I seem to be doing ok today. I went to Yahoo homepage, went to Craigslist for autos, CarMax, and to Raley's store to renew my medicines. I haven't seen a pop up yet!!
Yay!
Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!
I seem to be doing ok today. I went to Yahoo homepage, went to Craigslist for autos, CarMax, and to Raley's store to renew my medicines. I haven't seen a pop up yet!!
Yay!
:Commands [CLEARALLRESTOREPOINTS] [Reboot]
.Thanks very much. Can you tell how long her Microsoft Essentials Security is goodf for? I just renewed my McAfee for my laptop and can cover up to 2 more computers. Which one do you think is better?
Again, thank you so much. She only 19, a jr college student working 30 hr a week and trying to save up for a car...There's always something isn't there?
Thank you again, I will go over all this with her so she understands what she needs to do to keep her laptop safe. Have a wonderful weekend.
MSE has been back-burnered by MS (they use a beefed up Windows Defender on Win 8) and it seems to be getting weaker. McAfee is a waste of money. The free Avast is much better:
I'm working on installing Avast tonight. Will let you know how things go.
I ran the Avast today and here is the report:
05/04/2014 12:18
Scan of all local drives
File C:\Users\Ellery\AppData\Roaming\AffiliatedUpdate\UpdateProc\UpdateTask.exe is infected by Win32:Rootkit-gen [Rtk], Moved to chest
File C:\Users\Ellery\Downloads\setup.exe is infected by Win32:Adware-gen [Adw], Moved to chest
File C:\Users\Ellery\FLV Player\Uninstall\__Uninstall_.exe is infected by Win32:Adware-gen [Adw], Moved to chest
File C:\FRST\Quarantine\C\Users\Ellery\AppData\Local\Temp\ICReinstall_setup.exe.xBAD is infected by Win32:Adware-gen [Adw], Moved to chest
File C:\Qoobox\Quarantine\C\ProgramData\KeyboardVerifierPolicy.dll.vir is infected by Win32:MalOb-HO [Cryp], Moved to chest
File C:\Qoobox\Quarantine\C\Users\Ellery\AppData\Local\{02C2357F-6111-4C54-9AAC-B4FA3F1191E9}\chrome\content\overlay.xul.vir is infected by JS:Iframe-QO [Trj], Moved to chest
File C:\Qoobox\Quarantine\C\Windows\assembly\tmp\U\[email protected]|>[Embedded_R#00290] is infected by Win32:BitCoinMiner-U [PUP], Moved to chest
File C:\Qoobox\Quarantine\C\Windows\assembly\tmp\U\[email protected] is infected by Win32:BitCoinMiner-U [PUP], Moved to chest
File C:\Qoobox\Quarantine\C\Windows\assembly\tmp\U\[email protected] is infected by Win64:ZAccess-A [Trj], Moved to chest
File C:\Qoobox\Quarantine\C\Windows\assembly\tmp\U\[email protected] is infected by Win64:Alureon-G [Rtk], Moved to chest
File C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir|>[Embedded_I#1ae7] is infected by Win32:Sirefef-PL [Rtk], Moved to chest
File C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir|>[Embedded_I#2ee7] is infected by Win32:Sirefef-PL [Rtk], Moved to chest
File C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir|>[Embedded_I#471f] is infected by Win32:Sirefef-JQ [Trj], Moved to chest
File C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir is infected by Win32:Sirefef-JQ [Trj], Moved to chest
File C:\Temp\t.msi|>cab1.cab|>IEOptimizer.dll is infected by Win64:BullSave-B [Adw], Moved to chest
File C:\Temp\t.msi|>cab1.cab|>IEOptimizer64.dll is infected by Win32:BHO-ALX [Trj], Moved to chest
File C:\Windows\Installer\1a412614.msi|>cab1.cab|>IEOptimizer.dll is infected by Win64:BullSave-B [Adw], Moved to chest
File C:\Windows\Installer\1a412614.msi|>cab1.cab|>IEOptimizer64.dll is infected by Win32:BHO-ALX [Trj], Moved to chest
File C:\Windows.old\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE is infected by Win32:MalOb-IJ [Cryp], Moved to chest
File C:\Windows.old\Users\Ellery\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{44841CE4-8C47-11DF-8D70-A4BADB95AB88}.dat|>TL5 is infected by VBS:Agent-KQ [Trj], Moved to chest
File C:\Windows.old\Windows\assembly\GAC_64\Desktop.ini is infected by Win32:Sirefef-PL [Rtk], Moved to chest
File C:\Windows.old\Windows\assembly\tmp\kwrd.dll|>[UPX] is infected by Win32:Malware-gen, Moved to chest
File C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H52YLL46\jxknptshmc-popcap-plants-vs-zombies[1].txt is infected by JS:ScriptIP-inf [Trj], Moved to chest
File C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H52YLL46\tv-quotes[1].txt is infected by JS:ScriptIP-inf [Trj], Moved to chest
File C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\279dfd1-5accef33|>main.class is infected by Java:Agent-AXI [Expl], Moved to chest
File C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\4ce2be02-6ca61b2e|>json\Option.class is infected by Java:Agent-ADL [Expl], Moved to chest
File C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\4ce2be02-6ca61b2e|>json\SmartyPointer.class is infected by Java:Agent-ZB [Expl], Moved to chest
File C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\4ce2be02-6ca61b2e|>json\ThreadParser.class is infected by Java:Agent-AEH [Expl], Moved to chest
File C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\4ce2be02-6ca61b2e|>json\XML.class is infected by Java:Agent-ADT [Expl], Moved to chest
File C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\d9769e0-44ed604d|>json\Option.class is infected by Java:Agent-ADL [Expl], Moved to chest
File C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\d9769e0-44ed604d|>json\SmartyPointer.class is infected by Java:Agent-ZB [Expl], Moved to chest
File C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\d9769e0-44ed604d|>json\ThreadParser.class is infected by Java:Agent-AEH [Expl], Moved to chest
File C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\d9769e0-44ed604d|>json\XML.class is infected by Java:Agent-ADT [Expl], Moved to chest
File C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\53c9d3bb-36402fc2|>main.class is infected by Java:Agent-AXI [Expl], Moved to chest
File C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\1f75e909-6825cb96|>json\Option.class is infected by Java:Agent-ADL [Expl], Moved to chest
File C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\1f75e909-6825cb96|>json\SmartyPointer.class is infected by Java:Agent-ZB [Expl], Moved to chest
File C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\1f75e909-6825cb96|>json\ThreadParser.class is infected by Java:Agent-AEH [Expl], Moved to chest
File C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\1f75e909-6825cb96|>json\XML.class is infected by Java:Agent-ADT [Expl], Moved to chest
File C:\_OTL\MovedFiles\11162011_212519\C_Users\Ellery\AppData\Roaming\Imcuiqo\etycfa.exe|>[UPX] is infected by Win32:MalOb-IJ [Cryp], Moved to chest
Number of searched folders: 69174
Number of tested files: 1711965
Number of infected files: 39
The top one is a rootkit so good you ran Avast. (I don't really think it was active tho.) The stuff in C:\Qoobox had already been removed by Combofix and that in C:\FRST\Quarantine by FRST. The stuff in C:\Windows.old is from an earlier install of windows and not active. Rest appears to be adware installers which weren't active.. How is it running now?
Seems to be running well. I went to Google, Yahoo, the mlb.com page and her college page. No pop-ups.
Yay!!
Good to hear.
Sounds like we're all okay now?
Yep.
0 members, 0 guests, 0 anonymous users
Community Forum Software by IP.Board
Licensed to: Geeks to Go, Inc.