dbrisen
Malware Removalists
Posts: 3,688 
|
Post by dbrisen on Oct 15, 2016 14:54:15 GMT -8
Go to Emsisoft and download the Emsisoft Free Emergency Kit from here. - Double click on the EmsisoftEmergencyKit.exe file and then click on Extract to unpack the files (the default directory of C:\EEK is fine).
- Go to the new directory and right click on Start Emergency Kit Scanner.exe and choose 'Run as Administrator'.
- Once the scanner loads, allow it check for updates.
- When the updates are finished, click the BACK button to return to the main menu.
- Click on the SCAN and select Malware Scan to start scanning your system. Please enable the PUP detection option, if it asks.
- If the scan finds anything, it will open a scan finding window. Please click on View Report; copy this report and paste it here in reply post.
- Please close the Emergency Kit Scanner program now.
|
|
rowdy
New Helpee
Posts: 13
|
Post by rowdy on Oct 16, 2016 4:01:57 GMT -8
Emsisoft Emergency Kit - Version 11.9
Last update: 10/16/2016 7:54:57 AM
User account: TBNeff-HP\TBNeff
Computer name: TBNEFF-HP
OS version: Windows 7x64 Service Pack 1
Scan settings:
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
Scan start: 10/16/2016 7:55:49 AM
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-275883270-3024501924-3863738055-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{1AD2049E-E483-4425-8555-8E0775ACB631} detected: Application.AdTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60} detected: Application.AdTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{34AD1EA7-8B9E-4D8B-B3ED-365D12C8EE73} detected: Application.AdTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{35BBB95B-2CE4-4A9E-BDED-50EFD632AC00} detected: Application.AdTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{3BA6794F-1E38-4460-949A-0DE97D8EF5C2} detected: Application.AdTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{3CBA93EA-AEC3-4EC3-9EFD-D96A661B639D} detected: Application.AdTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{3E9469AF-E866-4476-B767-810630F1F6E7} detected: Application.AdTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{46CE5380-6055-4C3A-A7E5-3A02A2335C61} detected: Application.AdTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{47700C35-9E3E-4DAD-934C-0CE28A87237C} detected: Application.AdTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{4F6ECF71-C575-4BD2-8EF7-548D0EF1AB1D} detected: Application.AdTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{54D99BE4-2FD7-449E-9DB4-76532CEE0B16} detected: Application.AdTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{5684EAE9-72EB-4CA6-83B8-82434B7E955C} detected: Application.AdTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{5A96E574-F8A6-4F6A-B58D-79C14B698017} detected: Application.AdTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{6605E3BD-7BC3-479C-BF0A-E5D5E954EA52} detected: Application.AdTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{66D59105-FE06-43A4-B292-EB0097E9EB74} detected: Application.AdTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4} detected: Application.AdTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{7FC87AC5-FA93-476E-A32C-A941229DED0B} detected: Application.AdTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{7FCD22A8-B70A-4AC7-AAF1-EBCCD2F6612D} detected: Application.AdTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{9103C314-C4E2-4463-8934-B19BCB46236D} detected: Application.AdTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{93F0AC70-20D8-4AE8-A02F-6812EFFB6B58} detected: Application.AdTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{94E98D20-156E-4C53-BD7F-972C96E680B2} detected: Application.AdTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{A266567F-8E5D-480C-BCE2-C360FA669FD5} detected: Application.AdTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{CE4F67F6-4FD4-49DB-9D71-713CCD3D00CD} detected: Application.AdTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{ECC69F9E-5456-4EDF-AF66-1A9DED11F9EE} detected: Application.AdTool (A)
C:\Users\TBNeff\Downloads\manual_download.exe detected: Gen:Application.Bundler.InstallIQ.1 (B)
Scanned 78048
Found 28
Scan end: 10/16/2016 8:01:09 AM
Scan time: 0:05:20
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Oct 16, 2016 10:45:37 GMT -8
Looks like there was a fair bit of leftover settings in the system. Let's clean those out and then tell me how your system is running please. Open notepad by pressing the Windows Key + R key, typing notepad in the Run box and pressing Enter. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txtNOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemStart FRST that is on the desktop by right clicking on file and selecting "Run as Administrator..." and press the Fix button just once and wait.  If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply. |
|
rowdy
New Helpee
Posts: 13
|
Post by rowdy on Oct 16, 2016 12:47:00 GMT -8
System is running great. I've had other viruses in the past that Norton was able to resolve. Not sure if that's the reason for the leftover settings.
