Am I still infected???

[Merry]

TwinHeadedEagle, if you may advice me about those popouts and ads on IE. It seems that I have them now only there, after all what we have done my FF and Chrome both work very well for me. I've never use IE anyway, so should I just ignore it and do not open IE at all?

As to my Toshiba laptop, I would run there more scans and would not bother you with that for now, if I continue to have problems there, then I will beg you for more help. Now I have the feeling that my desktop is in much better shape than it was before. And I'm buying you a drink, only a small one for now, but we will still cheer later on

 

[TwinHeadedEagle]

Please, you're not bothering me. I would like to help you with Toshiba too.

About internet explorer please follow this to reset its settings --> http://support.microsoft.com/kb/923737

I would like you to run FRST on toshiba and to attach me both reports.

 

[Merry]

Hi TwinHeadedEagle again,
I fully reset IE as instructed. I have AdblockPlus there, and I still get these:

http://prntscr.com/3kzwxf
http://prntscr.com/3kzx7u

My GT site I am not even able to open on IE, but again, I do not have any alike problems any more on other browsers,
my FF is fast as a fire and my Chrome works super too.

As to Toshiba, please double check if you may, it seems to me that things are ok there now except Chrome, that I downloaded still from the corrupted Chrome profile. I am getting some redirects and many ads there though I have the adblocker there too. I will work on it totight, and will send you new file if needed after my fixes. Talk soon and thank you very much for everything.

 

[TwinHeadedEagle]

First, go to Control Panel and uninstall following (skip lines that cannot be uninstalled):
- Adobe Reader X MUI
- Genesis
- Software Version Updater


Latest versions of Adobe Reader available here --> http://get.adobe.com/uk/reader/
Make sure to uncheck optional offers.

***** NEXT *****​

Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Open FRST, and click Fix. Attach me that report after it is finished.

 

[Merry]

Hi, I am supper happy you have replied about this, for last night I haven't deleted my chrome, I though how great it would be to have all those bookmarks and passports, all my internet history from many years....
I've just done the FRST fix and attaching the file for you. My FF after that fix refused connection, but I took your lesson from yesterday, went to the proxy settings and adjusted them. On this computer it is the opposite, \i changed them to Auto Detect proxy and writing this message on FF. I will be here when you reply back


Something is blocking the file download for me, \i allowed popouts, disabled malwarebytes, still can't upload that file, so I am pasting it here for you:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-05-2014
Ran by Merry at 2014-05-21 12:35:25 Run:1
Running from C:\Users\Merry\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: C:\WINDOWS\Tasks\AmiUpdXp.job => C:\Users\Merry\AppData\Local\14328\a13829.exe <==== ATTENTION
C:\Users\Merry\AppData\Local\14328
() C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe
C:\Windows\Microsoft\SystemUpdatekb70007
() C:\Users\Merry\AppData\Local\Genesis\Genesis.exe
C:\Users\Merry\AppData\Local\Genesis
HKU\S-1-5-21-3303778234-70055652-2238830764-1001\...\Run: [ContentExplorer] => C:\Users\Merry\AppData\Roaming\ContentExplorer\ContentExplorer.exe [1063664 2014-05-18] (ContentExplorer)
HKU\S-1-5-21-3303778234-70055652-2238830764-1001\...\Run: [genesis] => c:\users\merry\appdata\local\genesis\genesis.exe [2981888 2014-05-18] ()
C:\Users\Merry\AppData\Roaming\ContentExplorer
ProxyEnable: Internet Explorer proxy is enabled.
FF NetworkProxy: "type", 1
R2 SystemUpdatekb70007; C:\WINDOWS\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe [18944 2014-05-08] ()
2014-05-18 20:39 - 2014-05-18 20:39 - 00003340 _____ () C:\WINDOWS\System32\Tasks\AmiUpdXp
2014-05-18 20:39 - 2014-05-18 20:39 - 00000000 ____D () C:\Users\Merry\AppData\Local\14328
2014-05-18 20:39 - 2014-05-18 20:39 - 00000000 ____D () C:\Program Files (x86)\MSR
2014-05-18 20:38 - 2014-05-18 20:39 - 00000000 ____D () C:\Users\Merry\AppData\Roaming\ContentExplorer
2014-05-18 20:38 - 2014-05-18 20:38 - 00159264 _____ () C:\Users\Merry\Downloads\KeygenV3__8197_il8784772.exe
2014-05-17 22:50 - 2014-05-18 17:28 - 00000000 ____D () C:\Program Files\suprasavings
2014-05-17 22:50 - 2014-05-18 17:26 - 00000000 ____D () C:\Program Files (x86)\SupraSavings
C:\Users\Merry\AppData\Local\Temp\d2mrkf3i.pdr.exe
C:\Users\Merry\AppData\Local\Temp\ktgk5jed.3ky.exe
cmd: ipconfig /flushdns
*****************

