Author Topic: [resolved] new to me computer, tons of spyware  (Read 3863 times)

Offline mommyto3furballs

  • Bronze Member
  • Posts: 190
Re: [In Progress] new to me computer, tons of spyware
« Reply #15 on: November 16, 2015, 09:02:48 PM »
Silly me re-read the instructions an hour later and figured it out. I think it accidently ran twice according to the log. Also ran the eset scan and nothing showed up. Found the log but it was dated on Friday. No log from today. Btw, it took 2 1/2 hours to run the eset scan. Kept getting stuck on Wild Tangent stuff.  Enclosed is both logs.

Fix result of Farbar Recovery Scan Tool (x64) Version:16-11-2015
Ran by loki (2015-11-16 19:09:56) Run:2
Running from C:\Users\loki\Desktop
Loaded Profiles: loki (Available Profiles: loki)
Boot Mode: Normal
==============================================

fixlist content:
*****************

start
close processes:
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => No File
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => No
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
earchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword{searchTerms}
Task: {8C5B5CA5-936C-4140-BB11-E0FD6B5E6B48} - System32\Tasks\Secure Fast PC Autorun => C:\Program Files (x86)\Developerts LLC\Secure Fast PC\Secure Fast PC.exe <==== ATTENTION
Task: {F47033AD-8888-4D17-8FDC-EA426806957D} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {FD5CDE39-E80A-4693-A245-7948B99E62F2} - \bvxvdxvx -> No File <==== ATTENTION
SearchScopes: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms)
u3 McAPExe; no ImagePath
U3 McMPFSvc; no ImagePath
U3 McNaiAnn; no ImagePath
U3 mcpltsvc; no ImagePath
U3 McProxy; no ImagePath
U3 mfecore; no ImagePath
U3 MSK80Service; no ImagePath
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\1001movie.com -> 1001movie.com
HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\StartupApproved\Run: => "uTorrent"
FirewallRules: [{BA9E2A44-BA93-4A43-99D6-DA2EA9F14154}] => (Allow) C:\Users\loki\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7CD74EA0-5FC4-4FF4-9E2D-514C5C09501C}] => (Allow) C:\Users\loki\AppData\Roaming\uTorrent\uTorrent.exe
Empty temp:
end


*****************

Processes closed successfully.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll" => Value data not found.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll" => Value data not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
earchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} => Error: No automatic fix found for this entry.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C5B5CA5-936C-4140-BB11-E0FD6B5E6B48} => key not found.
C:\Windows\System32\Tasks\Secure Fast PC Autorun => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Secure Fast PC Autorun => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F47033AD-8888-4D17-8FDC-EA426806957D} => key not found.
C:\Windows\System32\Tasks\LaunchSignup => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FD5CDE39-E80A-4693-A245-7948B99E62F2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD5CDE39-E80A-4693-A245-7948B99E62F2}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvxvdxvx => key not found.
HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
McAPExe => service removed successfully
McMPFSvc => service removed successfully
McNaiAnn => service removed successfully
mcpltsvc => service removed successfully
McProxy => service removed successfully
mfecore => service removed successfully
MSK80Service => service removed successfully
"HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008i.com" => key removed successfully
"HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008k.com" => key removed successfully
"HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\00hq.com" => key removed successfully
"HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\0190-dialers.com" => key removed successfully
"HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\01i.info" => key removed successfully
"HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\02pmnzy5eo29bfk4.com" => key removed successfully
"HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\0411dd.com" => key removed successfully
"HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\0511zfhl.com" => key removed successfully
"HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\05p.com" => key removed successfully
"HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\0632qyw.com" => key removed successfully
"HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\07ic5do2myz3vzpk.com" => key removed successfully
"HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\08nigbmwk43i01y6.com" => key removed successfully
"HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\093qpeuqpmz6ebfa.com" => key removed successfully
"HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\0calories.net" => key removed successfully
"HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\0cj.net" => key removed successfully
"HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\0scan.com" => key removed successfully
"HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1-britney-spears-nude.com" => key removed successfully
"HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1-domains-registrations.com" => key removed successfully
"HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1-se.com" => key removed successfully
"HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1001movie.com" => key removed successfully
HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\Software\Microsoft\Windows\CurrentVersion\Run\\HKU\S-1-5-21-2243256156-3552192332-2390129894-1002\...\StartupApproved\Run: => "uTorrent" => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BA9E2A44-BA93-4A43-99D6-DA2EA9F14154} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7CD74EA0-5FC4-4FF4-9E2D-514C5C09501C} => value removed successfully
EmptyTemp: => 45.8 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 19:10:05 ====

