Still Seem to have malware

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by briguyz71, Oct 28, 2014.

  1. briguyz71

    briguyz71 Private E-2

    Hello,
    Thank you in advance for any assistance.
    I have completed the malware cleaning and still have some popups and programs like pc speedboost, speedguard showing up. Hopefully I have run everything as instructed. I did run rogue killer but did not get a rkrepot, please let me know what to do to remedy this?
    Thanks
    Bri
     

    Attached Files:

  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Do you have the log from RogueKiller please?

    Uninstall the below with Revo Uninstaller.

    • PCSpeedBoost 1.0.5
    • WSE_Astromenda

    Re run Hitman Pro and have it remove all that it finds.

    Run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.

    Let me know of any problems you may have encountered with the above instructions and also let me know how things are running!
     
  3. briguyz71

    briguyz71 Private E-2

    I did not get a report from RogueKiller on my desktop. Is there another place that it may have been stored?
    Thank!
    Brian
     
  4. briguyz71

    briguyz71 Private E-2

    Attached MGlogs.zip
     

    Attached Files:

  5. briguyz71

    briguyz71 Private E-2

    Things are running better, however noticed Microsoft mail is a little quirky, doesn't delete emails when told and is finally letting emails come through. Is this something that I should be concerned with?
    Thanks,
    Brian
     
  6. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    If you did not get a report from RogueKiller, just run it again and attach the next log.
     
  7. briguyz71

    briguyz71 Private E-2

    roguekiller
     

    Attached Files:

  8. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member


    Search App by Ask
    <<< Uninstall this garbage.



    [​IMG] Fix items using RogueKiller.

    Double-click RogueKiller.exe to run. (Vista/7/8 right-click and select Run as Administrator)
    When it opens, press the Scan button
    Now click the Registry tab and locate these detections:

    • [Suspicious.Path] Digital Sites.job -- C:\Users\JAMIEH~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE (/Check) -> Found
    • [Suspicious.Path] \\Digital Sites -- C:\Users\JAMIEH~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE (/Check) -> Found

    Place a checkmark next to each of these items, leave the others unchecked.
    Now press the Delete button.

    ...and the same for this entry on the Tasks tab please...

    • [PUM.HomePage][FIREFX:Config] 5iph6wel.default : user_pref("browser.startup.homepage", "http://astromenda.com

    When it is finished, there will be a log on your desktop called: RKreport[2].txt
    Attach RKreport[2].txt to your next message. (How to attach)
    Reboot the machine.




    Delete all you can from inside of this folder:

    • C:\Users\Jamie Hester\AppData\Local\Temp



    Also delete this file:
    • C:\WINDOWS\tasks\Digital Sites.job

    And this folder:

    • C:\Users\JAMIEH~1\AppData\Roaming\DIGITA~1




    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.



    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.


    Re run RogueKiller and attach log.
    Same for Hitman.


    Run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.

    Let me know of any problems you may have encountered with the above instructions and also let me know how things are running!
     
  9. briguyz71

    briguyz71 Private E-2

    rogue
    Working on the rest
     
  10. briguyz71

    briguyz71 Private E-2

    rogue killer report says that it uploaded but don't see it.
     
  11. briguyz71

    briguyz71 Private E-2

    Be sure the "Save as" type is set to "all files"
    I don't seem to have this option on my comp, is there another type.
    Thanks,
    Brian
     
  12. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    You have to use the drop down arrow (click attached screenshot for more detail)
     

    Attached Files:

  13. briguyz71

    briguyz71 Private E-2

    I don't have that option available.

    Rich Text Format (RTF) (*.rtf)
    Open Office XML Document (*.docx)
    OpedDocument Text (*.odt)
    Text Document (*.txt)
    Text Document - MS-DOS Format (*.txt)
    Unicode Text Document (*.txt)

    These are the only ones that come up, is there a way to activate the one I need?
    Thanks,
    Bri
     
  14. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Are you trying to attach an old log by any chance? Try running it afresh please and try attaching the LATEST log. You attached one just fine to begin with so I think you're trying to attach same one.
     
  15. briguyz71

    briguyz71 Private E-2

    Sorry for taking so long. I feel like we have been reinfested.
    This is the most recent Rogue Killer. Please see attached.
     

    Attached Files:

  16. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Yes, it's been about 2 weeks since you came to me. We need to start speeding things up whilst fixing, keep things moving at a sensible pace.

    You are indeed. You need to run all the tools from scratch (apart from RogueKiller) and attach all of those logs too please.
     
