Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Apr 19, 2015 18:54:31 GMT -8
what about the rest of the question??
Quads
|
|
smb74
New Helpee
Posts: 40
|
Post by smb74 on Apr 19, 2015 19:01:01 GMT -8
what about the rest of the question?? Quads Sorry, I don't understand. What question?
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Apr 19, 2015 19:07:32 GMT -8
You updated your last message while I was typing. On with step 4, Complete system check for any file and cleanup of items and tools used. Special attention to the different settings I have asked for below You can leave Norton Enabled even though ESET may warn about it. just makes the scan take longer. The pictures below showing what to click may be blue instead of green on the ESET website now, but the procedure is still the same Please read carefully and Slowly, Notice all the settings listed below to check before starting the scan. Take note of the NO tick in the Remove found threats setting below at it needs to have the tick removed.
Please download Online Scanner and save it to your Desktop. Start with administartor privileges. Select the option Yes, and click on . Choose the following settings: NO!! for Remove found threats (reason for this is we don't want something deleted and then Windows won't load). Click on Start. The virus signature database will begin to download. This may take some time. When completed the Online Scan will begin automatically. Note: This scan might take a long time! Please be patient.When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first! (List found Threats)Now click on Finish Quads
|
|
smb74
New Helpee
Posts: 40
|
Post by smb74 on Apr 19, 2015 21:30:39 GMT -8
C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C\Program Files (x86)\SaalePLus\SaalePLus.exe.vir a variant of Win32/BHOUninstaller.AB potentially unwanted application C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C\Program Files (x86)\SalePlus\8iN8nVa47fSj2D.dll.vir a variant of Win32/Adware.MultiPlug.FL application C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C\Program Files (x86)\SpaceCoouponApp\oRPMdH8uOBfv2D.dll.vir a variant of Win32/Adware.MultiPlug.FL application C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C\Program Files (x86)\SpaceCoouponApp\oRPMdH8uOBfv2D.x64.dll.vir a variant of Win64/Adware.MultiPlug.G application C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C\Program Files (x86)\youtubeadblocker\k7909ZphK0hD1T.x64.dll.vir a variant of Win64/Adware.MultiPlug.G application C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C\Users\Baker Family\AppData\Roaming\mystartsearch\UninstallManager.exe.vir a variant of Win32/ELEX.CP potentially unwanted application C:\FRST\Quarantine\C\Program Files (x86)\NoeNoizeBrowse\AtEoOgGHndkreF.x64.dll Win64/Adware.MultiPlug.G application C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe a variant of Win32/Systweak.L potentially unwanted application C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll a variant of Win32/Systweak.N potentially unwanted application C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe a variant of Win32/Systweak.L potentially unwanted application C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe a variant of Win32/Systweak potentially unwanted application C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe a variant of Win32/Systweak.L potentially unwanted application C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe a variant of Win32/Systweak.L potentially unwanted application C:\ProgramData\Symantec\DefWatch.DWH\dwh1a38.tmp a variant of Win32/Adware.MultiPlug.ER application C:\Users\Baker Family\AppData\Local\Temp\59D0\temp\hpds_setup.exe Win32/SProtector.M potentially unwanted application C:\Windows\Installer\bdba04.msi a variant of Win32/Systweak.L potentially unwanted application C:\Windows\System32\LavasoftTcpService.dll a variant of Win32/Komodia.A potentially unsafe application C:\Windows\SysWOW64\LavasoftTcpService.dll a variant of Win32/Komodia.A potentially unsafe application D:\Downloads\cpu-z_1.70-setup-en.exe Win32/JoyDownloader.D potentially unwanted application D:\Downloads\Minecraft_Gift_Codes_Generator(Updated-2015).exe a variant of Win32/Adware.MultiPlug.GE application D:\Downloads\winzip19-mediafire.exe a variant of Win32/InstallCore.TS potentially unwanted application D:\Office Documents\Belle\Belle\Iwin games\TempleofBricksSetup-dm.exe a variant of Win32/Adware.Trymedia potentially unwanted application D:\Office Documents\Belle\Belle\Iwin games\WondersSetup-dm.exe a variant of Win32/Adware.Trymedia potentially unwanted application D:\Office Documents\Elements\My Documents\media.player.codec.pack.v4.2.4.setup.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application D:\Office Documents\Elements\My Documents\Rocket_Download_Manager_Setup(1).exe a variant of Win32/Adware.iBryte.G application D:\Office Documents\Elements\My Documents\Rocket_Download_Manager_Setup(2).exe a variant of Win32/Adware.iBryte.G application D:\Office Documents\Elements\My Documents\Rocket_Download_Manager_Setup.exe a variant of Win32/Adware.iBryte.F application D:\Office Documents\Elements\My Documents\Sam And The Womp - Bom Bom (Wookie Remix) - [MP3Juices.com].exe Win32/InstalleRex.E potentially unwanted application D:\Office Documents\Elements\My Documents\SetupImgBurn_2.5.7.0.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application D:\Office Documents\Elements\My Documents\Belle\Iwin games\TempleofBricksSetup-dm.exe a variant of Win32/Adware.Trymedia potentially unwanted application D:\Office Documents\Elements\My Documents\Belle\Iwin games\WondersSetup-dm.exe a variant of Win32/Adware.Trymedia potentially unwanted application D:\Office Documents\Elements\My Documents\Lachlan\Games_Bar_1.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application D:\Office Documents\Elements\My Pictures\2010\Downloads\iMeshV10.exe a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted application D:\Office Documents\Elements\My Pictures\2010\FunStuff\New Folder\Pictures\_Instructions how to set POI for TomTom _4_.pdf JS/Trackware.ReadNotify.A potentially unwanted application
|
|
smb74
New Helpee
Posts: 40
|
Post by smb74 on Apr 19, 2015 21:39:33 GMT -8
Whilst I was doing the scan with ESET, I got two more Trojan.Gen2 notifications. These were the first ones in days, previously I was getting several every minute.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Apr 20, 2015 10:08:40 GMT -8
|
|
smb74
New Helpee
Posts: 40
|
Post by smb74 on Apr 20, 2015 17:34:15 GMT -8
`Thanks Quads, both the alerts happened whilst the ESET scan was being completed, and nothing since.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Apr 20, 2015 18:00:53 GMT -8
Press the + R Keys on your keyboard at the same time. Type notepad and click OK. Copy the entire content of the codebox below and paste into the notepad (Including start and end) start C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe C:\Program Files\WinZip\Utils\WzSysScan C:\Users\Baker Family\AppData\Local\Temp\59D0\temp\hpds_setup.exe C:\Users\Baker Family\AppData\Local\Temp\59D0 C:\Windows\Installer\bdba04.msi C:\Windows\System32\LavasoftTcpService.dll C:\Windows\SysWOW64\LavasoftTcpService.dll D:\Downloads\cpu-z_1.70-setup-en.exe D:\Downloads\Minecraft_Gift_Codes_Generator(Updated-2015).exe D:\Downloads\winzip19-mediafire.exe D:\Office Documents\Belle\Belle\Iwin games\TempleofBricksSetup-dm.exe D:\Office Documents\Belle\Belle\Iwin games\WondersSetup-dm.exe D:\Office Documents\Elements\My Documents\media.player.codec.pack.v4.2.4.setup.exe D:\Office Documents\Elements\My Documents\Rocket_Download_Manager_Setup(1).exe D:\Office Documents\Elements\My Documents\Rocket_Download_Manager_Setup(2).exe D:\Office Documents\Elements\My Documents\Rocket_Download_Manager_Setup.exe D:\Office Documents\Elements\My Documents\Sam And The Womp - Bom Bom (Wookie Remix) - [MP3Juices.com].exe D:\Office Documents\Elements\My Documents\SetupImgBurn_2.5.7.0.exe D:\Office Documents\Elements\My Documents\Belle\Iwin games\TempleofBricksSetup-dm.exe D:\Office Documents\Elements\My Documents\Belle\Iwin games\WondersSetup-dm.exe D:\Office Documents\Elements\My Documents\Lachlan\Games_Bar_1.exe D:\Office Documents\Elements\My Pictures\2010\Downloads\iMeshV10.exe D:\Office Documents\Elements\My Pictures\2010\FunStuff\New Folder\Pictures\_Instructions how to set POI for TomTom _4_.pdf end Click File, Save As and type fixlist (.txt may be seen on the end depending on the system setup) as the File Name. Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Right-click on icon and select Run as Administrator to start FRST. (XP users click run after receipt of Windows Security Warning - Open File). Press the button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop, called Fixlog.txt. To paste or attach back here Quads
|
|
smb74
New Helpee
Posts: 40
|
Post by smb74 on Apr 20, 2015 18:49:44 GMT -8
