straykat711
Well-known member
- Apr 21, 2015
- 52
Windows Update - 14399 - (For BrianDrab)
[SOLVED] Windows Update - 14399 - (For BrianDrab)
- Thread starter straykat711
- Start date
BrianDrab
Emeritus
Hi. My name is Brian, and I would be happy to look into your issue.
- General Instructions -
- Save ALL Tools to your Desktop-
All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser.
Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
Internet Explorer - Click the Tools menu in the upper right-corner of the browser.
Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
- Finally Before We Start-
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Step#1 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Cleaning"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.
Step#2 - JRT
1. Download Junkware Removal Tool to your desktop.
1. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
2. The tool will open and start scanning your system.
3. Please be patient as this can take a while to complete depending on your system's specifications.
4. On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
5. Close the text file and reboot your machine.
6. Post the contents of JRT.txt into your next message.
Step#3 - Rootkit Scan
1. Download aswMBR to your desktop.
2. Right-click on aswMBR.exe and select Run as administrator to run it.
3. If you get a question about Virtualization Technology, answer Yes.
4. If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
5. Click the "Scan" button to start scan.
6. On completion of the scan click "Save log", save it to your desktop and post in your next reply.
NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
Step#4 - Fresh Set of Logs
1. Right click on FRST.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well.
Items for your next post
1. AdwCleaner log
2. Junkware log
3. Rootkit log
4. FRST and Addition logs
- General Instructions -
- Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
- I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
- Any fixes provided by myself are for this log file only and should not be used on any other systems.
- Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
- It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
- It is also likely during our cleaning process that your internet browsing history will be removed. Your favorites will be untouched. If you don't want this to happen you need to let me know before running any steps so I can adjust my fixes accordingly.
- You have 4 days to reply to each post or the topic will be closed.
- Please feel free to ask any questions, especially if you are having problems with my instructions.
- Save ALL Tools to your Desktop-
All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
and the click the "Select Folder" button. Click OK to get out of the Options menu.
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
- Finally Before We Start-
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Step#1 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Cleaning"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.
Step#2 - JRT
1. Download Junkware Removal Tool to your desktop.
1. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
2. The tool will open and start scanning your system.
3. Please be patient as this can take a while to complete depending on your system's specifications.
4. On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
5. Close the text file and reboot your machine.
6. Post the contents of JRT.txt into your next message.
Step#3 - Rootkit Scan
1. Download aswMBR to your desktop.
2. Right-click on aswMBR.exe and select Run as administrator to run it.
3. If you get a question about Virtualization Technology, answer Yes.
4. If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
5. Click the "Scan" button to start scan.
6. On completion of the scan click "Save log", save it to your desktop and post in your next reply.
NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
Step#4 - Fresh Set of Logs
1. Right click on FRST.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well.
Items for your next post
1. AdwCleaner log
2. Junkware log
3. Rootkit log
4. FRST and Addition logs
straykat711
Well-known member
- Apr 21, 2015
- 52
Here are the files.
BrianDrab
Emeritus
Thanks for the info. Please do the following.
Step#1 - Uninstalls
Please uninstall the following programs one at a time. Instructions for doing so are here.
If any of the programs give you an error during the uninstall, notate it and move on to the next one. Just let me know which ones had issues. If you are asked to reboot, answer No until all the programs have been uninstalled and then you can reboot. All of these programs are either outdated, malware/adware, have a bad reputation or are not recommended. If you absolutely must have one of them I suggest that you wait until you are declared clean before reinstalling.
Ask Toolbar
I see you have a bunch of programs from IOBit installed. The vendor is untrustworthy and deemed a rogue within the Anti-Malware community as a whole. Following are those programs. I would recommend uninstalling these programs. There are very good alternatives to these programs. For example Revo Uninstaller instead of IObit Uninstaller, etc. Let me know what you decide.
IObit Apps Toolbar v9.3
Advanced SystemCare 7
Advanced SystemCare 8
Driver Booster
IObit Apps Toolbar v9.3
IObit Malware Fighter
IObit Uninstaller
Smart Defrag 3
Surfing Protection
Step#2 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop.
Note. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.
