lol
so far only 1 file to delete.
C:\Users\All Users\rskrDKbta\dat\gqrYVM.dll
lol
so far only 1 file to delete.
C:\Users\All Users\rskrDKbta\dat\gqrYVM.dll
Windows Insider MVP Consumer Security 2009 - 2017
Please do not PM me for Malware help, we all benefit from posting on the open board.
I actually went back and ran the scan again because I had forgot to do the advance settings. This is the results of that scan:
C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Acer Edition\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application
C:\Users\SueB\AppData\Local\CRE\jbkceikmmebhmgcjiemejoaeholbnnjl.crx a variant of Win32/Toolbar.Conduit.AL potentially unwanted application
C:\Users\SueB\Downloads\ccsetup501.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\SueB\Downloads\dfsetup218.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
What do I do from here? Thank you for your patience.
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)
Open FRST/FRST64 and press the Fix button just once and wait.start
CloseProcesses:
C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Acer Edition\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe
C:\Users\SueB\AppData\Local\CRE\jbkceikmmebhmgcjiemejoaeholbnnjl.crx
C:\Users\SueB\Downloads\ccsetup501.exe
C:\Users\SueB\Downloads\dfsetup218.exe
C:\Users\All Users\rskrDKbta\dat\gqrYVM.dll
EmptyTemp:
End
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
Please post this log
tell me how the computer is now.
Windows Insider MVP Consumer Security 2009 - 2017
Please do not PM me for Malware help, we all benefit from posting on the open board.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-02-2015
Ran by SueB at 2015-02-10 06:25:46 Run:9
Running from C:\Users\SueB\Desktop
Loaded Profiles: SueB (Available profiles: SueB)
Boot Mode: Safe Mode (minimal)
==============================================
Content of fixlist:
*****************
start
CloseProcesses:
C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Acer Edition\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe
C:\Users\SueB\AppData\Local\CRE\jbkceikmmebhmgcjiemejoaeholbnnjl.crx
C:\Users\SueB\Downloads\ccsetup501.exe
C:\Users\SueB\Downloads\dfsetup218.exe
C:\Users\All Users\rskrDKbta\dat\gqrYVM.dll
EmptyTemp:
End
*****************
Processes closed successfully.
"C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Acer Edition\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe" => File/Directory not found.
"C:\Users\SueB\AppData\Local\CRE\jbkceikmmebhmgcjiemejoaeholbnnjl.crx" => File/Directory not found.
"C:\Users\SueB\Downloads\ccsetup501.exe" => File/Directory not found.
"C:\Users\SueB\Downloads\dfsetup218.exe" => File/Directory not found.
"C:\Users\All Users\rskrDKbta\dat\gqrYVM.dll" => File/Directory not found.
EmptyTemp: => Removed 24.5 MB temporary data.
The system needed a reboot.
==== End of Fixlog 06:25:50 ====
tell me how the computer is now
Windows Insider MVP Consumer Security 2009 - 2017
Please do not PM me for Malware help, we all benefit from posting on the open board.
Computer seems to be working good now. If anything else pops up, I will let you know. The only rather annoying thing is that Avast keeps pushing that Grime Boss. I tried it once and it nearly shut me down. But, that is just an annoyance more than a virus.
It's not a virus, it's a tool or software addition within the virus program that states it can rid you of additional issues a computer can have but.....
My opinion is, it needs to remain an antivirus tool
DelFix
- Please download DelFix
or from here http://www.bleepingcomputer.com/download/delfix/ and save the file to your Desktop.- Double-click DelFix.exe to run the programme.
- Place a checkmark next to the following items:
- Activate UAC
- Remove disinfection tools
- Create registry backup
- Purge system restore
- Click the Run button.
-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
~~~~~~~~~~~~~~~~~~~~~
- Answers to common security questions - Best Practices by quietman7, MVP
- How Malware Spreads - How did I get infected? by quietman7, MVP
- Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams, MVP
- How to Prevent Malware by miekiemoes, MVP
- How to backup and restore your data using Cobian Backup by YourHighness
- Slow Computer/browser? It May Not Be Malwareby quietman7, MVP
The following programmes come highly recommended in the security community.
- AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
- CryptoPrevent places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
- Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
- Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
- NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
- Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
- Secuina PSI will scan your computer for vulnerable softwarethat is outdated, and automatically find the latest update for you.
- SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
- Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.
Windows Insider MVP Consumer Security 2009 - 2017
Please do not PM me for Malware help, we all benefit from posting on the open board.
I wasn't sure if you wanted the Delifx results or not. I will post them just in case. Everything seems to be running smoothly now. Thank you for all of your help.
# DelFix v10.8 - Logfile created 10/02/2015 at 22:27:14
# Updated 29/07/2014 by Xplode
# Username : SueB - SUEB-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
~ Activating UAC ... OK
~ Removing disinfection tools ...
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\SueB\Downloads\AdwCleaner.exe
Deleted : C:\Users\SueB\Downloads\esetsmartinstaller_enu.exe
Deleted : C:\Users\SueB\Downloads\MBR.dat
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR
~ Creating registry backup ... OK
~ Cleaning system restore ...