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-04-2015 Ran by Baker Family at 2015-04-21 12:48:17 Run:3 Running from C:\Users\Baker Family\Desktop Loaded Profiles: Baker Family (Available profiles: Baker Family) Boot Mode: Normal ==============================================
Content of fixlist: ***************** start C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe C:\Program Files\WinZip\Utils\WzSysScan C:\Users\Baker Family\AppData\Local\Temp\59D0\temp\hpds_setup.exe C:\Users\Baker Family\AppData\Local\Temp\59D0 C:\Windows\Installer\bdba04.msi C:\Windows\System32\LavasoftTcpService.dll C:\Windows\SysWOW64\LavasoftTcpService.dll D:\Downloads\cpu-z_1.70-setup-en.exe D:\Downloads\Minecraft_Gift_Codes_Generator(Updated-2015).exe D:\Downloads\winzip19-mediafire.exe D:\Office Documents\Belle\Belle\Iwin games\TempleofBricksSetup-dm.exe D:\Office Documents\Belle\Belle\Iwin games\WondersSetup-dm.exe D:\Office Documents\Elements\My Documents\media.player.codec.pack.v4.2.4.setup.exe D:\Office Documents\Elements\My Documents\Rocket_Download_Manager_Setup(1).exe D:\Office Documents\Elements\My Documents\Rocket_Download_Manager_Setup(2).exe D:\Office Documents\Elements\My Documents\Rocket_Download_Manager_Setup.exe D:\Office Documents\Elements\My Documents\Sam And The Womp - Bom Bom (Wookie Remix) - [MP3Juices.com].exe D:\Office Documents\Elements\My Documents\SetupImgBurn_2.5.7.0.exe D:\Office Documents\Elements\My Documents\Belle\Iwin games\TempleofBricksSetup-dm.exe D:\Office Documents\Elements\My Documents\Belle\Iwin games\WondersSetup-dm.exe D:\Office Documents\Elements\My Documents\Lachlan\Games_Bar_1.exe D:\Office Documents\Elements\My Pictures\2010\Downloads\iMeshV10.exe D:\Office Documents\Elements\My Pictures\2010\FunStuff\New Folder\Pictures\_Instructions how to set POI for TomTom _4_.pdf end *****************
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe => Moved successfully. C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll => Moved successfully. C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe => Moved successfully. C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe => Moved successfully. C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe => Moved successfully. C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe => Moved successfully. C:\Program Files\WinZip\Utils\WzSysScan => Moved successfully. C:\Users\Baker Family\AppData\Local\Temp\59D0\temp\hpds_setup.exe => Moved successfully. C:\Users\Baker Family\AppData\Local\Temp\59D0 => Moved successfully. C:\Windows\Installer\bdba04.msi => Moved successfully. "C:\Windows\System32\LavasoftTcpService.dll" => File/Directory not found. C:\Windows\SysWOW64\LavasoftTcpService.dll => Moved successfully. D:\Downloads\cpu-z_1.70-setup-en.exe => Moved successfully. D:\Downloads\Minecraft_Gift_Codes_Generator(Updated-2015).exe => Moved successfully. D:\Downloads\winzip19-mediafire.exe => Moved successfully. D:\Office Documents\Belle\Belle\Iwin games\TempleofBricksSetup-dm.exe => Moved successfully. D:\Office Documents\Belle\Belle\Iwin games\WondersSetup-dm.exe => Moved successfully. D:\Office Documents\Elements\My Documents\media.player.codec.pack.v4.2.4.setup.exe => Moved successfully. D:\Office Documents\Elements\My Documents\Rocket_Download_Manager_Setup(1).exe => Moved successfully. D:\Office Documents\Elements\My Documents\Rocket_Download_Manager_Setup(2).exe => Moved successfully. D:\Office Documents\Elements\My Documents\Rocket_Download_Manager_Setup.exe => Moved successfully. D:\Office Documents\Elements\My Documents\Sam And The Womp - Bom Bom (Wookie Remix) - [MP3Juices.com].exe => Moved successfully. D:\Office Documents\Elements\My Documents\SetupImgBurn_2.5.7.0.exe => Moved successfully. D:\Office Documents\Elements\My Documents\Belle\Iwin games\TempleofBricksSetup-dm.exe => Moved successfully. D:\Office Documents\Elements\My Documents\Belle\Iwin games\WondersSetup-dm.exe => Moved successfully. D:\Office Documents\Elements\My Documents\Lachlan\Games_Bar_1.exe => Moved successfully. D:\Office Documents\Elements\My Pictures\2010\Downloads\iMeshV10.exe => Moved successfully. D:\Office Documents\Elements\My Pictures\2010\FunStuff\New Folder\Pictures\_Instructions how to set POI for TomTom _4_.pdf => Moved successfully.
==== End of Fixlog 12:48:20 ====
|
|
smb74
New Helpee
Posts: 40
|
Post by smb74 on Apr 20, 2015 18:53:37 GMT -8
Quads, I'm also getting this error message that proactive threat protection is malfunctioning. Can you please advise if this is something you can help me with or if I need to go to the Symantec forums for some assistance.
|
|