|
Post by lbnoire on Jan 14, 2015 1:47:51 GMT -8
Okay, after mbar clean up, it says congratulations for not having any malware. Does this mean we are done with computer, and it is ready for normal use? Also, are all of my files unrecoverable? Thanks.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jan 14, 2015 19:48:05 GMT -8
On with step 4, Complete system check for any file and cleanup of items and tools used. Special attention to the different settings I have asked for below You can leave Norton Enabled even though ESET may warn about it. just makes the scan take longer. The pictures below showing what to click may be blue instead of green on the ESET website now, but the procedure is still the same Please read carefully and Slowly, Notice all the settings listed below to check before starting the scan. Take note of the NO tick in the Remove found threats setting below at it needs to have the tick removed.
Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan
Click the For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on Posted Image to download the ESET Smart Installer. Save it to your desktop. Double click on the icon on your desktop. Check Click the button. Accept any security warnings from your browser. Under scan settings, check DON'T (NO)</font></b> check Remove found threats (reason for this is we don't want something deleted and then Windows won't load).
Click Advanced settings and select the following: Scan potentially unwanted applications Scan for potentially unsafe applications Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. Attach the resulting log in your next reply The scanner screen gives me the option of saving the results to a .txt file as part of the options after the scan has finished. Screenshot of part of the finished scan dialog box by ESET showing the options. List found threats and at the bottom of the listings is the options to save the list. Quads
|
|
|
Post by lbnoire on Jan 22, 2015 8:54:09 GMT -8
I am at the ESET site and can only get to the Start button. When I click start, a pop up message appears that reads "an add-on for this website failed to run" and it just hangs there with a blank screen.
Please advise. Thank you.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jan 22, 2015 9:45:52 GMT -8
Try Firefox or Chrome
Quads
|
|
|
Post by lbnoire on Jan 23, 2015 20:20:48 GMT -8
Please review ESET results and advise.
Thanks.
ESET.txt (5.91 KB)
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jan 23, 2015 20:34:27 GMT -8
OK you do have 2 PUP's seen in that list Read carefully
Download Adwcleaner www.bleepingcomputer.com/download/adwcleaner/ on to your desktop The Blue Download Now @bleeping Computer button and run a scan ( Scan Button). It will create a log after. Or there is a Report button, ONE SCAN ONLY
Attach or paste the log back here Quads
|
|
|
Post by lbnoire on Jan 23, 2015 21:44:20 GMT -8
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jan 23, 2015 22:09:05 GMT -8
a) Click the Scan Button and wait for the scan to finish,. (already done if Adwcleaner is left pending) b) Make sure all of the items under each TAB are to be ticked. c) Click the Clean Button and Adwcleaner will process all the items ticked / checked and then may ask for the system to be restarted.[/span] d) It should create a new log afterwards (with S0 in the name). Here is a Screenshot example Quads
|
|
|
Post by lbnoire on Jan 23, 2015 22:57:53 GMT -8
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jan 23, 2015 23:20:49 GMT -8
