Jump to content

lilbirdie13

Honorary Members
  • Posts

    26
  • Joined

  • Last visited

Everything posted by lilbirdie13

  1. Presumably when you say "all but the most common System Protection Restore Points" you mean "all but the most recent"? Okay, I've followed your instructions and everything seems to be working now. I've also deleted the files I downloaded on the day I was infected. ESET shows everything is clear now, and I'm just about to uninstall your tools and delete the restore points. Thank you so much for all your help. I've read your recommendations and will take them into account. Thanks again!
  2. C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir Win32/Thinknice.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\WindowsSupportDll32.dll.vir a variant of Win32/Thinknice.F potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\WindowsSupportDll64.dll.vir a variant of Win32/Thinknice.F potentially unwanted application C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir a variant of Win32/ELEX.AV potentially unwanted application C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir a variant of Win32/ELEX.AM potentially unwanted application C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{bb7b7a60-f574-47c2-8a0b-4c56f2da9802}Gw64.sys.vir a variant of Win64/BrowseFox.Q potentially unwanted application C:\FRST\Quarantine\C\Users\Ann\AppData\Local\Microsoft\Windows\INetCache\IE\I61E49TW\2[1].zip a variant of Win32/ELEX.AM potentially unwanted application C:\FRST\Quarantine\C\Users\Ann\AppData\Local\Microsoft\Windows\INetCache\IE\L23B2UT3\AdvanceElite[1].dll a variant of Win32/BrowseFox.O potentially unwanted application C:\FRST\Quarantine\C\Users\Ann\AppData\Local\Temp\ICReinstall_microsoft_word.exe.xBAD a variant of Win32/InstallCore.QD potentially unwanted application C:\FRST\Quarantine\C\Users\Ann\AppData\Local\Temp\optprosetup.exe.xBAD multiple threats So they all seem to be quarantined now, right? Does that mean it's okay? I can leave them there and they won't hurt me?
  3. Here's the fixlog: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-10-2014 02 Ran by Ann at 2014-10-14 06:29:23 Run:1 Running from C:\Users\Ann\Downloads Loaded Profile: Ann (Available profiles: Ann) Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\Users\Ann\AppData\Local\Microsoft\Windows\INetCache\IE\I61E49TW C:\Users\Ann\AppData\Local\Microsoft\Windows\INetCache\IE\L23B2UT3 C:\Users\Ann\AppData\Local\Temp\ICReinstall_microsoft_word.exe C:\Users\Ann\AppData\Local\Temp\optprosetup.exe EmptyTemp: ***************** C:\Users\Ann\AppData\Local\Microsoft\Windows\INetCache\IE\I61E49TW => Moved successfully. C:\Users\Ann\AppData\Local\Microsoft\Windows\INetCache\IE\L23B2UT3 => Moved successfully. C:\Users\Ann\AppData\Local\Temp\ICReinstall_microsoft_word.exe => Moved successfully. C:\Users\Ann\AppData\Local\Temp\optprosetup.exe => Moved successfully. EmptyTemp: => Removed 65.1 MB temporary data. The system needed a reboot. ==== End of Fixlog ==== I'll re-scan with ESET and get back to you.
  4. Plus, there are more files showing up on ESET compared to when I ran the scan under your instruction. Is this a bad sign?
  5. I don't like the fact that threats still show up on the ESET scan. Should I use ESET or another scanner to remove them?
  6. When I run the ESET Online Scanner again, there are still threats: C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir Win32/Thinknice.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\WindowsSupportDll32.dll.vir a variant of Win32/Thinknice.F potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\WindowsSupportDll64.dll.vir a variant of Win32/Thinknice.F potentially unwanted application C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir a variant of Win32/ELEX.AV potentially unwanted application C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir a variant of Win32/ELEX.AM potentially unwanted application C:\Users\Ann\AppData\Local\Microsoft\Windows\INetCache\IE\I61E49TW\2[1].zip a variant of Win32/ELEX.AM potentially unwanted application C:\Users\Ann\AppData\Local\Microsoft\Windows\INetCache\IE\L23B2UT3\AdvanceElite[1].dll a variant of Win32/BrowseFox.O potentially unwanted application C:\Users\Ann\AppData\Local\Temp\ICReinstall_microsoft_word.exe a variant of Win32/InstallCore.QD potentially unwanted application C:\Users\Ann\AppData\Local\Temp\optprosetup.exe multiple threats
  7. This is from SecurityCheck. Results of screen317's Security Check version 0.99.88 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Windows Firewall Enabled! Windows Defender WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Mozilla Firefox (30.0) ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSMpEng.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log``````````````````````