I made a donation for all your help here. Let me know if things look OK now. Thanks!
Fix result of Farbar Recovery Scan Tool (x64) Version: 16-10-2016
Ran by TBNeff (16-10-2016 16:16:54) Run:2
Running from C:\Users\TBNeff\Desktop
Loaded Profiles: TBNeff (Available Profiles: TBNeff)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
REG: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM /v DISABLETASKMGR /f
REG: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM /v DISABLETASKMGR /f
REG: reg delete HKEY_USERS\S-1-5-21-275883270-3024501924-3863738055-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM /v DISABLETASKMGR /f
REG: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{1AD2049E-E483-4425-8555-8E0775ACB631} /f
REG: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60} /f
REG: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{34AD1EA7-8B9E-4D8B-B3ED-365D12C8EE73} /f
REG: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{35BBB95B-2CE4-4A9E-BDED-50EFD632AC00} /f
REG: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{3BA6794F-1E38-4460-949A-0DE97D8EF5C2} /f
REG: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{3CBA93EA-AEC3-4EC3-9EFD-D96A661B639D} /f
REG: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{3E9469AF-E866-4476-B767-810630F1F6E7} /f
REG: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{46CE5380-6055-4C3A-A7E5-3A02A2335C61} /f
REG: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{47700C35-9E3E-4DAD-934C-0CE28A87237C} /f
REG: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{4F6ECF71-C575-4BD2-8EF7-548D0EF1AB1D} /f
REG: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{54D99BE4-2FD7-449E-9DB4-76532CEE0B16} /f
REG: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{5684EAE9-72EB-4CA6-83B8-82434B7E955C} /f
REG: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{5A96E574-F8A6-4F6A-B58D-79C14B698017} /f
REG: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{6605E3BD-7BC3-479C-BF0A-E5D5E954EA52} /f
REG: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{66D59105-FE06-43A4-B292-EB0097E9EB74} /f
REG: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4} /f
REG: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{7FC87AC5-FA93-476E-A32C-A941229DED0B} /f
REG: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{7FCD22A8-B70A-4AC7-AAF1-EBCCD2F6612D} /f
REG: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{9103C314-C4E2-4463-8934-B19BCB46236D} /f
REG: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{93F0AC70-20D8-4AE8-A02F-6812EFFB6B58} /f
REG: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{94E98D20-156E-4C53-BD7F-972C96E680B2} /f
REG: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{A266567F-8E5D-480C-BCE2-C360FA669FD5} /f
REG: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{CE4F67F6-4FD4-49DB-9D71-713CCD3D00CD} /f
REG: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{ECC69F9E-5456-4EDF-AF66-1A9DED11F9EE} /f
C:\Users\TBNeff\Downloads\manual_download.exe
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end
*****************
Restore point was successfully created.
Processes closed successfully.
========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM /v DISABLETASKMGR /f =========
ERROR: The system was unable to find the specified registry key or value.
========= End of Reg: =========
========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM /v DISABLETASKMGR /f =========
ERROR: The system was unable to find the specified registry key or value.
========= End of Reg: =========
========= reg delete HKEY_USERS\S-1-5-21-275883270-3024501924-3863738055-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM /v DISABLETASKMGR /f =========
ERROR: The system was unable to find the specified registry key or value.
========= End of Reg: =========
========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{1AD2049E-E483-4425-8555-8E0775ACB631} /f =========
ERROR: The system was unable to find the specified registry key or value.
========= End of Reg: =========
========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60} /f =========
ERROR: The system was unable to find the specified registry key or value.