Press the + R Keys on your keyboard at the same time. Type notepad and click OK. Copy the entire content of the codebox below and paste into the notepad (Including start and end) start C:\Program Files (x86)\Adobe\Reader 10.0\Resource\Linguistics\LanguageNames2\Decrypt All Files esmbiqd.txt C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit.resources\inspector\Decrypt All Files esmbiqd.txt C:\Program Files (x86)\Common Files\Apple\Internet Services\WebKit.resources\inspector\Decrypt All Files esmbiqd.txt C:\Program Files (x86)\Reg Pro Cleaner\Regprocleaner.exe C:\Program Files (x86)\Reg Pro Cleaner C:\temp\InstallFilter64.msi C:\Users\admin\AppData\Local\Temp\nst8C5A.tmp C:\Users\admin\AppData\Local\Temp\1888\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6SRUW35G\pn[1].htm C:\Users\admin\AppData\Local\Temp\198\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6SRUW35G\gaewiojalaf1[1].htm C:\Users\admin\AppData\Local\Temp\198\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6SRUW35G\pn[1].htm C:\Users\admin\AppData\Local\Temp\19ec\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6SRUW35G\pn[1].htm C:\Users\admin\AppData\Local\Temp\1c50\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6SRUW35G\pn[1].htm C:\Users\admin\AppData\Local\Temp\21bc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H86ZM47B\pn[1].htm C:\Users\admin\AppData\Local\Temp\2a60\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6SRUW35G\pn[1].htm C:\Users\admin\AppData\Local\Temp\3304\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6SRUW35G\pn[1].htm C:\Users\admin\AppData\Local\Temp\34b0\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6SRUW35G\gaewiojalaf1[1].htm C:\Users\admin\AppData\Local\Temp\34b0\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6SRUW35G\pn[1].htm C:\Users\admin\AppData\Local\Temp\38d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6SRUW35G\pn[1].htm C:\Users\admin\AppData\Local\Temp\3930\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OGP718YB\gchlkahwula1[1].htm C:\Users\admin\AppData\Local\Temp\3930\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OGP718YB\pn[1].htm C:\Users\admin\AppData\Local\Temp\3930\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OGP718YB\pn[2].htm C:\Users\admin\AppData\Local\Temp\3d6c\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SE1QWPZD\pn[1].htm C:\Users\admin\AppData\Local\Temp\3db8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R0ZRWXCQ\pn[1].htm C:\Users\admin\AppData\Local\Temp\432c\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6SC1GBMX\pn[1].htm C:\Users\admin\AppData\Local\Temp\4b38\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6SRUW35G\pn[1].htm C:\Users\admin\AppData\Local\Temp\536c\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HTISSR8H\pn[1].htm C:\Users\admin\AppData\Local\Temp\5fe4\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6SRUW35G\pn[1].htm C:\Users\admin\AppData\Local\Temp\7828\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6SRUW35G\pn[1].htm C:\Users\admin\AppData\Local\Temp\ae8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VV2WIE3G\pn[1].htm C:\Users\admin\AppData\Local\Temp\f9626892-7a78-3199-abd2-97bbce96297b\Extracted\adv_35.exe C:\Users\admin\AppData\Local\Temp\f9626892-7a78-3199-abd2-97bbce96297b C:\Users\admin\AppData\Local\Temp\n9459\OptimizerProInstaller.exe C:\Users\admin\AppData\Local\Temp\n9459\RegProClean_13_01-18be82b8.exe C:\Users\admin\AppData\Local\Temp\n9459\s9459.exe C:\Users\admin\AppData\Local\Temp\n9459\SuperOptimizerInstaller.exe C:\Users\admin\AppData\Local\Temp\n9459 C:\Users\admin\AppData\Local\Temp\nsjAF25.tmp\SPtool.dll C:\Users\admin\AppData\Local\Temp\nsjAF25.tmp C:\Users\admin\AppData\Local\Temp\nso80A6.tmp\StubUtils.dll C:\Users\admin\AppData\Local\Temp\nso80A6.tmp C:\Users\admin\Music\iTunes\iTunes Media\Downloads\The Great Escape Artist (Deluxe Vers.tmp\The Great Escape Art.tmp\The Great Escape Artist (Deluxe Ver.itlp\images\viz\Decrypt All Files esmbiqd.txt C:\Windows\System32\config\systemprofile\AppData\Roaming\BtvStack.dll C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\BtvStack.dll C:\Windows\Temp\~nsu.tmp\Au_.exe C:\Windows\Temp\~nsu.tmp end Click File, Save As and type fixlist (.txt may be seen on the end depending on the system setup) as the File Name. Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Right-click on icon and select Run as Administrator to start FRST. (XP users click run after receipt of Windows Security Warning - Open File). Press the button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop, called Fixlog.txt. To paste or attach back here Quads
|
|