968711618457328810.dll => moved successfully.
C:\Users\Genna\AppData\Local\Temp\jna8485977506312132074.dll => moved successfully.
C:\Users\Genna\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dll => moved successfully.
C:\Users\Genna\AppData\Local\Temp\sqlite3.dll => moved successfully.
"C:\Program Files (x86)\donutleads" => File/Folder not found.
C:\Users\Genna\SkyDrive => ":ms-properties" ADS removed successfully.
C:\Users\Genna\AppData\Roaming\HRZHEL => moved successfully.
C:\Users\Genna\AppData\Roaming\QCARYUG => moved successfully.
C:\Users\Genna\AppData\Roaming\SWGXET => moved successfully.

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

=========  netsh advfirewall reset =========

Ok.

========= End of CMD: =========

=========  netsh advfirewall set allprofiles state OFF =========

Ok.

========= End of CMD: =========

EmptyTemp: => 434.8 MB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 19:32:29 ====


  • 0

#33
growley

growley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Norton removed FRST64, there is another folder on desktop FRST-older version, I tried that but it went through everything and said no fixlist found

Do I need to disable Norton again and re-download FRST?


  • 0

#34
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Yes that is it.. Good work !

You don't need to do anything. The last log is all I wanted for now.
  • 0

#35
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
How are things now any better ?
  • 0

#36
growley

growley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Much better than before, but when using internet explorer many webpages end up not responding, does not seem to happen in Chrome.

I need to figure out how to route through Chrome again because right now all my desktop shortcuts go through internet explorer, and most of my 'world' is in Google.


  • 0

#37
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
I would,

Reset Internet Explorer settings.

To do that
See Here. On that page, Look under the topic "Reset Internet Explorer settings"
 
Have to call it a nite.
Let me know how things are after that.

Thanks
Joe :)
  • 0

#38
growley

growley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Things are so much better, how much crap was on here and where did it come from?

Got a pop up notification from Norton: Chrome Protection Alert

The Norton Chrome extensions are not enabled. Install these extensions to protect your device and your identity when you surf with Chrome.

Do I want this?


  • 0

#39
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hello,

Lots of stuff was on there that Anti Virus programs don't necessarily detect. Most of the adware comes from downloading, especially video players, pc optimizers and the like.

Norton Chrome extensions are not enabled.

One of those extensions is probably;
Norton safe search, that may change your default search in Chrome to "Norton Safe search" Norton Safe Search uses Ask.com

Personally I would not use the extensions.

Next

Download Security Check by screen317 from Here or Here
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • 0

#40
growley

growley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
 Results of screen317's Security Check version 1.007  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Disabled!  
Norton Security Suite   
Windows Defender        
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 18.0.0.232  
 Google Chrome (44.0.2403.155) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 

  • 0

Advertisements


#41
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hello,

Everything is as it should be. If there are no further issue we can now remove the programs and log files that were downloaded and created using Dellfix.

Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report.
    Paste it for my review.

  • 0

#42
growley

growley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

that link brought me to the weird sign in page 'Piwik'


  • 0

#43
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Strange. What browser ?

Try delfix from bleeping computer see below;

http://www.bleepingc...ownload/delfix/
  • 0

#44
growley

growley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

It was Chrome, had a bit of trouble with delfix, ended up disabling Norton for 1 hour to let it run, it kept downloading and then when I clicked on it, said removed.

anyway:

 

# DelFix v1.010 - Logfile created 18/08/2015 at 19:09:07
# Updated 26/04/2015 by Xplode
# Username : Genna - MOMMALAPTOP
# Operating System : Windows 8.1  (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Genna\Desktop\FRST-OlderVersion
Deleted : C:\AdwCleaner[C1].txt
Deleted : C:\AdwCleaner[S1].txt
Deleted : C:\AdwCleaner[S2].txt
Deleted : C:\Users\Genna\Desktop\Addition.txt
Deleted : C:\Users\Genna\Desktop\Fixlog.txt
Deleted : C:\Users\Genna\Desktop\FRST.txt
Deleted : C:\Users\Genna\Desktop\JRT.txt
Deleted : C:\Users\Genna\Downloads\SecurityCheck.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
 
~ Cleaning system restore ...
 
Deleted : RP #91 [Scheduled Checkpoint | 07/28/2015 09:58:03]
Deleted : RP #92 [Scheduled Checkpoint | 08/05/2015 02:01:26]
Deleted : RP #93 [Windows Update | 08/12/2015 23:41:39]
Deleted : RP #94 [Removed Amazon Browser App | 08/16/2015 14:43:14]
Deleted : RP #96 [Restore Point Created by FRST | 08/16/2015 15:01:33]
Deleted : RP #97 [Removed Java 7 Update 71 | 08/16/2015 23:12:06]
Deleted : RP #98 [Removed Java 7 Update 71 | 08/16/2015 23:13:39]
Deleted : RP #100 [Restore Point Created by FRST | 08/16/2015 23:30:50]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########

  • 0

#45
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Looks good.

Lets let it run for a day or 2 before I close the topic.

Joe
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP