Sign in to follow this  
evanrow1

Ran Pro Secuity full scan but adware remains

Recommended Posts

I only just purchase Pro Security 3 days ago so when I ran a full scan nothing was removed but a Yoda voice .exe file for my Garmin GPS. The issues I am having with these parasites hasn't gone away and I am extremely unhappy.

The offending adware has attached itself to Mozilla Firefox which is my default browser and won't let go.

 

I have run FRST and have attached the 2 files that are produced ie FRST.txt and Addition.txt for those in the know to view.

 

Can anyone help as I am extremely frustrated.... :~-(

Addition.txt

FRST.txt

Share this post


Link to post
Share on other sites

Hi evanrow1,

 

1. Please select to display all add-ons in Firefox.

Do you have an add-on called "Fox-It-S"?

If yes, please uninstall it and then restart Firefox.

Is the adware gone?

 

 

2. Please, move FRST from Downloads folder to the desktop.

Start Notepad program.

Copy all text that is in the box:

HKLM\...\Run: [] => [X]
FF Extension: Fox-It-S - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\racuqeas.default\Extensions\{9671622f-d0b6-4470-9048-493765aa73c6} [2014-11-30]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
S3 cleanhlp; C:\Users\user\Downloads\EmsisoftEmergencyKit\bin\cleanhlp64.sys [57024 2014-12-03] (Emsisoft GmbH)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
Task: {9FB8F36B-2506-4964-9ABF-DD54BCEF5615} - System32\Tasks\OEM8Server => C:\Windows\OEM8\OEM8.exe
Task: {E9C3E22C-0DBA-4EEE-9733-D17D578614AD} - System32\Tasks\OEM8 => C:\Windows\OEM8\OEM8.exe
AlternateDataStreams: C:\Users\user\Downloads\Firefox Setup Stub 34.0.5.exe:BDU
AlternateDataStreams: C:\Users\user\Downloads\FRST64.exe:BDU
and paste in Notepad. Check that no files have been split on two lines.

Save the file as fixlist.txt on the desktop.

 

Exit all programs.

Start FRST, please.

Click the Fix button.

Wait until the tool has finished.

 

It creates a log file, called Fixlog.txt, on the desktop.

Please, paste the content of that file in your answer.

 

 

3. There are left-overs of AVG in the computer, I suggest that you run AVG Remover:

http://www.avg.com/us-en/utilities

Share this post


Link to post
Share on other sites

No, to Q1

 

I had already uninstalled Firefox and I am using IE (no infection) because it was so frustrating.

I reinstalled Firefox tonight to see if "FOX-IT-S" was in the add-on but it wasn't. But infection still exists

 

Completed Q2.

 

Completed Q3

 

Fixlog.txt

Share this post


Link to post
Share on other sites

If you haven't restarted the computer since you ran FRST with the fix, please do that.

 

1. Please, scan with FRST and attach the new FRST.txt.

 

 

2. Please, save RougueKiller on the Desktop: http://www.adlice.com/softs/roguekiller/RogueKillerX64.exe

 

Turn off all running programs and remove any external drives and other devices connected with USB etc. except mouse and keyboard.

 

Start RougueKiller (in Vista and Windows 7 right-click the program and select "Run as administrator"). If it won't start, try several times. If you still are unsuccessful, rename the file to winlogon.exe.

 

Wait until "Prescan" has finished.

Click on "Scan" button in upper right corner.

Wait until the scan has finished.

 

A report with a name similar to RKreport.txt should have been created on the desktop.

Please, post it in your answer.

 

 

3. Please, scan with Ad-Aware and post the result.

 

 

4. To get a second opinion, please run an online scan with Eset (easiest with Internet Explorer): http://www.eset.com/onlinescan/

To shorten the scanning time disable your antivirus program while scanning.

 

Select Enable detection of potentially unwanted applications.

Click Advanced Settings.

 

Deselect Remove found threats.

 

Select:

Scan Archives

Scan for potentially unsafe applications

Enable Anti-Stealth Technology

 

Click Start.

 

When the scan is finished, click on List of found threats and then Export to text file. Copy the content of the text file and paste its content in your answer.

Share this post


Link to post
Share on other sites

Thanks, but I also need to see a new log from a scan with FRST and from RogueKiller.

Share this post


Link to post
Share on other sites

Thanks for the logs.

 

With a usual uninstallation of Firefox, its settings aren't removed and they will be used again after a new installation of Firefox.

 

1. There is a proxy settings in Firefox and it needs to be removed, as well as left-overs of Kingsoft and DriverGenius:

 

Please, start Notepad.

Copy all text that is in the box:

FF NetworkProxy: "type", 4
FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\racuqeas.default\extensions\{9671622f-d0b6-4470-9048-493765aa73c6} [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
FF Extension: No Name - {9671622f-d0b6-4470-9048-493765aa73c6} [Not Found]
2014-11-24 10:05 - 2014-11-26 16:25 - 00000000 ____D () C:\Windows\OEM8
2014-11-24 10:05 - 2014-11-24 10:06 - 00000000 ____D () C:\Users\user\AppData\Roaming\dg
2014-11-24 10:05 - 2014-11-24 10:05 - 00399632 _____ (MyDrivers.com) C:\Windows\system32\Drivers\DgSafe.sys
2014-11-24 10:05 - 2014-11-24 10:05 - 00000287 _____ () C:\oem8.log
2014-11-24 10:05 - 2014-11-24 10:05 - 00000000 ____D () C:\Users\user\AppData\Local\Kingsoft
2014-11-24 10:05 - 2014-11-24 10:05 - 00000000 ____D () C:\ProgramData\Kingsoft
and paste in Notepad. Check that no files have been split on two lines.

Save the file as fixlist.txt on the desktop.

 

Exit all programs.

Start FRST, please.

Click the Fix button.

Wait until the tool has finished.

 

It creates a log file, called Fixlog.txt, on the desktop.

Please, paste the content of that file in your reply.

 

 

2. Please, make a zip file (compressed folder) of the C:\FRST folder and upload it with your reply.

I'll tell Lavasoft download it to make it possible for them to improve Ad-Aware.

Share this post


Link to post
Share on other sites

Due to lack of feedback, this topic has been closed.

 

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

 

Thank You !

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this