Step#3 - Malwarebytes Scan
Step#4 - Retrieve Malwarebytes Log
1. Open up the Malwarebytes program again if it's not already. You can simply double click on the shortcut on your desktop that says "Malwarebytes Anti-Malware".
2. Click the History button as shown in the picture below.
3. Click Application Logs as shown in the picture below.
4. Click on the most recent Scan Log as shown in the picture below.
5. The Scanning History Log screen will open. Click the Export button in the lower left and choose Copy to Clipboard. Paste the info into your next post (Right-click your mouse in the post and select Paste).
Items for your next post
1. Let me know what you decided to Uninstall
2. FRST Fix
3. Malwarebytes log
Step#1 - Uninstalls
Please uninstall the following programs one at a time. Instructions for doing so are here.
If any of the programs give you an error during the uninstall, notate it and move on to the next one. Just let me know which ones had issues. If you are asked to reboot, answer No until all the programs have been uninstalled and then you can reboot. All of these programs are either outdated, malware/adware, have a bad reputation or are not recommended. If you absolutely must have one of them I suggest that you wait until you are declared clean before reinstalling.
Ask Toolbar
I see you have a bunch of programs from IOBit installed. The vendor is untrustworthy and deemed a rogue within the Anti-Malware community as a whole. Following are those programs. I would recommend uninstalling these programs. There are very good alternatives to these programs. For example Revo Uninstaller instead of IObit Uninstaller, etc. Let me know what you decide.
IObit Apps Toolbar v9.3
Advanced SystemCare 7
Advanced SystemCare 8
Driver Booster
IObit Apps Toolbar v9.3
IObit Malware Fighter
IObit Uninstaller
Smart Defrag 3
Surfing Protection
Step#2 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop.
Note. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.
Step#3 - Malwarebytes Scan
- Download Malwarebytes to your desktop from here.
- Right-click on the file that is downloaded to your desktop and select Run as administrator. Answer Yes when asked to Allow.
- Select the appropriate language and click OK.
- Click Next.
- Select "I accept the agreement" and click Next.
- Click Next
- Change the install path if desired. Normally you will keep this as is. Click Next.
- Click Next again.
- Click Next again.
- Click Install.
- Uncheck "Enable free trial of Malwarebytes Anti-Malware Premium".
- Click Finish
- If an update is found you will be prompted to download and install. Go ahead.
- Click the Settings button and then the Detection and Protection tab. Then check the box to Scan for rootkits. as shown below.
- Click the Scan button at the top of the form and then click Start Scan button and let complete.
- If malware was detected you can now click the Remove Selected Button. If no malware was detected you can skip the rest of these bullet items and go to the next step which is to retrieve the Malwarebytes log.
- Once the malware is removed you may get a prompt asking you to reboot. Note: Please answer Yes.
- .
Step#4 - Retrieve Malwarebytes Log
1. Open up the Malwarebytes program again if it's not already. You can simply double click on the shortcut on your desktop that says "Malwarebytes Anti-Malware".
2. Click the History button as shown in the picture below.
3. Click Application Logs as shown in the picture below.
4. Click on the most recent Scan Log as shown in the picture below.
5. The Scanning History Log screen will open. Click the Export button in the lower left and choose Copy to Clipboard. Paste the info into your next post (Right-click your mouse in the post and select Paste).
Items for your next post
1. Let me know what you decided to Uninstall
2. FRST Fix
3. Malwarebytes log
straykat711
Well-known member
- Apr 21, 2015
- 52
Brian:
I have uninstall programs except. Ask tool bar, Iobit Malware Fighter, Iobits apps tool bar. They will not uninstall, I keep getting a message "Please wait until the current program is finished uninstalling them or being changed." Programs and features is the control panel. I have not re-booted and it has not ask me to. What next? Revo?
I have uninstall programs except. Ask tool bar, Iobit Malware Fighter, Iobits apps tool bar. They will not uninstall, I keep getting a message "Please wait until the current program is finished uninstalling them or being changed." Programs and features is the control panel. I have not re-booted and it has not ask me to. What next? Revo?