C:\WINDOWS\Tasks\AmiUpdXp.job not found.
"C:\Users\Merry\AppData\Local\14328" => File/Directory not found.
[1696] C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe => Process closed successfully.
C:\Windows\Microsoft\SystemUpdatekb70007 => Moved successfully.
C:\Users\Merry\AppData\Local\Genesis\Genesis.exe => No running process found
"C:\Users\Merry\AppData\Local\Genesis" => File/Directory not found.
HKU\S-1-5-21-3303778234-70055652-2238830764-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ContentExplorer => Value deleted successfully.
HKU\S-1-5-21-3303778234-70055652-2238830764-1001\Software\Microsoft\Windows\CurrentVersion\Run\\genesis => Value not found.
C:\Users\Merry\AppData\Roaming\ContentExplorer => Moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value deleted successfully.
Firefox Proxy settings were reset.
SystemUpdatekb70007 => Service deleted successfully.
"C:\WINDOWS\System32\Tasks\AmiUpdXp" => File/Directory not found.
"C:\Users\Merry\AppData\Local\14328" => File/Directory not found.

"C:\Program Files (x86)\MSR" directory move:

C:\Program Files (x86)\MSR\Privoxy\AUTHORS.txt => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\config.txt => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\default.action => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\default.filter => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\LICENSE.txt => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\match-all.action => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\mgwz.dll => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\privoxy.exe => Moved successfully.
Could not move "C:\Program Files (x86)\MSR\Privoxy\privoxy.log" => Scheduled to move on reboot.
C:\Program Files (x86)\MSR\Privoxy\privoxy_uninstall.exe => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\README.txt => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\trust.txt => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\user.action => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\user.action_empty => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\user.filter => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\user.filter_old => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\templates\cgi-style.css => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\templates\connect-failed => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\templates\mod-local-help => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\templates\mod-support-and-service => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\templates\mod-title => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\templates\mod-unstable-warning => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\templates\no-such-domain => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\templates\url-info-osd.xml => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\doc\p_doc.css => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\actions-file.html => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\appendix.html => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\config.html => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\configuration.html => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\contact.html => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\copyright.html => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\files-in-use.jpg => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\filter-file.html => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\index.html => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\installation.html => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\introduction.html => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\proxy2.jpg => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\proxy_setup.jpg => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\p_doc.css => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\quickstart.html => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\seealso.html => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\startup.html => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\templates.html => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\whatsnew.html => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\doc\images\files-in-use.jpg => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\doc\images\proxy_setup.jpg => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\doc\faq\configuration.html => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\doc\faq\contact.html => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\doc\faq\copyright.html => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\doc\faq\general.html => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\doc\faq\index.html => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\doc\faq\installation.html => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\doc\faq\misc.html => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\doc\faq\trouble.html => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\doc\developer-manual\coding.html => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\doc\developer-manual\cvs.html => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\doc\developer-manual\documentation.html => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\doc\developer-manual\index.html => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\doc\developer-manual\introduction.html => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\doc\developer-manual\newrelease.html => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\doc\developer-manual\testing.html => Moved successfully.
C:\Program Files (x86)\MSR\Privoxy\doc\developer-manual\webserver-update.html => Moved successfully.
C:\Program Files (x86)\MSR\backup\System Update kb70007\Installer.dll => Moved successfully.
C:\Program Files (x86)\MSR\backup\System Update kb70007\InstallerLibrary.dll => Moved successfully.
C:\Program Files (x86)\MSR\backup\System Update kb70007\InstallFirefoxExtension.dll => Moved successfully.
C:\Program Files (x86)\MSR\backup\System Update kb70007\InstallFirefoxExtension.InstallState => Moved successfully.
C:\Program Files (x86)\MSR\backup\System Update kb70007\Newtonsoft.Json.dll => Moved successfully.
C:\Program Files (x86)\MSR\backup\System Update kb70007\NewVersionUploader.exe => Moved successfully.
C:\Program Files (x86)\MSR\backup\System Update kb70007\NewVersionUploader.exe.config => Moved successfully.
C:\Program Files (x86)\MSR\backup\System Update kb70007\SQLite.Interop.dll => Moved successfully.
C:\Program Files (x86)\MSR\backup\System Update kb70007\System.Data.SQLite.dll => Moved successfully.
C:\Program Files (x86)\MSR\backup\System Update kb70007\win32.reg => Moved successfully.
C:\Program Files (x86)\MSR\backup\System Update kb70007\WindowsUpdater.exe => Moved successfully.
C:\Program Files (x86)\MSR\backup\System Update kb70007\WindowsUpdater.exe.config => Moved successfully.
C:\Program Files (x86)\MSR\backup\System Update kb70007\backup\InstallerLibrary.dll => Moved successfully.
C:\Program Files (x86)\MSR\backup\System Update kb70007\backup\uninstall.exe => Moved successfully.
Could not move "C:\Program Files (x86)\MSR" directory. => Scheduled to move on reboot.

"C:\Users\Merry\AppData\Roaming\ContentExplorer" => File/Directory not found.
C:\Users\Merry\Downloads\KeygenV3__8197_il8784772.exe => Moved successfully.
C:\Program Files\suprasavings => Moved successfully.
C:\Program Files (x86)\SupraSavings => Moved successfully.
"C:\Users\Merry\AppData\Local\Temp\d2mrkf3i.pdr.exe" => File/Directory not found.
C:\Users\Merry\AppData\Local\Temp\ktgk5jed.3ky.exe => Moved successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-05-21 12:37:04)<=

C:\Program Files (x86)\MSR\Privoxy\privoxy.log => Is moved successfully.
C:\Program Files (x86)\MSR => Moved successfully.

==== End of Fixlog ====

 

[TwinHeadedEagle]

Ok, tell me how is Toshiba now?

 

[Merry]

I have to do some browsing on my Chrome to know more, just a moment please

 

[TwinHeadedEagle]

Ok, try everything and let me know.

 

[Merry]

Whoops, on Chrome I have same thing as I had on FF, but I am not sure how to fix it on \chrome, you know, that proxy settings...

 

[Merry]

To make myself clearer, I have that message \unable to connect to a proxy server, and \i am in settings now, but kind of lost there...

 

[Merry]

Whooo hoooo I went to my comp settings and adjusted the proxy there, my Chrome is working now very well. If I may ask you, do you think I need HitmanPro or anything else installed here, if I have Norton and Malwarebytes? I will highly appreciate a short answer.

 

[TwinHeadedEagle]

Norton and Malwarebytes will be enough

Tell me overall situation on your both computers.

 

[Merry]

Thank you.

My overall situation is really good. I do not have any more issues on the new laptop, and on my desktop, I only have problems on IE. I still have ads there and I still can't open some sites, those ads are blocking the access: http://prntscr.com/3libka
But this is OK, I am not working on IE and nowhere else I have alike problems.

 

[TwinHeadedEagle]

Can you try to reset your router. Tell me if you have difficulties.

 

[Merry]

Thank you, I will do this later on. Now on my desktop I am running the SuperAntiSpywareProfesional scan, and it gave me a message about 2 unwanted browser extensions, I marked to delete them and now the scan already found 14 tracking cookies, maybe deleting those hidden extensions would help with my IE. I will get back to you, I am very very happy with this forum and really grateful for your help and support.

 

[TwinHeadedEagle]

There is practicly no possibility that cookie could cause this problem, but you can delete them. Can I see what extensions are marked...

 

[Merry]

Hey, I have some good and funny news. I uploaded my brand new Norton 360 Premier ( just purchased the licence for 3 computers ) so with the Norton running in the background, I was braver and clicked on that Download Flash Player link. I was surprised to see that that link truly was from Adobe, Norton told me it is a safe site! I downloaded it and do not get on youtube or goldentown any more download flash player ads. Everything opens up nicely there and I do not have the smallest problems anymore on any of my browsers. I am a super happy camper and all cause I found this forum. I very well realize that without your help, the Norton itself would not be able to clear all that mess I had...

With your help I deleted everything bad, but cause of that player ad, we both thought that something is still wrong there, and all was fine, I was simply missing adobe flash player I know that other sites pretend to be Adobe to lure to their nasty downloads, that link which I tried to get rid of for such a long time, was for a change a legitimate one. Likely, when I learned I got the virus and started deleting everything what I thought could cause it, I deleted Adobe Flash Player

So just like they are saying, I got silver lining behind my cloudy computer problems. I got a new laptop, new anti virus software, knew knowledge and experience and above all, I got to be a member of this forum. Again, thank you very much for all your help and see you around, I am not leaving to come back one day with new problems, I am staying around

 

[TwinHeadedEagle]

Very good

Now we can remove used tools and do some post-cleanup:



• The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;

Remove disinfection tools

Create registry backup

Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.