Bring 'em on...
Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!
Bring 'em on...
Ok, sorry that this took so long. The site is working now.
Let's get the rest of Spark Trust off the computer.
OTL Fix
:Commands [CREATERESTOREPOINT] :OTL [2014/07/11 14:52:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SparkTrust [2014/07/19 12:24:50 | 000,000,474 | ---- | M] () -- C:\windows\tasks\SparkTrust Update Version3 Startup Task.job [2014/07/19 12:17:31 | 000,000,552 | ---- | M] () -- C:\windows\tasks\SparkTrust AntiVirus Startup.job [2014/07/11 17:33:30 | 000,000,422 | ---- | M] () -- C:\windows\tasks\SparkTrust Update Version3.job [2013/11/28 17:04:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Extensions [2014/07/17 06:08:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\imt0iusk.default\extensions [2014/06/13 15:20:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions FF - user.js - File not found [2014/06/13 15:20:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions :Commands [EMPTYTEMP] [RESETHOSTS]
Assuming that the OTL fix worked, and we'll check for that at the end, Spark Trust will NOT be on you system. However, there may be a few locations that want to Run it. It won't be able to run, but let's remove the request anyway so that you won't have to see it.
Let's see if an Autostart entry for Spark Trust is available for removing.
Go to a Command Prompt. To do this Click the Start Button in the Lower Left. If you've used Command Prompt recently you'll find the program on the Tree that pops up. Just click it. If it's not there, navigate to Windows System and you'll find it there.
Inside of Command Prompt, type MSCONFIG and hit Return. On the Start Up tab look to see if SpartTrust is listed. If so, remove the Check Mark next to it.
Next steps...
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older versions of Java components and upgrade the application.
Upgrading Java :
Please download JavaRa to your desktop and unzip it to its own folder
Update Adobe Flash Player
NOTE: Depending on your settings, you may have to temporarily disable your antivirus software and firewall.
You will need to download and install both the IE and non-IE versions of Adobe Flashplayer. Click here to go to the download page.
You will need to download and install each version of FlashPlayer (Flash Player for Internet Explorer AND Flash Player for Other Browsers) seperately
Download Malwarebytes' Anti-Malware
Double Click mbam-setup.exe to install the application.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
ESET Online Scanner:
Please run a free online scan with the ESET Online Scanner
Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.
Note: This scan works with Internet Explorer or Mozilla FireFox.
If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
To review,
Last, let me know how the computer is running and if you have any concerns, pop-up, delays, etc. No is the time to fix em:)
Hi there...did you want to see this reportv from OTL?
here it is anyway
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
C:\Program Files (x86)\Common Files\SparkTrust\UUS3\Images folder moved successfully.
C:\Program Files (x86)\Common Files\SparkTrust\UUS3 folder moved successfully.
C:\Program Files (x86)\Common Files\SparkTrust folder moved successfully.
C:\Windows\Tasks\SparkTrust Update Version3 Startup Task.job moved successfully.
C:\Windows\Tasks\SparkTrust AntiVirus Startup.job moved successfully.
C:\Windows\Tasks\SparkTrust Update Version3.job moved successfully.
C:\Users\owner\AppData\Roaming\mozilla\Extensions folder moved successfully.
C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\imt0iusk.default\extensions folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\distribution\extensions folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: owner
->Temp folder emptied: 2064 bytes
->Temporary Internet Files folder emptied: 183810 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5196507 bytes
->Flash cache emptied: 506 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 263360 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 5.00 mb
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 07202014_190846
Files\Folders moved on Reboot...
C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File\Folder C:\windows\temp\fb_1804.lck not found!
File move failed. C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
I hope you're here....am I saving Java or opening it with Windows explorer?
I hope you're here....am I saving Java or opening it with Windows explorer?
I'm here now...I don't understand the question?
When I click on your Java link I get a box that asks if I should have Firefox Open with Windows(default) or save the file?
I'm not getting that when I do it.
You should be downloading a Stand Alone Java Uninstaller. It's for getting rid of your old versions of Java. Once the old stuff is gone you can download the new one. You're using Javara right?
Upgrading Java :
Please download JavaRa to your desktop and unzip it to its own folder
The whole box says:
"Opening JavaRa-2.6.zip
You have chosen to open JavaRa2.6zip
which is compressed folder ...from... download.thewebatom.net"
and asks me to make the choice of what to do with it. I just tried it again from the new post
Ohhhh...that's just the unzip stuff. I guess we assume that you have an unzip utility. If you don't have one, you'll have to download one. If you've got one, just let is unzip the file to anywhere you want to unzip it. The Desktop is usually the easiest. When were done, I have a utility that cleans up all the tools we used.
This was a little weird...It didn't look quite as I expected. There was nothing to check or remove.
Just let me know if you've gotta call it a night....I'm gonna try that eset.
Oh. Just looked at the instructions to see if I had any questions first...a couple hours? I guess I'll catch you tomorrow then, eh?
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 7/20/2014
Scan Time: 9:20:02 PM
Logfile: malbytes.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.07.20.07
Rootkit Database: v2014.07.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: owner
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 285840
Time Elapsed: 6 min, 25 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
Just shoot me. ESET wants to know if it should enable or disable detection of potentially unwanted applications.
Yeah, me too. I'll catch up with you tomorrow. I feel as if I'm going where no man has gone before.
Good night Mr Spock.
Yes, enable it.Just shoot me. ESET wants to know if it should enable or disable detection of potentially unwanted applications.
Hello Biscuithd,
So you did.
My apologies. I was tired and had a bad attitude about other stuff and never should have started anything last night.
Seeya later if you're around. Still got a couple hours of eset I guess, so we'll see...
I do promise to read everything first.
As near as I can tell, the first five from "to review" are all ok.
In the past I kept getting notices about java updates and couldn't make it work.
Adobe I think I just ignored.
Thanks again for all of your help and patience. I'll try to be a better student. Don't know what that is, but....
Edited by hofner, 21 July 2014 - 12:38 PM.
Need some (more) help here...I have not hit FInish on ESET yet...wanna make sure this is what you need or is there something after this?
C:\ProgramData\RogueKiller\Debug\physicaldrive0_LL1_mbr Win32/Olmarik.AYX trojan
C:\ProgramData\RogueKiller\Debug\physicaldrive0_LL2_mbr Win32/Olmarik.AYX trojan
C:\Users\All Users\RogueKiller\Debug\physicaldrive0_LL1_mbr Win32/Olmarik.AYX trojan
C:\Users\All Users\RogueKiller\Debug\physicaldrive0_LL2_mbr Win32/Olmarik.AYX trojan
C:\Users\owner\Downloads\speedzookasetup_99791115368417385861.exe probably a variant of Win32/Adware.RegGenie application
C:\zoek_backup\C_PROGRA~2_Inbox Toolbar\FF_Install.cab Win32/Toolbar.Inbox.F potentially unwanted application
Edited by hofner, 21 July 2014 - 05:50 PM.
0 members, 0 guests, 0 anonymous users
Community Forum Software by IP.Board
Licensed to: Geeks to Go, Inc.