farbar options [webcenter.com sbplayers.net tv-players.net ]

[rudsaki]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Rod at 2015-03-14 08:47:13 Run:2
Running from C:\Users\Rod\Desktop
Loaded Profiles: Rod (Available profiles: Rod & Callise)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
C:\games\DiRT3\paul.dll
C:\games\DiRT3\SKIDROW.dll
C:\Program Files (x86)\Free FLV Converter\Helper.dll
C:\System Recovery Files\2013-03-29 073838\D-HP_PAVILION\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmppack.jar-66e97b36-5886dad2.zip
C:\Users\Rod\Documents\OLDsetup\Babylon8_setup.exe
J:\Backup Files\1\1\V0\C\System Recovery Files\2013-03-29 073838\D-HP_PAVILION\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmppack.jar-66e97b36-5886dad2.zip
J:\Backup Files\1\1\V0\C\Users\Rod\Downloads\Install\DIRT3\CRACK SKIDROW.rar
EmptyTemp:
CreateRestorePoint:
End

*****************

Processes closed successfully.
"C:\games\DiRT3\paul.dll" => File/Directory not found.
"C:\games\DiRT3\SKIDROW.dll" => File/Directory not found.
C:\Program Files (x86)\Free FLV Converter\Helper.dll => Moved successfully.
C:\System Recovery Files\2013-03-29 073838\D-HP_PAVILION\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmppack.jar-66e97b36-5886dad2.zip => Moved successfully.
C:\Users\Rod\Documents\OLDsetup\Babylon8_setup.exe => Moved successfully.
J:\Backup Files\1\1\V0\C\System Recovery Files\2013-03-29 073838\D-HP_PAVILION\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmppack.jar-66e97b36-5886dad2.zip => Moved successfully.
J:\Backup Files\1\1\V0\C\Users\Rod\Downloads\Install\DIRT3\CRACK SKIDROW.rar => Moved successfully.
Restore point was successfully created.
EmptyTemp: => Removed 203.3 MB temporary data.


The system needed a reboot.

==== End of Fixlog 08:48:18 ====

[Juliet]

Million dollar questions is, how's the computer now?

[rudsaki]

everything looked good and I went back to using chrome. Was saving a pdf from an online newspaper and a new tab popped up with the included jpg.
Looks like it was targeted for chrome. Is it just not as secure as other browsers?
Untitled.jpg

I still have Microsoft Security Essentials and SpyBot Live Protection running.

[Juliet]

Instructions on how to backup your Favourites/Bookmarks and other data can be found below.

• Backup Internet Explorer Favourites
• Backup Firefox Bookmarks
• Backup Chrome Bookmarks
  

Proceed with the reset once done.

• Internet Explorer: How to reset Internet Explorer settings
• Firefox:Reset Firefox
• Chrome: Chrome - Reset browser settings

~~~~~~~~~~~~~~~`
Locate and delete the version of AdwCleaner you used previously.

Next, we will use an updated version.

AdwCleaner

• Please download AdwCleaner and save the file to your Desktop.
• Right-Click AdwCleaner.exe and select Run as administrator to run the programme.
• Follow the prompts.
• Click Scan.
• Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
• Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
• Follow the prompts and allow your computer to reboot.
• After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

~~~~

Please run a Threat Scan with Malwarebytes' Anti-Malware.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

********************************************


please post
C:\AdwCleaner.txt
JRT.txt
Malwarebytes log

[Juliet]

Was saving a pdf from an online newspaper and a new tab popped up with the included jpg.
Looks like it was targeted for chrome. Is it just not as secure as other browsers?

Forgot to answer this
All browser can be hijacked, does seem at times that Google Chrome can get picked on more then the others but, again, all browsers can be attacked.

Please run this security check for my review.

Download Security Check by screen317 from here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

[rudsaki]

thinking JRT may be stuck. It has run 12 hours and last entry is "Checking Shortcuts"

[Juliet]

thinking JRT may be stuck. It has run 12 hours and last entry is "Checking Shortcuts"

Open task manager, look for JRT.exe, right click and select end process.

please post
C:\AdwCleaner.txt
Malwarebytes log

[rudsaki]

adw cleaner reported nothing found.
JRT nothing found

malware:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/15/2015
Scan Time: 7:09:09 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.15.06
Rootkit Database: v2015.02.25.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Rod

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 428557
Time Elapsed: 16 min, 10 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
PUP.Optional.ASK.A, C:\Users\Callise\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Good: (), Bad: ( "homepage": "http://www.search.ask.com/?gct=hp",), Replaced,[b1f8051d1377c670f4eeab7c8d790ef2]
PUP.Optional.ASK.A, C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Good: (), Bad: ( "homepage": "http://www.search.ask.com/?gct=hp",), Replaced,[9019d250404a072fa04280a73ec81ce4]

Physical Sectors: 0
(No malicious items detected)


(end)

[rudsaki]

Results of screen317's Security Check version 0.99.98
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Spybot - Search and Destroy
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Java 8 Update 31
Java version 32-bit out of Date!
Java 64-bit 8 Update 31
Adobe Reader XI
Mozilla Firefox (36.0.1)
Mozilla Thunderbird (31.5.0)
Google Chrome (40.0.2214.115)
Google Chrome (41.0.2272.89)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Spybot Teatimer.exe is disabled!
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

[Juliet]

Do you still have the pop up?