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
Update Init
Update Download
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16384 (winblue_rtm.130821-1623)
# EOSSerial=9f5d3d5d51faa34da1926828fb54f4d0
# end=init
# utc_time=2015-11-13 08:37:33
# local_time=2015-11-13 03:37:33 (-0500, Eastern Standard Time)
# country="Canada"
# osver=6.3.9600 NT
Update Init
Update Download
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16384 (winblue_rtm.130821-1623)
# EOSSerial=9f5d3d5d51faa34da1926828fb54f4d0
# end=init
# utc_time=2015-11-13 08:38:57
# local_time=2015-11-13 03:38:57 (-0500, Eastern Standard Time)
# country="Canada"
# osver=6.3.9600 NT
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=36881
Update Finalize
Updated modules version: 0
Old modules - leave modules
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=36881
Update Finalize
Updated modules version: 0
Old modules - leave modules
Update Init
Update Download
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16384 (winblue_rtm.130821-1623)
# EOSSerial=9f5d3d5d51faa34da1926828fb54f4d0
# end=init
# utc_time=2015-11-13 08:43:41
# local_time=2015-11-13 03:43:41 (-0500, Eastern Standard Time)
# country="Canada"
# osver=6.3.9600 NT
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=36881
Update Finalize
Updated modules version: 0
Old modules - delete modules
Update Init
Update Download
Update Finalize
Updated modules version: 26716
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16384 (winblue_rtm.130821-1623)
# EOSSerial=9f5d3d5d51faa34da1926828fb54f4d0
# end=updated
# utc_time=2015-11-13 08:49:44
# local_time=2015-11-13 03:49:44 (-0500, Eastern Standard Time)
# country="Canada"
# osver=6.3.9600 NT
Update Finalize
Updated modules version: 26716
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16384 (winblue_rtm.130821-1623)
# EOSSerial=9f5d3d5d51faa34da1926828fb54f4d0
# end=restart
# utc_time=2015-11-13 10:03:24
# local_time=2015-11-13 05:03:24 (-0500, Eastern Standard Time)
# country="Canada"
# osver=6.3.9600 NT
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 88 0 0 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 3635560 37670123 0 0
# scanned=61928
# found=13
# cleaned=0
# scan_time=4420
sh=88A13C3B5665A93811F369BFA4CA453242D07AE8 ft=1 fh=2a999439b6cfddac vn="a variant of MSIL/Rebrand.LittleRegClean.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\Developerts LLC\Secure Fast PC\Secure Fast PC.exe"
sh=DE846D9CA8767DDDE3AD22DC9F023045E2E0BE3A ft=1 fh=6f43bf8c76af040e vn="a variant of MSIL/Rebrand.LittleRegClean.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\Developerts LLC\Secure Fast PC\SFCAutoScan.exe"
sh=70067D9489C462E66B75778D6155F4D73D9066FA ft=1 fh=b1e62f34d9e7fdb2 vn="a variant of MSIL/RunElevated.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\MyPC Backup\Configuration Updater.exe"
sh=F6D9C991AFDEE82B8DA37D323D2488F209BFD69D ft=1 fh=265b7a20f3da4a76 vn="a variant of Win32/MyPCBackup.D potentially unwanted application" ac=I fn="C:\Program Files (x86)\MyPC Backup\MPCBClient.dll"
sh=1F1219B5D0E5390AABB26591EE218CAC23C7A1DE ft=1 fh=c7a5bcf4525c4d2b vn="a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application" ac=I fn="C:\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll"
sh=E6BF88B3390FEA12DB1F6F150800B531FEDADB01 ft=1 fh=4a10605500753c35 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\Program Files (x86)\SearchProtect\Main\bin\sptool.dll_1429892451805"
sh=6E826493D60C3917BABB3D95B0AA367E8991712A ft=1 fh=0341a279d70a75aa vn="a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application" ac=I fn="C:\Program Files (x86)\SearchProtect\Main\bin\sptool.dll_1442889969278"
sh=9106F6793EB73B7A1353EF8363E51FA952DC0992 ft=1 fh=8cf4306398b9af55 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe"
sh=73D69D0129EFB262DFC1F1657B25A0252B78D08D ft=1 fh=d758fe186604a10b vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.pun"
sh=3BA87190888CD6FEB2C796937FE768AA091E2C7A ft=1 fh=1177f4fe36f7e683 vn="a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application" ac=I fn="C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe"
sh=46D1D669D1DFF4567EBC9196E8B789D70D6580CE ft=1 fh=e359fcec13f7897d vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\SearchProtect\SearchProtect\bin\RN32.dll"
sh=ED6218C5B515CB77A337B35500236C6BBB344DA2 ft=1 fh=dcb0c0eca0a85b22 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPtool64.exe"
sh=F6E76D0AC17D999BCBEB357247D51044EBB3BC14 ft=1 fh=7ab1f43040692091 vn="a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application" ac=I fn="C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe"
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16384 (winblue_rtm.130821-1623)
# EOSSerial=9f5d3d5d51faa34da1926828fb54f4d0
# end=init
# utc_time=2015-11-13 11:27:08
# local_time=2015-11-13 06:27:08 (-0500, Eastern Standard Time)
# country="Canada"
# osver=6.3.9600 NT
Update Init
Update Download
Update Finalize
Updated modules version: 26719
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16384 (winblue_rtm.130821-1623)
# EOSSerial=9f5d3d5d51faa34da1926828fb54f4d0
# end=updated
# utc_time=2015-11-13 11:28:11
# local_time=2015-11-13 06:28:11 (-0500, Eastern Standard Time)
# country="Canada"
# osver=6.3.9600 NT
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16384 (winblue_rtm.130821-1623)
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=9f5d3d5d51faa34da1926828fb54f4d0
# engine=26719
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-11-14 02:06:48
# local_time=2015-11-13 09:06:48 (-0500, Eastern Standard Time)
# country="Canada"
# lang=1033
# osver=6.3.9600 NT
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 88 0 8594 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 3650164 37684727 0 0
# scanned=237557
# found=0
# cleaned=0
# scan_time=9517
Update Init
Update Download
Update Finalize
Updated modules version: 26755



Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 443
Re: [In Progress] new to me computer, tons of spyware
« Reply #16 on: November 17, 2015, 02:26:00 PM »


  Hello mummyto3furballs,


   
Quote
Silly me re-read the instructions an hour later and figured it out.
   Well done ! my instructions need to be improved.
   
   The Eset log (As you advised) was run on Friday, we need to run it again but this time in the
   (Fix) deletion mode with revised advice.
    Yes it does take a long time to run because it is exacting & particularly thorough, a very good scanner.
    The Wild Tangent game does appear to be controversial as discussed HERE
    It would be advisable to uninstall it with a specialist tool, if you wanted it removed.

   


We still need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:


Run Eset Online Scanner

**Note**
You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin.

(To run ESET Online Scanner in a browser other than Internet Explorer, you'll need to download ESET SMART  Installer during the process)

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
       
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
Click Start

   
  • When asked, allow the add/on to be installed
Click Start

   
  • Make sure that the option "Remove found threats"  is Ticked
       
  • Click on Advanced Settings, ensure the following options are checked:
Scan for potentially unsafe applications
Enable Anti-Stealth Technology


Click Scan

   
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish. It may take several hours.
When the scan is complete

   
  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found
If threats were found

   
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
close program

Copy & paste report in next reply please.

platypuss




Offline mommyto3furballs

  • Bronze Member
  • Posts: 190
Re: [In Progress] new to me computer, tons of spyware
« Reply #17 on: November 17, 2015, 02:39:03 PM »
 yes hubby and i would like wild tangent removed. i'll start the virus scanner again and post results when i get done.

Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 443
Re: [In Progress] new to me computer, tons of spyware
« Reply #18 on: November 17, 2015, 02:59:44 PM »

 Thank you. We will remove Wild Tangent after you are established "Clean"
platypuss

Offline mommyto3furballs

  • Bronze Member
  • Posts: 190
Re: [In Progress] new to me computer, tons of spyware
« Reply #19 on: November 17, 2015, 05:25:20 PM »
scan completed and only this log came up. but I did take a screenshot that everything was clean

Update Init
Update Download
Update Finalize
Updated modules version: 26770

Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 443
Re: [In Progress] new to me computer, tons of spyware
« Reply #20 on: November 19, 2015, 11:56:17 AM »

 
  Hello Mummyto3furballs,

 Providing, as you say, that Eset finished the scan & reported "no fault found", the computer is now free of malware.
 It would now be prudent to create a System Restore point before carrying out the uninstallation of Wild Tangent.

Create a System Restore point in Windows 8

Please go HERE & follow the written instructions.

>>>>>>>>>>>>>>>>


Please download and install Revo Uninstaller Free[http://www.revouninstaller.com/start_freeware_download.html]
This is a powerful tool, please be sure to follow the instructions carefully any problems Stop & Askl please
  • Double click Revo Uninstaller to run it.
         
  • From the next window portraying the list of your installed programs, select Wild Tangent
         
  • When prompted if you want to uninstall this program, click Yes.
         
  • Ensure the Moderate option is selected in the"select an Uninstall Mode"window  then click Next.
         
  • The program will then run, If prompted again regarding removal click Yes
         
  • When the original  built-in uninstaller is finished click on Next.
         
  • Once the Revo program has searched for leftovers....(be patient here ! ) click Next.
         
  • Check / tick the Wild Tangent bolded items Only, then click DELETE
         
  • When prompted click on Yes and then on next.
         
  • Next put a check on any Wild Tangent folders that are found and select delete
  • When prompted select yes then on next
         
  • Once done click Finish
         
Let me know how it went & how the Laptop is running now please.

      platypuss


Offline mommyto3furballs

  • Bronze Member
  • Posts: 190
Re: [In Progress] new to me computer, tons of spyware
« Reply #21 on: November 19, 2015, 03:26:39 PM »
Hi Platypuss. I followed your directions for the wild tangent removal. That's completed. I also re-completed an eset online scan just for our piece of mind (it didn't take anywhere near 2 1/2 hours only about an hour and a half or so). This time the log showed up so I've included it with this posting. Computer running pretty well but does need to be defragged it seems which i'm going to do tonight.

Update Init
Update Download
Update Finalize
Updated modules version: 26770
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16384 (winblue_rtm.130821-1623)
# EOSSerial=9f5d3d5d51faa34da1926828fb54f4d0
# end=init
# utc_time=2015-11-19 07:40:51
# local_time=2015-11-19 02:40:51 (-0500, Eastern Standard Time)
# country="Canada"
# osver=6.3.9600 NT
Update Init
Update Download
Update Finalize
Updated modules version: 26806
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16384 (winblue_rtm.130821-1623)
# EOSSerial=9f5d3d5d51faa34da1926828fb54f4d0
# end=updated
# utc_time=2015-11-19 07:42:01
# local_time=2015-11-19 02:42:01 (-0500, Eastern Standard Time)
# country="Canada"
# osver=6.3.9600 NT
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16384 (winblue_rtm.130821-1623)
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=9f5d3d5d51faa34da1926828fb54f4d0
# engine=26806
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-11-19 09:11:27
# local_time=2015-11-19 04:11:27 (-0500, Eastern Standard Time)
# country="Canada"
# lang=1033
# osver=6.3.9600 NT
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 88 0 509273 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 0 10835457 0 0
# scanned=216968
# found=0
# cleaned=0
# scan_time=5365

Offline mommyto3furballs

  • Bronze Member
  • Posts: 190
Re: [In Progress] new to me computer, tons of spyware
« Reply #22 on: November 19, 2015, 07:55:47 PM »
i defrag'd the computer a couple of times tonight and its running pretty well now. just thought i'd give an update

Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 443
Re: [In Progress] new to me computer, tons of spyware
« Reply #23 on: November 21, 2015, 11:05:51 AM »


 Hello mommyto3furballs,
Defrag is fine/good. Some important tidying up to do now.


Download and scan each user profile with CCleaner (a good utility to keep and use regularly.):

http://www.piriform.com/ccleaner/builds

** Select to download the SLIM version.

** Because CCleaner removes everything in temp folders, if you have anything saved in a temp folder, back it up or move it to a permanent folder prior to running CCleaner.

** We will be cleaning cookies as well. Make a note of any passwords, etc. that you want to save. If you do not want to delete cookies, simply uncheck that option.

1. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

2. Then select the items you wish to clean up. In the Windows Tab:

    Clean all entries in the "Internet Explorer" section.
    Clean all the entries in the "Windows Explorer" section
    Clean all entries in the "System" section.
    Clean all entries in the "Advanced" section.
    Clean any others that you choose. In the Applications Tab:
    Clean all in the Firefox/Mozilla section if you use it.
    Clean all in the Opera and Chrome sections if you use them.
    Clean Java in the Internet Section.
    Clean any others that you choose.
    * Do not use the Registry Cleaner component of CCleaner.

3. Click the "Analyze" button. When the list of files comes up for you to review, if you choose to remove them, click the "Run Cleaner" button.

4. A pop up box will appear advising this process will permanently delete files from your system.
We need to remove some tools  & purge your system Restore points.

Download "Delfix by Xplode" and save it to your desktop.https://toolslib.net/downloads/viewdownload/2-delfix/

Or use the following if first link is down:

"Delfix link mirror"http://ccm.net/download/download-24087-delfix

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

   
  • Remove disinfection tools
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Create registry backup
  • Reset system settings

Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. I don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Part of the routine will be to create a registry back up with ERUNT,  the back up will be created here:C:\Windows\ERUNT.

>>>>>>>>>>>>>>>>>

Please let me know how the laptop is running & if you have any concerns.

Platypuss


Offline mommyto3furballs

  • Bronze Member
  • Posts: 190
Re: [In Progress] new to me computer, tons of spyware
« Reply #24 on: November 21, 2015, 03:40:51 PM »
to me this computer is running very well. i'll let hubby go on it tonight to get his opinion and i'll post tomorrow what he says

Offline mommyto3furballs

  • Bronze Member
  • Posts: 190
Re: [In Progress] new to me computer, tons of spyware
« Reply #25 on: November 21, 2015, 07:04:55 PM »
quick question. i know i still have windows updates to do yet. would it be advisable to upgrade to windows 10? i did for my other laptop without a problem but i also did the preliminary scan to make sure there was no issues. where would i go to check before indeed downloading windows 10? btw, so far running fine

Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 443
Re: [In Progress] new to me computer, tons of spyware
« Reply #26 on: November 23, 2015, 04:00:11 AM »
Hello Mommyto3furballs,

First you need to check if your  computer has the capability to upgrade..
Please go HERE to check.

I will leave Hoov to advise on Windows  10 :-

Quote
It is a personal choice. I have several systems I am also delaying on, and another that has Windows 10. I am going to use it for a while and see how I like it before changing the others over.

I personally would prefer to leave it until all the issues are resolved.

Platypuss

Offline mommyto3furballs

  • Bronze Member
  • Posts: 190
Re: [In Progress] new to me computer, tons of spyware
« Reply #27 on: November 23, 2015, 08:56:59 AM »
hubby has been using the computer since Saturday with no complaints so i guess we are good. As for windows 10, i'll hold off. the link you gave me didn't work and i don't want to chance things. i do have a back up computer running windows 7 and this one which is running windows 10 besides the new one. don't need to mess things up. thanks for all your help platypuss. you did an awsome job :ty

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27120
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] new to me computer, tons of spyware
« Reply #28 on: November 23, 2015, 09:38:15 AM »
Just so that you have a bit of information about Windows 10, even though they are pushing Windows 10, Microsoft has no clue on what systems they are trying to push it onto. So the first thing you need to do is to go to the computer manufacturers website and make sure that the system you are wanting to upgrade to Windows 10 is on their list of upgradeable systems. If its not, it may still be possible, but it will not be easy. The second thing you need to do is check and see are you getting the popup notification in the system tray? If not, and all your windows updates are done (don't do them yet, at least until Platypuss says he is done), then don't even worry about trying. Windows 10 is not compatible with your system.

If your system is not on the OEM list but you still want to try, let me know and we can move the attempt elsewhere.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline mommyto3furballs

  • Bronze Member
  • Posts: 190
Re: [In Progress] new to me computer, tons of spyware
« Reply #29 on: November 23, 2015, 11:43:28 AM »
the little icon is showing up at the bottom. all the windows updates for 8.1 are complete except for a couple related to wireless button driver and wlan wifi adaptor. i'm scared to download them from windows. but i will hold off on windows 10 until more information becomes available and i find out for sure the computer is compatible to update.