  17. briguyz71

    briguyz71 Private E-2

  18. briguyz71

    briguyz71 Private E-2

    first few done
     

    Attached Files:

  19. briguyz71

    briguyz71 Private E-2

    Question:
    The Hitman log says that it is too large to upload is there a remedy for this?
    Thanks,
    Brian
     
  20. briguyz71

    briguyz71 Private E-2

    mgtools
     

    Attached Files:

  21. briguyz71

    briguyz71 Private E-2

    Very sorry for this, my son has had some health issues that have kept me away. I know you guys are super busy and I appreciate your help so far.
    Thanks!
    Bri
     
  22. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    You could break it up into two, or you could zip it up.


    I'm sorry to hear this Bri. As soon as you have attached the Hitman logs I will be able to start the fix. If I don't post back tonight (it's 1.30am for me now) it will be in the morning. :)

    Most welcome!
     
  23. briguyz71

    briguyz71 Private E-2

    hitman compressed (I should have thought of that)...
     

    Attached Files:

  24. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Okay Bri,

    Uninstall the below using Revo Uninstaller.

    • less2pay
    • Optimizer Pro v3.2
    • Search App by Ask


    Re run Malware Bytes and have it fix all it finds. Then attach the log for me. Once done rescan yet AGAIN and attach that log too even if it finds nothing.

    There's alot to remove with Hitman and the trial has not yet expired. Take advantage of that and have it remove all that it finds too.
    Then rescan again and attach that log too even if it finds nothing next time.


    If you are NOT deliberately set up to use a proxy, please include the proxy lines in the fix below, otherwise, don't.



    [​IMG] Fix items using RogueKiller.

    Double-click RogueKiller.exe to run. (Vista/7/8 right-click and select Run as Administrator)
    When it opens, press the Scan button
    Now click the Registry tab and locate these detections:

    • [PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} -> Found
    • [PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} -> Found
    • [PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{EBFCF40E-A87B-463F-A782-55BDD4160B5E} -> Found
    • [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} -> Found
    • [PUP] (X64) HKEY_USERS\S-1-5-21-3726680479-2156254675-3700502520-1006\Software\Microsoft\Windows\CurrentVersion\Run | Optimizer Pro : C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe -> Found
    • [PUP] (X64) HKEY_USERS\S-1-5-21-3726680479-2156254675-3700502520-1006\Software\Microsoft\Windows\CurrentVersion\Run | LiveSupport : "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log -> Found
    • [Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3726680479-2156254675-3700502520-1006\Software\Microsoft\Windows\CurrentVersion\Run | GenieoUpdaterService : "C:\Users\Jamie Hester\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe" -wait 5 -> Found
    • [Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3726680479-2156254675-3700502520-1006\Software\Microsoft\Windows\CurrentVersion\Run | GenieoSystemTray : "C:\Users\Jamie Hester\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe" -> Found
    • [PUP] (X86) HKEY_USERS\S-1-5-21-3726680479-2156254675-3700502520-1006\Software\Microsoft\Windows\CurrentVersion\Run | Optimizer Pro : C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe -> Found
    • [PUP] (X86) HKEY_USERS\S-1-5-21-3726680479-2156254675-3700502520-1006\Software\Microsoft\Windows\CurrentVersion\Run | LiveSupport : "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log -> Found
    • [Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3726680479-2156254675-3700502520-1006\Software\Microsoft\Windows\CurrentVersion\Run | GenieoUpdaterService : "C:\Users\Jamie Hester\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe" -wait 5 -> Found
    • [Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3726680479-2156254675-3700502520-1006\Software\Microsoft\Windows\CurrentVersion\Run | GenieoSystemTray : "C:\Users\Jamie Hester\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe" -> Found
    • [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\70e6ca8c ("C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll",ENT) -> Found
    • [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CltMngSvc (C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe) -> Found
    • [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Wajam Internet Enhancer Service (C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe) -> Found
    • [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\70e6ca8c ("C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll",ENT) -> Found
    • [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CltMngSvc (C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe) -> Found
    • [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wajam Internet Enhancer Service (C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe) -> Found
    • [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
    • [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
    • [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
    • [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
    • [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:64655;https=127.0.0.1:64655 -> Found
    • [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:64655;https=127.0.0.1:64655 -> Found
    • [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:64655;https=127.0.0.1:64655 -> Found
    • [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:64655;https=127.0.0.1:64655 -> Found
    • [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3726680479-2156254675-3700502520-1006\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.trovi.com/?gd=&ctid=CT33...=SP0DF12B47-DD42-40AC-B1C7-76F8B60348C8&SSPV= -> Found
    • [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3726680479-2156254675-3700502520-1006\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.trovi.com/?gd=&ctid=CT33...=SP0DF12B47-DD42-40AC-B1C7-76F8B60348C8&SSPV= -> Found
    • [Suspicious.Path] ArcadeParlor.job -- C:\Users\Jamie Hester\AppData\Local\ArcadeParlor\versioncheck.exe -> Found
    • [Suspicious.Path] \\ArcadeParlor -- C:\Users\Jamie Hester\AppData\Local\ArcadeParlor\versioncheck.exe -> Found
    • [Suspicious.Path] \\Digital Sites -- C:\Users\JAMIEH~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE (/Check) -> Found
    Place a checkmark next to each of these items, leave the others unchecked.
    Now press the Delete button.
    When it is finished, there will be a log on your desktop called: RKreport[2].txt
    Attach RKreport[2].txt to your next message. (How to attach)
    Reboot the machine.