BrianDrab
Emeritus
Sure, you can try Revo Uninstaller. If that doesn't work then we will remove them manually.
straykat711
Well-known member
- Apr 21, 2015
- 52
It's not working, That's too easy. what next?
BrianDrab
Emeritus
I need some logs and then I can prepare a fix for you to remove the programs. Please do the following.
Step#1 - FRST Registry Search
1. Run FRST by Right-Clicking on the file and choosing Run as administrator.
2. Copy and paste the words Ask Toolbar;IObit into the Search box and click the Search Registry button.
3. When the scan is complete a notepad window will open with the results. Please copy and paste the contents in your next reply. If for some reason notepad doesn't open the file should be
saved on your desktop named Search.txt.
Step#2 - Fresh Set of Logs
1. Right click on FRST.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well.
Items for your next post
1. Registry Search
2. FRST and Addition logs
Step#1 - FRST Registry Search
1. Run FRST by Right-Clicking on the file and choosing Run as administrator.
2. Copy and paste the words Ask Toolbar;IObit into the Search box and click the Search Registry button.
3. When the scan is complete a notepad window will open with the results. Please copy and paste the contents in your next reply. If for some reason notepad doesn't open the file should be
saved on your desktop named Search.txt.
Step#2 - Fresh Set of Logs
1. Right click on FRST.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well.
Items for your next post
1. Registry Search
2. FRST and Addition logs
straykat711
Well-known member
- Apr 21, 2015
- 52
Here they are.
BrianDrab
Emeritus
While I'm preparing the fix go ahead and run the Malwarebytes steps from the previous post.
straykat711
Well-known member
- Apr 21, 2015
- 52
Malwarebytes has finished and here is the log.
Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software
Scan Date: 5/27/2015
Scan Time: 3:51:46 PM
Logfile:
Administrator: Yes
Version: 2.01.6.1022
Malware Database: v2015.05.27.04
Rootkit Database: v2015.05.24.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: ray
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 360043
Time Elapsed: 17 min, 2 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 4
PUP.Optional.Spigot, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, Quarantined, [792702961d6dc76f29e6e382ab58a060],
PUP.Optional.Spigot, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, Quarantined, [792702961d6dc76f29e6e382ab58a060],
PUP.Optional.Spigot.A, HKU\S-1-5-21-3125674970-4218055495-1541182145-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{B2966670-0D43-435C-9CF3-0C038E7B7A6E}, Quarantined, [9e02dbbde6a4ee4875ee2ab8bd4658a8],
PUP.Optional.Spigot.A, HKU\S-1-5-21-3125674970-4218055495-1541182145-501\SOFTWARE\APPDATALOW\SOFTWARE\Search Settings, Quarantined, [80206434a2e8fb3b105381e233d22ed2],
Registry Values: 2
PUP.Optional.Spigot.A, HKU\S-1-5-21-3125674970-4218055495-1541182145-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{B2966670-0D43-435C-9CF3-0C038E7B7A6E}|URL, https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}, Quarantined, [9e02dbbde6a4ee4875ee2ab8bd4658a8]
PUP.Optional.Spigot.A, HKU\S-1-5-21-3125674970-4218055495-1541182145-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{B2966670-0D43-435C-9CF3-0C038E7B7A6E}|OSDFileURL, file:///C:/Program%20Files/Common%20Files/Spigot/Search%20Settings/yahoo_ie.xml, Quarantined, [bce447510b7f64d21a506019788de51b]
Registry Data: 0
(No malicious items detected)
Folders: 8
PUP.Optional.Spigot.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hbcennhacfaagdopikcegfcobcadeocj, Quarantined, [247ccccc7c0e59ddf15f02baab58a858],
PUP.Optional.Spigot.A, C:\Users\ray\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hbcennhacfaagdopikcegfcobcadeocj, Quarantined, [6b350e8a29615dd92a26dfdd27dcab55],
PUP.Optional.Spigot.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pfndaklgolladniicklehhancnlgocpp, Quarantined, [7a26bddb7c0ecd6939187b41946f48b8],
PUP.Optional.Spigot.A, C:\Users\ray\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pfndaklgolladniicklehhancnlgocpp, Quarantined, [fba5dfb9800ae6509eb3fbc16c97f30d],
PUP.Optional.Spigot.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkaekfpcppmmioggniknbnbdbcigpkk, Quarantined, [adf39efa57335cda9d0a1db6e71c4db3],
PUP.Optional.Spigot.A, C:\Users\ray\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkaekfpcppmmioggniknbnbdbcigpkk, Quarantined, [40606038d8b22e080f98dbf8689ba15f],
PUP.Optional.Spigot.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\icdlfehblmklkikfigmjhbmmpmkmpooj, Quarantined, [4f511088c9c1cc6ab1f84e85af5409f7],
PUP.Optional.Spigot.A, C:\Users\ray\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\icdlfehblmklkikfigmjhbmmpmkmpooj, Quarantined, [b4eca9efbad01d19b4f57b589c67dd23],
Files: 3
PUP.Optional.Spigot.SID, C:\Users\ray\AppData\Local\Temp\{8EEC89F2-DDF1-40C7-9907-702CC1D4CDFD}\BrowserExtensionsSetup.exe, Quarantined, [9907b6e291f9f0462099df88759138c8],
PUP.Optional.Spigot.A, C:\Windows\Installer\1b969.msi, Quarantined, [128e81171c6e96a099bf13ccee13f10f],
PUP.Optional.Spigot.A, C:\Users\ray\AppData\Roaming\Mozilla\Firefox\Profiles\bcjapbyq.default\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p=")
, Replaced,[257b9bfd5a30d1655e9baebbbc4aee12]
Physical Sectors: 0
(No malicious items detected)
(end)
Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software
Scan Date: 5/27/2015
Scan Time: 3:51:46 PM
Logfile:
Administrator: Yes
Version: 2.01.6.1022
Malware Database: v2015.05.27.04
Rootkit Database: v2015.05.24.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: ray
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 360043
Time Elapsed: 17 min, 2 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 4
PUP.Optional.Spigot, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, Quarantined, [792702961d6dc76f29e6e382ab58a060],
PUP.Optional.Spigot, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, Quarantined, [792702961d6dc76f29e6e382ab58a060],
PUP.Optional.Spigot.A, HKU\S-1-5-21-3125674970-4218055495-1541182145-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{B2966670-0D43-435C-9CF3-0C038E7B7A6E}, Quarantined, [9e02dbbde6a4ee4875ee2ab8bd4658a8],
PUP.Optional.Spigot.A, HKU\S-1-5-21-3125674970-4218055495-1541182145-501\SOFTWARE\APPDATALOW\SOFTWARE\Search Settings, Quarantined, [80206434a2e8fb3b105381e233d22ed2],
Registry Values: 2
PUP.Optional.Spigot.A, HKU\S-1-5-21-3125674970-4218055495-1541182145-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{B2966670-0D43-435C-9CF3-0C038E7B7A6E}|URL, https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}, Quarantined, [9e02dbbde6a4ee4875ee2ab8bd4658a8]
PUP.Optional.Spigot.A, HKU\S-1-5-21-3125674970-4218055495-1541182145-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{B2966670-0D43-435C-9CF3-0C038E7B7A6E}|OSDFileURL, file:///C:/Program%20Files/Common%20Files/Spigot/Search%20Settings/yahoo_ie.xml, Quarantined, [bce447510b7f64d21a506019788de51b]
Registry Data: 0
(No malicious items detected)
Folders: 8
PUP.Optional.Spigot.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hbcennhacfaagdopikcegfcobcadeocj, Quarantined, [247ccccc7c0e59ddf15f02baab58a858],
PUP.Optional.Spigot.A, C:\Users\ray\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hbcennhacfaagdopikcegfcobcadeocj, Quarantined, [6b350e8a29615dd92a26dfdd27dcab55],
PUP.Optional.Spigot.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pfndaklgolladniicklehhancnlgocpp, Quarantined, [7a26bddb7c0ecd6939187b41946f48b8],
PUP.Optional.Spigot.A, C:\Users\ray\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pfndaklgolladniicklehhancnlgocpp, Quarantined, [fba5dfb9800ae6509eb3fbc16c97f30d],
PUP.Optional.Spigot.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkaekfpcppmmioggniknbnbdbcigpkk, Quarantined, [adf39efa57335cda9d0a1db6e71c4db3],
PUP.Optional.Spigot.A, C:\Users\ray\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkaekfpcppmmioggniknbnbdbcigpkk, Quarantined, [40606038d8b22e080f98dbf8689ba15f],