Deleted : RP #457 [Windows Backup | 11/10/2014 00:00:10]
Deleted : RP #458 [Windows Update | 11/11/2014 12:33:25]
Deleted : RP #459 [Windows Update | 11/12/2014 16:22:09]
Deleted : RP #460 [Installed iTunes | 11/14/2014 14:46:48]
Deleted : RP #461 [Windows Backup | 11/17/2014 00:00:08]
Deleted : RP #462 [Windows Update | 11/18/2014 13:22:52]
Deleted : RP #463 [Windows Update | 11/20/2014 04:37:05]
Deleted : RP #464 [avast! antivirus system restore point | 11/22/2014 04:12:16]
Deleted : RP #465 [Device Driver Package Install: Avast Network Service | 11/22/2014 04:15:41]
Deleted : RP #466 [Windows Backup | 11/24/2014 00:00:06]
Deleted : RP #467 [Installed QuickTime 7 | 11/24/2014 13:59:52]
Deleted : RP #468 [Windows Update | 11/25/2014 04:38:35]
Deleted : RP #469 [Removed Microsoft Silverlight | 11/27/2014 15:06:59]
Deleted : RP #470 [Windows Update | 11/28/2014 11:59:40]
Deleted : RP #471 [Windows Backup | 12/01/2014 00:00:07]
Deleted : RP #472 [Windows Update | 12/02/2014 12:04:39]
Deleted : RP #473 [Windows Update | 12/05/2014 20:08:22]
Deleted : RP #474 [Removed Java 7 Update 67 | 12/07/2014 01:52:34]
Deleted : RP #475 [Removed Java 7 Update 67 (64-bit) | 12/07/2014 01:53:39]
Deleted : RP #476 [Installed Java 7 Update 71 | 12/07/2014 02:04:19]
Deleted : RP #477 [Installed Java 7 Update 71 (64-bit) | 12/07/2014 02:06:43]
Deleted : RP #478 [Windows Backup | 12/08/2014 00:00:05]
Deleted : RP #479 [Windows Update | 12/09/2014 13:18:43]
Deleted : RP #480 [Windows Update | 12/10/2014 15:22:20]
Deleted : RP #481 [Windows Backup | 12/15/2014 00:00:22]
Deleted : RP #482 [Windows Update | 12/16/2014 14:47:22]
Deleted : RP #483 [Windows Update | 12/20/2014 02:58:38]
Deleted : RP #484 [Windows Backup | 12/22/2014 00:00:11]
Deleted : RP #485 [Windows Update | 12/23/2014 13:02:34]
Deleted : RP #486 [Windows Backup | 12/29/2014 00:00:12]
Deleted : RP #487 [Windows Update | 12/30/2014 20:00:43]
Deleted : RP #488 [Windows Backup | 01/05/2015 00:00:12]
Deleted : RP #489 [Windows Update | 01/06/2015 08:15:08]
Deleted : RP #490 [Windows Update | 01/09/2015 14:30:43]
Deleted : RP #491 [Windows Backup | 01/12/2015 00:00:15]
Deleted : RP #492 [Windows Update | 01/13/2015 11:31:24]
Deleted : RP #493 [Windows Update | 01/15/2015 01:49:07]
Deleted : RP #494 [Windows Update | 01/16/2015 04:17:34]
Deleted : RP #495 [Removed H&R Block Deluxe + Efile + State 2012. | 01/17/2015 18:28:27]
Deleted : RP #496 [Removed H&R Block Deluxe + Efile + State 2013. | 01/17/2015 18:32:22]
Deleted : RP #497 [Removed H&R Block Georgia 2012. | 01/17/2015 18:35:53]
Deleted : RP #498 [Removed H&R Block Virginia 2012. | 01/17/2015 18:41:47]
Deleted : RP #499 [Removed eBay Worldwide | 01/17/2015 18:44:46]
Deleted : RP #500 [Removed Evernote v. 5.0.3 | 01/17/2015 18:45:22]
Deleted : RP #501 [Windows Backup | 01/19/2015 00:00:13]
Deleted : RP #502 [Windows Update | 01/20/2015 13:28:23]
Deleted : RP #503 [Installed HR Block 2014. | 01/22/2015 23:35:22]
Deleted : RP #504 [Windows Backup | 01/26/2015 00:00:13]
Deleted : RP #505 [Windows Update | 01/27/2015 14:43:16]
Deleted : RP #506 [Windows Backup | 02/02/2015 00:00:14]
Deleted : RP #507 [Windows Update | 02/03/2015 12:56:54]
Deleted : RP #508 [System Repair (Spybot - Search & Destroy+AV 2.4, administrator p | 02/05/2015 03:16:22]
Deleted : RP #509 [Windows Update | 02/07/2015 01:11:18]
Deleted : RP #510 [Installed iTunes | 02/09/2015 00:21:32]
Deleted : RP #511 [Windows Backup | 02/09/2015 00:25:25]
Deleted : RP #512 [Windows Update | 02/10/2015 15:54:48]
New restore point created !
########## - EOF - ##########
Looks good, we're glad to help
Windows Insider MVP Consumer Security 2009 - 2017
Please do not PM me for Malware help, we all benefit from posting on the open board.
Glad we could help.
Since this issue appears resolved ... this Topic is closed.
Windows Insider MVP Consumer Security 2009 - 2017
Please do not PM me for Malware help, we all benefit from posting on the open board.