New
#11
I have not done a clean install yet. It would be a big process, so if I can avoid it safely, that would be great.
Downloading and running AdwCleaner now, and will post the report when it's completed.
I have not done a clean install yet. It would be a big process, so if I can avoid it safely, that would be great.
Downloading and running AdwCleaner now, and will post the report when it's completed.
Also, please download RogueKiller:
Tlcharger RogueKiller (Site Officiel)
When you get to the website, go to where it says:
(Download link) Lien de téléchargement
Select the version that applies to your system: x64
Click the dark-blue button that applies.
Save to the Desktop.
Close all windows and browsers
Right-click RogueKiller and select: Run as Administrator
Press: SCAN
When done, a report opens on the Desktop: RKreport.txt
Please provide the RKreport.txt (Mode: Scan) in your reply.
(Please do not delete anything! Thanks!)
Here's the report from AdwCleaner. Will download and run RogueKiller now.
# AdwCleaner v2.115 - Logfile created 03/24/2013 at 08:57:26
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : home - HOME-PC
# Boot Mode : Normal
# Running from : C:\Users\home\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Partner
Folder Found : C:\Users\home\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\home\AppData\Roaming\OpenCandy
***** [Registry] *****
Key Found : HKCU\Software\1ClickDownload
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
***** [Internet Browsers] *****
-\\ Internet Explorer v10.0.9200.16521
[OK] Registry is clean.
-\\ Mozilla Firefox v14.0.1 (en-US)
File : C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\0oxj7xbm.default\prefs.js
[OK] File is clean.
-\\ Google Chrome v25.0.1364.172
File : C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [1693 octets] - [24/03/2013 08:57:26]
########## EOF - C:\AdwCleaner[R1].txt - [1753 octets] ##########
Here's the RKreport.
Please run AdwCleaner once again, and this time use the Delete option.
On RogueKiller, do you engage in any activity with: wireless-rtr.stanford.edu?
Might be doing couses on-line?
Last, for your peace of mind, please run ESET once again, just like in Post #3.
It should take less time now.
When you do so, Under Scan Settings, make sure that the option Remove found threats is checked, and the option Scan Archives is checked.
When the scan completes, click: List Threats
Please copy and provide the information presented in your reply. (If no malware is found, a list is not presented.)
Need to go out and get some lunch, will be back around 2:00PM Central Time (USA).
Are you near St. Louis? If so, I am also.
Never engaged in any activity with wireless-rtr.stanford.edu that I am aware of. That has me worried.
I'll do everything else as instructed and post the results. Thanks again.
Here's the report from AdwCleaner. Will run ESET now and get back with results.
# AdwCleaner v2.115 - Logfile created 03/24/2013 at 10:14:55
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : home - HOME-PC
# Boot Mode : Normal
# Running from : C:\Users\home\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Users\home\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\home\AppData\Roaming\OpenCandy
***** [Registry] *****
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
***** [Internet Browsers] *****
-\\ Internet Explorer v10.0.9200.16521
[OK] Registry is clean.
-\\ Mozilla Firefox v14.0.1 (en-US)
File : C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\0oxj7xbm.default\prefs.js
C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\0oxj7xbm.default\user.js ... Deleted !
[OK] File is clean.
-\\ Google Chrome v25.0.1364.172
File : C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [1822 octets] - [24/03/2013 08:57:26]
AdwCleaner[R2].txt - [1882 octets] - [24/03/2013 10:14:39]
AdwCleaner[S1].txt - [1934 octets] - [24/03/2013 10:14:55]
########## EOF - C:\AdwCleaner[S1].txt - [1994 octets] ##########
Let's press on with RogueKiller and get rid of those entries that concern you.
•Please quit all programs
•Right-click the RogueKiller file and select: Run as Administrator
•Wait until the Prescan finishes
•Press: Scan
•Once again at the RogueKiller console, click the DNS tab.
•Make sure the entries there are checked, if there is an option to do so.
•Then, press the [DNSFix] button.
Last, an RKreport (Mode: DNSFix) is created on the Desktop.
Please post the report in your reply.
Also download farbar's MiniToolBox:
Downloading MiniToolBox
Save to your Dsktop and double-click to run it.
Check the following boxes:
- Flush DNS
- Report IE Proxy Settings
- Report FF Proxy Settings
- List content of Hosts
- List IP configuration
- List Winsock Entries
Click: Go
Please post the Result.txt (appears on the Desktop) in your reply.
ESET finally finished, it took over 4 1/2 hours, and I just realized I forgot to turn off MSE this time. It found the two Ask toolbars again, and I'm pretty sure it deleted them, but accidentally closed it before checking the threat list. Been up all night with this issue, and I'm getting too tired to function. I'll run it again and check to make sure it was done correctly.
Ran RogueKiller again, nothing showed up under the DNS tab. I ran DNSFix, here's the log.
RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : RogueKiller - Geeks to Go Forums
Website : Download RogueKiller (Official website)
Blog : tigzy-RK
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : home [Admin rights]
Mode : DNSFix -- Date : 03/24/2013 15:15:21
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 2 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{803A29DC-5697-4DB2-91F0-3D8C88F25CB5} : NameServer (172.26.38.1 172.26.38.2) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{803A29DC-5697-4DB2-91F0-3D8C88F25CB5} : NameServer (172.26.38.1 172.26.38.2) -> REPLACED ()
¤¤¤ Driver : [NOT LOADED] ¤¤¤
Finished : << RKreport[2]_DN_03242013_02d1515.txt >>
RKreport[1]_S_03242013_02d0904.txt ; RKreport[2]_DN_03242013_02d1515.txt
Going to install and run the MiniToolBox now, and will post the results.