PUP.Optional.Spigot.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\icdlfehblmklkikfigmjhbmmpmkmpooj, Quarantined, [4f511088c9c1cc6ab1f84e85af5409f7],
PUP.Optional.Spigot.A, C:\Users\ray\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\icdlfehblmklkikfigmjhbmmpmkmpooj, Quarantined, [b4eca9efbad01d19b4f57b589c67dd23],
Files: 3
PUP.Optional.Spigot.SID, C:\Users\ray\AppData\Local\Temp\{8EEC89F2-DDF1-40C7-9907-702CC1D4CDFD}\BrowserExtensionsSetup.exe, Quarantined, [9907b6e291f9f0462099df88759138c8],
PUP.Optional.Spigot.A, C:\Windows\Installer\1b969.msi, Quarantined, [128e81171c6e96a099bf13ccee13f10f],
PUP.Optional.Spigot.A, C:\Users\ray\AppData\Roaming\Mozilla\Firefox\Profiles\bcjapbyq.default\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p=")
, Replaced,[257b9bfd5a30d1655e9baebbbc4aee12]Physical Sectors: 0
(No malicious items detected)
(end)
BrianDrab
Emeritus
Great timing. I've just finished the removal fix. Please do the following.
FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop.
Note. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.
FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop.
Note. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.
straykat711
Well-known member
- Apr 21, 2015
- 52
Here is the fix log
BrianDrab
Emeritus
Looks good. Can you verify that all those programs appear to be uninstalled now?
straykat711
Well-known member
- Apr 21, 2015
- 52
Yes they are gone.
BrianDrab
Emeritus
Good. Please do the following.
Step#1 - Services Check
1. Please download Farbar Service Scanner to your desktop.
2. Make sure that ALL the options are checked:
3. Press "Scan".
4. It will create a log (FSS.txt) in the same directory the tool is run.
5. Please copy and paste the log to your reply.
Step#2 - Security Check
1. Download Security Check from here or here or here.
2. Save it to your Desktop.
3. Right-click SecurityCheck.exe and select Run as administrator. Follow the onscreen instructions inside of the black box.
4. A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: Don't be alarmed if the process runs for 10 to 15 minutes before completing. If it runs for over 30 minutes, just close the program and try running it again.
NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
Items for your next post
1. FSS.txt file
2. Checkup.txt file
Step#1 - Services Check
1. Please download Farbar Service Scanner to your desktop.
2. Make sure that ALL the options are checked:
3. Press "Scan".
4. It will create a log (FSS.txt) in the same directory the tool is run.
5. Please copy and paste the log to your reply.
Step#2 - Security Check
1. Download Security Check from here or here or here.
2. Save it to your Desktop.
3. Right-click SecurityCheck.exe and select Run as administrator. Follow the onscreen instructions inside of the black box.
4. A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: Don't be alarmed if the process runs for 10 to 15 minutes before completing. If it runs for over 30 minutes, just close the program and try running it again.
NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
Items for your next post
1. FSS.txt file
2. Checkup.txt file
straykat711
Well-known member
- Apr 21, 2015
- 52
Results of screen317's Security Check version 1.002
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 55
Java version 32-bit out of Date!
Mozilla Firefox (38.0.1)
Google Chrome (42.0.2311.135)
Google Chrome (42.0.2311.90)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 55
Java version 32-bit out of Date!
Mozilla Firefox (38.0.1)
Google Chrome (42.0.2311.135)
Google Chrome (42.0.2311.90)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
BrianDrab
Emeritus
Good. Let's either remove Java 7 Update 55 or update to the latest version. It's very vulnerable. Information on this is below.
Keeping Java Updated
WARNING: Java is one of the most exploited programs at this time. The Department of Homeland Security recommends that computer users disable Java. You can read more about this here.
I would recommend that you completely uninstall Java unless you need it to run an important software. If you need it or are unsure or uncomfortable with removing it then I would recommend that you disable Java in your browsers until you need it and then enable it at that time. (See How to disable Java in your web browser and How to unplug Java from the browser). If you don't uninstall it, it's also important that you follow the directions below to update to the latest version of Java.
1. Go to this page to download the latest version of Java SE Runtime Environment JRE 8 Update 45.
2. When you click this link you will need to click the "Accept License Agreement" radio button and then click on the "Windows x86 Offline" installer link. You will notice that there is also a Windows x64 link option, however even if you are using a 64-bit operating system, it's very likely you aren't running a 64-bit browser and should only download the "Windows x86 Offline" installer. To determine if you are using a 64-bit browser you can follow these instructions. If you find that you ARE using a 64-bit browser then you can download the "Windows x64" one.
3. Once you click on the appropriate link, please download this to your Desktop like we have with all of our tools.
4. Close any programs you may have running - especially your web browser.
5. Now we need to uninstall all versions of Java that are currently on your machine before we install the newest version. Go to Add/Remove programs (instructions are here) and uninstall any item that appears in the list that has the following as part of the name: Java 7 Update 55
6. Reboot your computer once all Java components are removed.
7. Then from your desktop, right click on the file that was downloaded (jre-8u45-windows-i586.exe or jre-8u45-windows-x64.exe) and select Run as an Administrator to install the latest version. Accept all the defaults and you're good to go.
Note: Java has been notorious for installing foistware (software downloaded without the users knowledge). If you follow the instructions I provided no foistware will be installed but that doesn't mean it won't in the future. While performing the install of this software or any software for that matter, pay attention to each screen and ensure you uncheck any extra software that you don't want installed (i.e. Ask Toolbar, Chrome Browser, etc.).
Keeping Java Updated
WARNING: Java is one of the most exploited programs at this time. The Department of Homeland Security recommends that computer users disable Java. You can read more about this here.
I would recommend that you completely uninstall Java unless you need it to run an important software. If you need it or are unsure or uncomfortable with removing it then I would recommend that you disable Java in your browsers until you need it and then enable it at that time. (See How to disable Java in your web browser and How to unplug Java from the browser). If you don't uninstall it, it's also important that you follow the directions below to update to the latest version of Java.
1. Go to this page to download the latest version of Java SE Runtime Environment JRE 8 Update 45.
2. When you click this link you will need to click the "Accept License Agreement" radio button and then click on the "Windows x86 Offline" installer link. You will notice that there is also a Windows x64 link option, however even if you are using a 64-bit operating system, it's very likely you aren't running a 64-bit browser and should only download the "Windows x86 Offline" installer. To determine if you are using a 64-bit browser you can follow these instructions. If you find that you ARE using a 64-bit browser then you can download the "Windows x64" one.
3. Once you click on the appropriate link, please download this to your Desktop like we have with all of our tools.
4. Close any programs you may have running - especially your web browser.
5. Now we need to uninstall all versions of Java that are currently on your machine before we install the newest version. Go to Add/Remove programs (instructions are here) and uninstall any item that appears in the list that has the following as part of the name: Java 7 Update 55
6. Reboot your computer once all Java components are removed.
7. Then from your desktop, right click on the file that was downloaded (jre-8u45-windows-i586.exe or jre-8u45-windows-x64.exe) and select Run as an Administrator to install the latest version. Accept all the defaults and you're good to go.
Note: Java has been notorious for installing foistware (software downloaded without the users knowledge). If you follow the instructions I provided no foistware will be installed but that doesn't mean it won't in the future. While performing the install of this software or any software for that matter, pay attention to each screen and ensure you uncheck any extra software that you don't want installed (i.e. Ask Toolbar, Chrome Browser, etc.).
straykat711
Well-known member
- Apr 21, 2015
- 52
I have been trying to uninstall java, It will not install in control panel or revo, it is dissabled in chrome and I don't see it in firefox.
BrianDrab
Emeritus
Has Sysnative Forums helped you? Please consider donating to help us support the site!