    Download and run OTM.

    Download OTM by Old Timer and save it to your Desktop.

    • Right-click OTM.exe And select " Run as administrator " to run it.
    • Paste the following code under the [​IMG] area. Do not include the word Code.
    Code:
    :Files
    C:\Users\Jamie Hester\AppData\Roaming\LiveSupport.exe_log.txt
    C:\Users\Jamie Hester\AppData\Roaming\regsvr32.exe_log.txt
    C:\Program Files (x86)\Optimizer Pro
    C:\Users\Jamie Hester\AppData\Roaming\Genieo
    C:\Program Files (x86)\SearchProtect
    C:\Program Files (x86)\Wajam
    C:\Users\Jamie Hester\AppData\Local\ArcadeParlor
    C:\Users\JAMIEH~1\AppData\Roaming\DIGITA~1
    C:\ProgramData\7687879ade5327f2
    C:\ProgramData\BoostSoftware
    C:\ProgramData\Fighters10119
    C:\ProgramData\less2pay
    C:\ProgramData\SuperManCoupon
    C:\Program Files (x86)\Fighters10119
    C:\Program Files (x86)\SearchProtect
    :Commands
    [emptytemp]
    [Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large [​IMG] button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it into a text file to ATTACH into your next reply.

    NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and attach the contents of that document back here in your next post.



    Please download AdwCleaner by Xplode and save to your Desktop.

    • Double click on AdwCleaner.exe to run the tool.
    • Vista/Windows 7/8 users right-click and select Run As Administrator
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
    • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
    • Attach the logfile to your next next reply.
    • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.



    • Run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.
    • Let me know of any problems you may have encountered with the above instructions and also let me know how things are running!
      [*]
     
  25. briguyz71

    briguyz71 Private E-2

    malware logs
     

    Attached Files:

  26. briguyz71

    briguyz71 Private E-2

    Hitman logs
     

    Attached Files:

  27. briguyz71

    briguyz71 Private E-2

    rkreport
     

    Attached Files:

  28. briguyz71

    briguyz71 Private E-2

    OTM log
     

    Attached Files:

  29. briguyz71

    briguyz71 Private E-2

    adwcleaner
     

    Attached Files:

  30. briguyz71

    briguyz71 Private E-2

    mgtools
     

    Attached Files:

  31. briguyz71

    briguyz71 Private E-2

    Computer is running better.
    - Still see some shortcuts on the desktop for Slow pc fighter and Genieo that I think can be deleted. I also have fighter 10119 in the app folder that seems to be related to slow pc fighter.
    - Popups have seemed to have stopped.
    - I did not ever run JRT from your previous post, should I delete it or will we need to run that at some point?
     
  32. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Re run Adwcleaner but take care to ONLY have it fix these entries:


    Yes, run JRT and attach log too!

    Re run RogueKiller (just a scan) and attach log please.
     
  33. briguyz71

    briguyz71 Private E-2

    jrt log and rogue killer log.
     

    Attached Files:

  34. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    These still there?

    Are you deliberately set up to use a proxy?
     
  35. briguyz71

    briguyz71 Private E-2

    I'm not sure what a proxy is so I'm going to have to say that it is not deliberate.
    I still see the pc fighter and parts of genieo.
     
  36. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Hi Bri

    SLOW-PCfighter 10119
    <<< Uninstall with Revo, my apologies, I'd missed that one.



    • Right-click OTM.exe And select " Run as administrator " to run it.
    • Paste the following code under the [​IMG] area. Do not include the word Code.
    Code:
    :Files
    C:\ProgramData\Fighters10119
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters
    C:\Users\Jamie Hester\Desktop\Genieo.lnk
    
    :Reg
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2DF857C6-1ACF-4FFF-B973-6E6F04A1CF5C}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{7B7D5791-5D30-4FF3-B5AE-3616E136E46B}]
    
    :Commands
    [emptytemp]
    [Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large [​IMG] button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it into a text file to ATTACH into your next reply.

    NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and attach the contents of that document back here in your next post.




    [​IMG] Fix items using RogueKiller.