========= End of Reg: =========
========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{34AD1EA7-8B9E-4D8B-B3ED-365D12C8EE73} /f =========
ERROR: The system was unable to find the specified registry key or value.
========= End of Reg: =========
========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{35BBB95B-2CE4-4A9E-BDED-50EFD632AC00} /f =========
ERROR: The system was unable to find the specified registry key or value.
========= End of Reg: =========
========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{3BA6794F-1E38-4460-949A-0DE97D8EF5C2} /f =========
ERROR: The system was unable to find the specified registry key or value.
========= End of Reg: =========
========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{3CBA93EA-AEC3-4EC3-9EFD-D96A661B639D} /f =========
ERROR: The system was unable to find the specified registry key or value.
========= End of Reg: =========
========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{3E9469AF-E866-4476-B767-810630F1F6E7} /f =========
ERROR: The system was unable to find the specified registry key or value.
========= End of Reg: =========
========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{46CE5380-6055-4C3A-A7E5-3A02A2335C61} /f =========
ERROR: The system was unable to find the specified registry key or value.
========= End of Reg: =========
========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{47700C35-9E3E-4DAD-934C-0CE28A87237C} /f =========
ERROR: The system was unable to find the specified registry key or value.
========= End of Reg: =========
========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{4F6ECF71-C575-4BD2-8EF7-548D0EF1AB1D} /f =========
ERROR: The system was unable to find the specified registry key or value.
========= End of Reg: =========
========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{54D99BE4-2FD7-449E-9DB4-76532CEE0B16} /f =========
ERROR: The system was unable to find the specified registry key or value.
========= End of Reg: =========
========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{5684EAE9-72EB-4CA6-83B8-82434B7E955C} /f =========
ERROR: The system was unable to find the specified registry key or value.
========= End of Reg: =========
========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{5A96E574-F8A6-4F6A-B58D-79C14B698017} /f =========
ERROR: The system was unable to find the specified registry key or value.
========= End of Reg: =========
========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{6605E3BD-7BC3-479C-BF0A-E5D5E954EA52} /f =========
ERROR: The system was unable to find the specified registry key or value.
========= End of Reg: =========
========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{66D59105-FE06-43A4-B292-EB0097E9EB74} /f =========
ERROR: The system was unable to find the specified registry key or value.
========= End of Reg: =========
========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4} /f =========
ERROR: The system was unable to find the specified registry key or value.
========= End of Reg: =========
========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{7FC87AC5-FA93-476E-A32C-A941229DED0B} /f =========
ERROR: The system was unable to find the specified registry key or value.
========= End of Reg: =========
========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{7FCD22A8-B70A-4AC7-AAF1-EBCCD2F6612D} /f =========
ERROR: The system was unable to find the specified registry key or value.
========= End of Reg: =========
========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{9103C314-C4E2-4463-8934-B19BCB46236D} /f =========
ERROR: The system was unable to find the specified registry key or value.
========= End of Reg: =========
========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{93F0AC70-20D8-4AE8-A02F-6812EFFB6B58} /f =========
ERROR: The system was unable to find the specified registry key or value.
========= End of Reg: =========
========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{94E98D20-156E-4C53-BD7F-972C96E680B2} /f =========
ERROR: The system was unable to find the specified registry key or value.
========= End of Reg: =========
========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{A266567F-8E5D-480C-BCE2-C360FA669FD5} /f =========
ERROR: The system was unable to find the specified registry key or value.
========= End of Reg: =========
========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{CE4F67F6-4FD4-49DB-9D71-713CCD3D00CD} /f =========
ERROR: The system was unable to find the specified registry key or value.
========= End of Reg: =========
========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{ECC69F9E-5456-4EDF-AF66-1A9DED11F9EE} /f =========
ERROR: The system was unable to find the specified registry key or value.
========= End of Reg: =========
"C:\Users\TBNeff\Downloads\manual_download.exe" => not found.
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
========= netsh advfirewall reset =========
Ok.
========= End of CMD: =========
========= netsh advfirewall set allprofiles state on =========
Ok.
========= End of CMD: =========
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
The operation completed successfully.
========= End of Reg: =========
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
The operation completed successfully.
========= End of Reg: =========
========= bitsadmin /reset /allusers =========
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
0 out of 0 jobs canceled.
========= End of CMD: =========
========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-275883270-3024501924-3863738055-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-275883270-3024501924-3863738055-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
========= End of RemoveProxy: =========
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8462436 B
Java, Flash, Steam htmlcache => 1195 B
Windows/system/drivers => 2505520 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
TBNeff => 124916924 B
RecycleBin => 0 B
EmptyTemp: => 137.6 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 16:17:35 ====
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Oct 16, 2016 22:20:56 GMT -8
Just curious but did you have Emsisoft remove (delete) what it found? The script did not remove anything because it did not find anything to remove so I'm just asking.
|
|
rowdy
New Helpee
Posts: 13
|
Post by rowdy on Oct 17, 2016 14:51:33 GMT -8
Yes, it deleted approx. 28 items.
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Oct 17, 2016 21:14:49 GMT -8
We need to remove the tools we've used during the cleaning of your machine. [/a] Ensure the following is ticked: - Remove disinfection tools
- Create registry backup
- Purge system restore
[/ul]  Then click Run. The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply. Once you have the log file saved, please reboot your system to complete the clean up process. Your system looks clean and your logs are fine. Unless you want something else done, you are done and free to go.Final words from me: Surf safely, and watch when installing or letting anything add itself to your system. Remember, the best security is not on your system but in the chair in front of it. Take care and thanks for sticking with us in this rushed time. === options ====Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing. By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed. CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system. You can read the details about this program here. Also, consider adding MalwareBytes Antimalware to your arsenal of safe keeping programs. Use the free version (not the paid or trial version) and you won't have a problem with your antivirus scanner program. Keep it updated and run a scan with it once a week. Lastly, if you use Firefox as your main web browser, consider adding the NoScript and uBlock Origin add-ons to the browser to block scripting hijacks and remove unwanted ads from the pages you view. You may also find some information and tips at this thread: How did I get infected in the first place?and COMPUTER SECURITY - a short quide to staying safer online
I'll leave this topic open for a few days so that if you have any questions you can come back here. Surf safe, my friend!! |
|
rowdy
New Helpee
Posts: 13
|
Post by rowdy on Oct 18, 2016 14:22:06 GMT -8
# DelFix v1.010 - Logfile created 18/10/2016 at 18:19:52
# Updated 26/04/2015 by Xplode
# Username : TBNeff - TBNEFF-HP
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
~ Removing disinfection tools ...
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\TBNeff\Desktop\FRST-OlderVersion
Deleted : C:\Users\TBNeff\Desktop\Addition.txt
Deleted : C:\Users\TBNeff\Desktop\AdwCleaner.exe
Deleted : C:\Users\TBNeff\Desktop\Fixlog.txt
Deleted : C:\Users\TBNeff\Desktop\FRST.txt
Deleted : C:\Users\TBNeff\Desktop\FRST64.exe
Deleted : C:\Users\TBNeff\Desktop\JRT.txt
Deleted : C:\Users\TBNeff\Downloads\JRT.exe
~ Creating registry backup ... OK
~ Cleaning system restore ...
Deleted : RP #660 [Scheduled Checkpoint | 10/06/2016 22:05:48]
Deleted : RP #661 [Removed Java 8 Update 40 | 10/11/2016 23:37:12]
Deleted : RP #662 [Windows Update | 10/12/2016 20:56:40]
Deleted : RP #663 [Windows Update | 10/13/2016 00:33:42]
Deleted : RP #664 [Windows Update | 10/13/2016 21:53:48]
Deleted : RP #666 [Restore Point Created by FRST | 10/13/2016 22:09:25]
Deleted : RP #667 [JRT Pre-Junkware Removal | 10/13/2016 22:22:52]
Deleted : RP #669 [Restore Point Created by FRST | 10/16/2016 20:16:57]
New restore point created !
########## - EOF - ##########
Thanks again!
|
|
