dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Jul 24, 2015 18:42:56 GMT -8
This next step may take a while (just to warn you) ..... ESET Online does not work with IE 11 (Internet Explorer) at the moment (a few weeks ago anyway) so if you have IE 11, Chrome or Firefox has to be used instead. ESET Online does work with IE 10 and earlier. You can leave Norton Enabled even though ESET may warn about it. just makes the scan take longer. The pictures below showing what to click may be blue instead of green on the ESET website now, but the procedure is still the same Please read carefully and Slowly, Notice all the settings listed below to check before starting the scan. Stop and ask if you have any questions.Take note of the NO tick in the Remove found threats setting below at it needs to have the tick removed.
Hold down Control key and click on the following link to open ESET OnlineScan in a new window. Link =>> ESET Online Scanner << Click the Run ESET Online Scanner located on the left side of the page (not the free trial). For browsers other than Internet Explorer only: (Microsoft Internet Explorer users can skip this step) Click on the esetsmartinstaller link in the popup window that opens. Save it to your desktop. Double click on the icon on your desktop. Check (accept) the Terms of Use. Click the START button. Accept any security warnings from your browser. Now in the Computer scan settings window that appears:- Make sure that the option Enable detection of potentially unwanted applications is selected. Now click on Advanced Settings and configure the options as follows: Remove found threats is Not checkedScan archives is checkedScan for potentially unsafe applications is checkedEnable Anti-Stealth Technology is checkedNow click on: StartESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. When the scan is finished, if any threats are found you will see the screen below. Click to view the found threats. At the bottom of the listed threats, there is an option to save the results to a text file. Please do this so you can attach the results here for review and removal of the items that are not false positives (these will be scripted out so do not worry). Once the log text file is saved, return to the Scan Finished screen by clicking "<<Back", then click on the uninstall button and click Finish. Attach the saved log file in your next reply please. Thanks.
|
|
|
Post by lindseyrachelle620 on Jul 27, 2015 8:26:13 GMT -8
Here's my log. Thanks!!!! I had to copy and paste because for some reason, pastebin and wikisend are giving me errors. Do you need it in the form of a download? I can try again in a little bit.
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Users\hpkgoojemicfkkadnbfnijmabnjckfcg\background.js Win32/TrojanDownloader.Tracur.V trojan C:\Users\Ashley\Downloads\setup_adobe_shockwave_player.exe a variant of Win32/DownloadAssistant.A potentially unwanted application
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Jul 27, 2015 17:38:23 GMT -8
Open notepad by pressing the Windows Key + R key, typing notepad in the Run box and pressing Enter. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txtNOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemStart FRST that is on the desktop by right clicking on file and selecting "Run as Administrator..." and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
|
|
|
Post by lindseyrachelle620 on Jul 28, 2015 9:20:58 GMT -8
Fix result of Farbar Recovery Scan Tool (x64) Version:26-07-2015 Ran by Ashley at 2015-07-28 09:48:38 Run:2 Running from C:\Users\Ashley\Desktop Loaded Profiles: Ashley (Available Profiles: Ashley) Boot Mode: Normal ==============================================
fixlist content: ***************** Start CreateRestorePoint: CloseProcesses: C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Users\hpkgoojemicfkkadnbfnijmabnjckfcg\background.js C:\Users\Ashley\Downloads\setup_adobe_shockwave_player.exe cmd: ipconfig /flushdns cmd: netsh advfirewall reset cmd: netsh advfirewall set allprofiles state on CMD: bitsadmin /reset /allusers RemoveProxy: EmptyTemp: Reboot: end
*****************
Restore point was successfully created. Processes closed successfully. C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Users\hpkgoojemicfkkadnbfnijmabnjckfcg\background.js => moved successfully. C:\Users\Ashley\Downloads\setup_adobe_shockwave_player.exe => moved successfully.
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
========= netsh advfirewall reset =========
Ok.
========= End of CMD: =========
========= netsh advfirewall set allprofiles state on =========
Ok.
========= End of CMD: =========
========= bitsadmin /reset /allusers =========
BITSADMIN version 3.0 [ 7.5.7601 ] BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
0 out of 0 jobs canceled.
========= End of CMD: =========
========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully HKU\S-1-5-21-1936193561-4228598581-3577291573-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\S-1-5-21-1936193561-4228598581-3577291573-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
========= End of RemoveProxy: =========
EmptyTemp: => 107.4 MB temporary data Removed.
The system needed a reboot..
==== End of Fixlog 09:49:27 ====
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Jul 28, 2015 21:07:13 GMT -8
If you did not do so at the end of its scan, please uninstall ESET Online Scanner at this time. You can use the Control Panel 'Add / Remove Programs' or 'Programs and Features' utility to uninstall it. Next, we need to remove the tools we've used during cleaning your machine. [/a] Ensure the following is ticked: - Activate UAC
- Remove disinfection tools
- Create registry backup
- Purge system restore
- Reset system settings
[/ul] Then click Run. The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply. Once you have the log file saved, please reboot your system to complete the clean up process. Your system looks clean and your logs are fine. Unless you want something else done, you are done and free to go.Final word from me: Surf safely, and watch when installing or letting anything add itself to your system. Remember, the best security is not on your system but in the chair in front of it. Take care and thanks for sticking with us.
|
|
|
Post by lindseyrachelle620 on Jul 29, 2015 7:38:59 GMT -8
# DelFix v1.010 - Logfile created 29/07/2015 at 10:25:04 # Updated 26/04/2015 by Xplode # Username : Ashley - ASHLEY-PC # Operating System : Windows 7 Professional Service Pack 1 (64 bits)
~ Activating UAC ... OK
~ Removing disinfection tools ...
Deleted : C:\FRST Deleted : C:\AdwCleaner Deleted : C:\Users\Ashley\Desktop\FRST-OlderVersion Deleted : C:\Users\Ashley\Desktop\Addition.txt Deleted : C:\Users\Ashley\Desktop\AdwCleaner.exe Deleted : C:\Users\Ashley\Desktop\AdwCleaner[S0].txt Deleted : C:\Users\Ashley\Desktop\Fixlog.txt Deleted : C:\Users\Ashley\Desktop\FRST.txt Deleted : C:\Users\Ashley\Desktop\FRST64.exe Deleted : C:\Users\Ashley\Desktop\JRT.exe Deleted : C:\Users\Ashley\Desktop\JRT.txt Deleted : HKLM\SOFTWARE\AdwCleaner
~ Creating registry backup ... OK
~ Cleaning system restore ...
Deleted : RP #260 [Windows Update | 07/16/2015 08:00:33] Deleted : RP #261 [Removed Java 8 Update 31 | 07/17/2015 14:50:52] Deleted : RP #262 [Windows Update | 07/23/2015 08:00:10] Deleted : RP #263 [JRT Pre-Junkware Removal | 07/24/2015 14:32:59] Deleted : RP #265 [Restore Point Created by FRST | 07/28/2015 14:48:39] Deleted : RP #266 [Windows Update | 07/28/2015 20:52:08]
New restore point created !
~ Resetting system settings ... OK
########## - EOF - ##########
THANK YOU!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
|
|