    Double-click RogueKiller.exe to run. (Vista/7/8 right-click and select Run as Administrator)
    When it opens, press the Scan button
    Now click the Registry tab and locate these detections:

    • [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
    • [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
    • [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
    • [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
    • [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:64655;https=127.0.0.1:64655 -> Found
    • [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:64655;https=127.0.0.1:64655 -> Found
    • [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:64655;https=127.0.0.1:64655 -> Found
    • [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:64655;https=127.0.0.1:64655 -> Found

    Place a checkmark next to each of these items, leave the others unchecked.
    Now press the Delete button.
    When it is finished, there will be a log on your desktop called: RKreport[2].txt
    Attach RKreport[2].txt to your next message. (How to attach)
    Reboot the machine.


    Now re run JRT and attach log.
    Re run RogueKiller and attach log.

    Run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.
    Let me know of any problems you may have encountered with the above instructions and also let me know how things are running!
     
  37. briguyz71

    briguyz71 Private E-2

    otm and rogue
     

    Attached Files:

  38. briguyz71

    briguyz71 Private E-2

    jrt and rogue 2nd
     

    Attached Files:

  39. briguyz71

    briguyz71 Private E-2

    mglogs
     

    Attached Files:

  40. briguyz71

    briguyz71 Private E-2

    Slow pc fighter was not on the list revo list, so I deleted it from the control panel (hopefully that was ok).
    I still see the proxy stuff on RK, not sure that is being deleted when I his delete. It seems that something comes up with an error. I should have jotted it down, but thought it would show on report.
    PC is running ok, just a bit hesitant on some things.
     
  41. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    I am consulting with collagues regarding that proxy.
     
  42. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Yes I told you to uninstall it (meaning thru control panel)

    Okay, run this please...


    Scanning with DDS


    Then attach the DDS.txt
     
  43. briguyz71

    briguyz71 Private E-2

    dds logs
     

    Attached Files:

  44. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Good morning.

    Uninstall this:

    • Genieo


    Delete this:
    • C:\Program Files (x86)\less2pay


    We are going to be uninstalling your old version of FireFox (With Revo Uninstaller) and installing the new version. So do the below to save bookmarks:

    • Run FireFox and click Bookmarks.
    • Then select Organize Bookmarks.
    • Then on the next window click File and then select Export. Save the bookmarks.html file to your Desktop for later use in importing.
    Now download and save the installer for the current version of FireFox but DO NOT install it yet. Get it here: Mozilla FireFox

    You will need exit FireFox now and use Internet Explorer to continue with the below until we reinstall FireFox.

    Start by uninstalling FireFox and then reboot. Do not skip the reboot.
    After reboot, delete the below folders:
    • C:\Program Files (x86)\Mozilla Firefox
    • C:\users\UserAccount\AppData\Roaming\Mozilla\Firefox

    where UserAccount is the actual user account name being used.


    Now rescan with RogueKiller please and attach log. Do NOT reinstall Firefox yet!!!
     
  45. briguyz71

    briguyz71 Private E-2

    rkreport
     

    Attached Files:

  46. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Download Windows Repair by Tweaking.com and unzip the contents into a newly created folder on your desktop.
    • Now run Repair_Windows.exe by double clicking on it ( if you are running Vista or Win 7, use right click and select Run As Administrator)
    • Now select the Start Repairs tab.
    • The click the Start button.
    • Create a System Restore point if prompted.
    • On the next screen, click the Unselect All button to first deselect all repairs.
    • Now select the following repair options:
      • Reset Registry Permissions
      • Reset File Permissions
      • Register System Files
      • Repair WMI
      • Repair Windows Firewall
      • Remove Policies Set By Infections
      • Repair Winsock & DNS Cache
      • Repair Proxy Settings
      • Repair Windows Updates
      • Set Windows Services To Default Startup
    • Now on the lower right side check the box to Restart/Shutdown System When Finished
    • Then make sure the Restart System radio button is enabled.
    • Shutdown any other programs that you are running now before continuing.
    • Now click the Start button.
    • Be patient while the tool repairs the selected items.
    • It should reboot automatically when finished.

    After reboot, rescan with RogueKiller and have it fix the proxy entries. Afterwards, reboot and rescan yet again with RogueKiller and attach log.
     
  47. briguyz71

    briguyz71 Private E-2

    Kestrel,
    I have a question, could the proxy server stuff be a result of software my wife uses for her work? I am not familiar with a proxy, however she does use this laptop to access her work stuff that requires logging with some type software. If that is the case we might be ok.
    Thanks!
    Brian
     
  48. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    You ought to ask her and let me know! :)
     
  49. briguyz71

    briguyz71 Private E-2

    She's not sure. Ill have to do a little investigating to see if I can trace back from her company software. The computer seems to be running ok. Is there anything else coming up on the reports I posted?
    Thanks,
    Brian
     
  50. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Please do! We have a few threads lately where proxy servers are not deliberately set up, and they are difficult to try and remove. So knowing this is very important.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds