|
Post by cobra67 on Oct 23, 2014 19:16:44 GMT -8
ESET has completed. Here is the log info:
C:\AdwCleaner\Quarantine\C\Program Files\ScorpionSaver Services\AdpeakProxy64.dll.vir Win64/Adware.Adpeak.A application C:\AdwCleaner\Quarantine\C\Program Files\ScorpionSaver Services\Installbat.dll.vir Win32/AdWare.Adpeak.K application C:\AdwCleaner\Quarantine\C\Program Files\ScorpionSaver Services\Installbat64.dll.vir Win64/Adware.Adpeak.A application C:\AdwCleaner\Quarantine\C\Windows\System32\AdpeakProxy64.dll.vir Win64/Adware.Adpeak.A application C:\Users\Nancy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\507a4478-138356f5 a variant of Java/Exploit.Agent.PNF trojan C:\Users\Nancy\Downloads\Updater_Setup(1).exe a variant of Win32/AdWare.iBryte.J.gen application C:\Users\Nancy\Downloads\Updater_Setup.exe a variant of Win32/AdWare.iBryte.J.gen application
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 23, 2014 19:43:44 GMT -8
You may want to read carefully all of this message first before starting the steps.
NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Download the script attached, needs to be the same file name as well (fixlist.txt), have it on the Desktop, so that fixlist.txt is next to FRST64.exe,
DO NOT DRAG AND DROP to download the script, it won't work for FRST (Right click on the attachment link (not the normal left click) and from the menu choose Save As or Save Link as.)
The script tells FRST what to do.
Start FRST that is on the desktop When the tool opens click Yes to disclaimer. (if it still does)
Press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) please post it to your reply (attach or paste)
Quads
|
|
|
Post by cobra67 on Oct 24, 2014 5:00:03 GMT -8
Here is the new Fixlog.txt:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-10-2014 Ran by Nancy at 2014-10-24 07:58:50 Run:4 Running from C:\Users\Nancy\Desktop Loaded Profile: Nancy (Available profiles: Nancy) Boot Mode: Normal ==============================================
Content of fixlist: ***************** start C:\Users\Nancy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\507a4478-138356f5 C:\Users\Nancy\Downloads\Updater_Setup(1).exe C:\Users\Nancy\Downloads\Updater_Setup.exe 2014-10-22 19:09 - 2014-10-22 19:09 - 00281088 _____ (QwertyLab) C:\Users\Nancy\Desktop\runassystem.exe 2014-10-20 09:11 - 2014-10-20 09:11 - 01399872 _____ (PC Pitstop LLC ) C:\Users\Nancy\Downloads\pcmatic-setup-1067.exe 2014-10-20 09:09 - 2014-10-20 09:09 - 00955776 _____ (PC Pitstop LLC ) C:\Users\Nancy\Downloads\pcmatic-setup.exe end *****************
C:\Users\Nancy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\507a4478-138356f5 => Moved successfully. C:\Users\Nancy\Downloads\Updater_Setup(1).exe => Moved successfully. C:\Users\Nancy\Downloads\Updater_Setup.exe => Moved successfully. C:\Users\Nancy\Desktop\runassystem.exe => Moved successfully. C:\Users\Nancy\Downloads\pcmatic-setup-1067.exe => Moved successfully. C:\Users\Nancy\Downloads\pcmatic-setup.exe => Moved successfully.
==== End of Fixlog ====
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 24, 2014 13:37:41 GMT -8
Uninstall ESET Online Scanner THEN Tools and Quarantines we used to be removed Please download DelFix by Xplode to your Desktop. toolslib.net/downloads/viewdownload/2-delfix/Double-click to run the program; Note: Windows Vista/7/8 users right-click and choose Run as administrator Make sure the Remove Disinfection tools is ticked / selected in the list Click RUNA log will be opened after the operation is finished Copy and Paste it in your next reply Quads
|
|
|
Post by cobra67 on Oct 24, 2014 19:35:33 GMT -8
Here is the Delfix log:
# DelFix v10.8 - Logfile created 24/10/2014 at 22:34:44 # Updated 29/07/2014 by Xplode # Username : Nancy - NANCY-HP # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
~ Removing disinfection tools ...
Deleted : C:\FRST Deleted : C:\AdwCleaner Deleted : C:\Users\Nancy\Desktop\AdwCleaner.exe Deleted : C:\Users\Nancy\Desktop\esetsmartinstaller_enu.exe Deleted : HKLM\SOFTWARE\AdwCleaner
########## - EOF - ##########
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 24, 2014 19:43:50 GMT -8
You are free to go on your merry way. You are now fixed / Solved.
Quads
|
|
|
Post by cobra67 on Oct 24, 2014 21:05:12 GMT -8
I can't thank you enough. Thanks for your patience and all your hard work!!!
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 24, 2014 21:18:29 GMT -8
You just had more sub steps due to what else was on your system and where, and the fact Poweliks would not move.
Step 1 Find (find what is on the system and possible Windows changes) Step 2 Break (break apart the malware (including PUP's and possibly repair any changes to Windows) Step 3 Destroy (take all malware and PUP items found so that they are now dead (in pieces) and repair or Reset changes done to Windows Step 4 Full System scan for any little file and cleanup of tools used
Due to what was on your system and what areas involved, you had like a Step 1, 1a, 2, 2a, 2b, 2c, 3 (in between the 2 steps) and step 4.
Quads
|
|
|
Post by cobra67 on Oct 25, 2014 6:07:55 GMT -8
Quads,
I know that you are very busy helping others and so if you cannot respond I understand.
I was wondering if there is anything I can put on my PC along with my Norton Internet Security that would protect my PC from getting infected in the future.
Thanks again!
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 25, 2014 14:55:22 GMT -8
There are Malware and then there is MALWARE.
Someetimes it is more about the PC user having smarts so that whe they get a message, email, download, video etc from someone, or a webpage, the user thinks and says, hmmmmmmm something does not look right no way am I going to that page or looking at that link or file.
I have also heard about kids or some adults turning off the AV / Firewall to get to a gaming site or server, which is not really a good idea, maybe the site or server is blocked or a reason.
Try and make sure the AV gets all the updates as soon as you connect to the net first so that the AV is using the latest definitions before you are going around the internet, checking emails etc.
Also make sure the likes of Adobe products (Flash Player etc.) and Java are up to date due to any exploits found and the update fixes that.
Quads
|
|