Spybot has tried 5 times..need help. Thank you.
Printable View
Spybot has tried 5 times..need help. Thank you.
Scan file and additional txt file
Our recommendation is to remove this program.
Yet Another Cleaner!
Remove it using the Add/Remove programs
Let me supply you with known good antivirus tools.
- http://1-ps.googleusercontent.com/x/...RUYs43FaJ5.pngavast! Free Anti-Virus (free)
- http://1-ps.googleusercontent.com/x/...RUYs43FaJ5.pngAvira AntiVir Personal - Free Antivirus
- http://1-ps.googleusercontent.com/x/...Eg8QK7Uzqf.jpg Microsoft Security Essentials (free)
- http://2-ps.googleusercontent.com/x/...SLxxSJVib_.png ESET NOD32 Anti-Virus (paid)
- http://2-ps.googleusercontent.com/x/...x4TC1AK8OX.jpgEmsisoft Internet Security (paid)
As for which free versus paid for Antivirus I have to leave this up to you but, I've always stayed with a free version, that use less resources and consumes less time in updating. This is my personal opinion and also with free versions of Antivirus, firewall is not included.
~~~~~~~~~
Please go to your downloads folder and locate Farbar Recovery Scan Tool, right click and select CUT
Go to an open spot on your desktop and select PASTE
Farbar Recovery Scan Tool should now be on your desktop.
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)
https://dl.dropboxusercontent.com/u/...76/FRSTfix.JPG
Open FRST/FRST64 and press the Fix button just once and wait.Quote:
start
CloseProcesses:
C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION
HKU\S-1-5-21-1210306022-1181859764-3225192987-1001\...\Winlogon: [Shell] - <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1210306022-1181859764-3225192987-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\.DEFAULT -> {035707D0-FAF1-4D36-8C40-C6734EB967DF} URL =
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2014-10-28] (Elex do Brasil Participações Ltda)
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [248488 2014-10-28] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [45224 2014-10-28] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [99496 2014-10-28] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [65704 2014-10-28] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [51880 2014-10-26] (Elex do Brasil Participações Ltda)
2015-01-21 09:04 - 2015-01-21 09:04 - 00001930 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\YAC.lnk
2015-01-21 09:04 - 2015-01-21 09:04 - 00001924 _____ () C:\Users\Public\Desktop\YAC.lnk
2015-01-21 09:04 - 2015-01-21 09:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
2015-01-21 09:04 - 2015-01-21 09:04 - 00000000 ____D () C:\Program Files (x86)\Elex-tech
2015-01-21 09:04 - 2014-10-28 06:31 - 00045224 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeKrnlBoot.sys
2015-01-21 09:04 - 2014-10-26 21:02 - 00051880 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeNetFilter.sys
2015-01-21 09:02 - 2015-01-21 09:02 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Elex-tech
2015-01-21 09:01 - 2015-01-21 09:02 - 16474920 _____ (Elex do Brasil Participações Ltda) C:\Users\Tim\Downloads\yet_another_cleaner_cnt.exe
C:\ProgramData\adwcleaner_4.106.exe
C:\Users\Tim\AppData\Local\Temp\jre-8u31-windows-au.exe
EmptyTemp:
End
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~``
Download Malwarebytes' Anti-Malware to your desktop.
- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
http://i1269.photobucket.com/albums/...psddef9b5f.gif
- On the Dashboard click on Update Now
- Go to the Setting Tab
- Under Setting go to Detection and Protection
- Under PUP and PUM make sure both are set to show Treat Dections as Malware
- Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
- Then on the Dashboard click on Scan
- Make sure to select THREAT SCAN
- Then click on Scan
- When the scan is finished and the log pops up...select Copy to Clipboard
- Please paste the log back into this thread for review
- Exit Malwarebytes
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 1/22/2015
Scan Time: 4:45:38 PM
Logfile:
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.01.22.11
Rootkit Database: v2015.01.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Tim
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 415461
Time Elapsed: 8 min, 0 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 1
Adware.Finix, C:\Users\Tim\Downloads\Comcast_Desktop_Software_1401.exe, , [6c0767938603cd69ccb54bc7e022f10f],
Physical Sectors: 0
(No malicious items detected)
(end)
Fixlog.txt ?
Since we have removed some malicious files, how's the computer?
:cool:
Thank you thank you very much! Sorry about the multiple posts, I have trouble focusing and with short term memory since stroke:heart:
Your doing fine.
How's your computer now?
What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.
Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
- Note:
For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.- Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
- Click the blue Run ESET Online Scanner button
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
- Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
- Click on Advanced Settings
- Make sure that the option Remove found threats is unticked.
- Ensure these options are ticked
- Scan archives
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
- Click Start
- Wait for the scan to finish
- When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
- Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
- Close the ESET online scan.
I ran the scans, but I may have inadvertently taken some action. I may have been on a different menu then you were referring to, it did not have ticks for "take no action but instead had a slide scale action, no action, which I chose. Found variant of Win32/Elex.as. Software said it "cleaned file because it contained body of infection"? Since I am out of my arena, I will turn this over to you to determine how badly I performed. The Smartscan log is too big to upload:red:
was the file you posted, come from the Eset Online scan?
From what I can tell it actually found a quarantine folder which we will remove in the end.
Tell me how the computer is now.