  8. Here's the JRT log. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.3.1 (10.06.2014:1) OS: Windows 8.1 x64 Ran by Ann on Tue 07/10/2014 at 18:41:50.40 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Tue 07/10/2014 at 18:44:41.90 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  9. It says the version of JRT I am running is out of date. Should I agree to update now?
  10. Okay, I ran Adware cleaner. Here's the log file. # AdwCleaner v3.311 - Report created 05/10/2014 at 06:10:55 # Updated 30/09/2014 by Xplode # Operating System : Windows 8.1 (64 bits) # Username : Ann - ANN1 # Running from : C:\Users\Ann\Desktop\adwcleaner_3.311.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16384 -\\ Mozilla Firefox v30.0 (en-US) [ File : C:\Users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\z979finn.default\prefs.js ] ************************* AdwCleaner[R0].txt - [3870 octets] - [29/09/2014 16:56:49] AdwCleaner[R1].txt - [3930 octets] - [29/09/2014 16:58:59] AdwCleaner[R2].txt - [955 octets] - [29/09/2014 17:02:23] AdwCleaner[R3].txt - [1018 octets] - [05/10/2014 06:09:08] AdwCleaner[s0].txt - [3336 octets] - [29/09/2014 16:59:31] AdwCleaner[s1].txt - [941 octets] - [05/10/2014 06:10:55] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1000 octets] ##########
  11. I think I know where this came from. I tried to install Microsoft Office but since I'd never installed it before, I didn't really know what I was doing. I did get it from a Microsoft site though.
  12. Okay, I'm done scanning. Here is the text file: C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir Win32/Thinknice.B potentially unwanted application C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir a variant of Win32/ELEX.AV potentially unwanted application C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir a variant of Win32/ELEX.AM potentially unwanted application C:\Users\Ann\AppData\Local\Microsoft\Windows\INetCache\IE\I61E49TW\2[1].zip a variant of Win32/ELEX.AM potentially unwanted application C:\Users\Ann\AppData\Local\Microsoft\Windows\INetCache\IE\L23B2UT3\AdvanceElite[1].dll a variant of Win32/BrowseFox.O potentially unwanted application C:\Users\Ann\AppData\Local\Temp\ICReinstall_microsoft_word.exe a variant of Win32/InstallCore.QD potentially unwanted application C:\Users\Ann\AppData\Local\Temp\optprosetup.exe multiple threats Thanks so much for all your help.
  13. McAfee won't let me turn off real-time scanning unless I buy a subscription. Is there a way around this?
  14. There are no other logs, apart from the two I've posted above. The scan showed there was nothing that needed removing.
  15. My internet connection seems to be working now. Thank you! I'll be hanging around in case you want to ask me any more questions. Thanks for all your help.
  16. The scan finished and said there was no malware found. Here are the two logs. Thanks. system-log.txt mbar-log-2014-09-29 (19-55-01).txt
  17. Just thought that might help with troubleshooting I'll write back once I've scanned and rebooted etc.
  18. When I ran mbar.exe, it said: Malwarebyte Anti-Rootkit BETA is already running. Do you really want to run another instance of the application? I clicked "Yes", I was pretty sure that was right... When I asked it to update, it said: Failed: No address found. (Presumably that's because I'm not connected to the Internet.) I'm scanning now. P.S. Maybe I should have mentioned this before, but I have Linux Mint 17 installed on the same laptop. The Internet is working on Linux Mint.
  19. Sorry, but I'm still getting the error. I also tried downloading the file again, but I still have the same error.
  20. When I open Gmer, I get an error message saying: C:\Windows\system32\config\system: The process cannot access the file because it is being used by another process.
  21. Thank you! I'm just incompetent at this sort of stuff... Okay, here's the first two attachments.... I'm going onto the next step now. Addition.txt FRST.txt
  22. I used FRST before when I was trying to fix my problem, so I've checked five boxes, but can't remember which one was originally checked. Could you let me know? Thanks.
  23. Actually, I made a mistake. I think I've found the logs. Will upload them in a sec... Hope this is right. Thanks again. mbam-log-2014-09-29 (16-20-00).xml.zip protection-log-2014-09-29.xml.zip
  24. Hi, I have Windows 8.1 and don't have either of those folders in my C: drive, as far as I can see. I only have: AdwCleaner FRST inetpub Intel PerfLogs Program Files Program Files (x86) SWSetup Users Windows Thanks in advance.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.