Virus and / or hacker?

November 2, 2014 at 16:22:54
Specs: Windows 7
Can an email virus discretionarily delete emails? I.e. I had many (thousands) emails deleted from my aol email account server. Only approximately half of my new emails were deleted out of my inbox, and separately out of my sent mailbox. Thus, whatever or whomever choose which exact emails that it wanted to delete. I need to determine if it was a virus and/or a hacker and/or something else. Any help given would be GREATLY appreciated.

See More: Virus and / or hacker?

Report •

#1
November 2, 2014 at 16:31:34
We will need to check with quite a few tools.

What time zone are you in?

I'm here.
http://www.timeanddate.com/worldclo...

message edited by Johnw


Report •

#2
November 2, 2014 at 16:44:37
Eastern Standard Time Zone.

Thank you for your offer to help.

message edited by YaakovYosef51


Report •

#3
November 2, 2014 at 16:48:24
Is that Australia or elseware?

Report •

Related Solutions

#4
November 2, 2014 at 16:55:54
I live in the eastern seaboard of the USA which includes Florida, DC, New York, etc

Report •

#5
November 2, 2014 at 17:02:22
Ok, as I have a few commitments, this will be the best tool to start with.
It will probably be AM your time, when we communicate again.

Step 1: Run ESET Online Scanner, Copy and Paste the contents of the log in your reply please. This scan may take a very long while, so please be patient. Maybe start it before going to work or bed.
http://www.eset.com/us/online-scann...
http://www.eset.com/home/products/o...
You may have to download ESET from a good computer, put it on a flash/thumb/pen drive & run it from there, if your comp is unbootable, or won't let you download.
Create a ESET SysRescue CD or USB drive
http://kb.eset.com/esetkb/index?pag...
How do I use my ESET SysRescue CD or USB flash drive to scan and clean my system?
http://kb.eset.com/esetkb/index?pag...
Configure ESET this way & disable your AV.
http://i.imgur.com/3U7YC.gif
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Which web browsers are compatible with ESET Online Scanner?
http://www.nod32.fi/eset-online-sca...
http://kb.eset.com/esetkb/index?pag...
Online Scanner not working
http://kb.eset.com/esetkb/index?pag...
Why Would I Ever Need an Online Virus Scanner? I already have an antivirus program installed, isn't that enough?
http://www.squidoo.com/the-best-fre...
Once onto a machine, malware can disable antivirus programs, prevent antimalware programs from downloading updates, or prevent a user from running antivirus scans or installing new antivirus software or malware removal tools. At this point even though you are aware the computer is infected, removal is very difficult.
5: Why does the ESET Online Scanner run slowly on my computer?
If you have other antivirus, antispyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and hinder performance. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished.
17: How can I view the log file from ESET Online Scanner?
http://kb.eset.com/esetkb/index?pag...
http://www.eset.com/home/products/o...
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking on it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start ? Run dialog box from the Start Menu on the Desktop.
If no threats are found, you will simply see an information window that no threats were found.
http://www.trishtech.com/security/s...



Report •

#6
November 2, 2014 at 17:51:23
I will do as you say on the ESET.

message edited by YaakovYosef51


Report •

#7
November 3, 2014 at 01:54:45

" However, how will it be able to determine if a virus went into my email account on the AOL server and deleted the emails?"
No idea until I see some logs.

Report •

#8
November 4, 2014 at 11:19:19
After fighting through many crashes and freezes

message edited by YaakovYosef51


Report •

#9
November 4, 2014 at 11:20:01
the log

message edited by YaakovYosef51


Report •

#10
November 4, 2014 at 11:28:41
C:\Windows\Installer\48eae

message edited by YaakovYosef51


Report •

#11
November 4, 2014 at 11:40:19
I also performed a EEST SysInspector analysis. If you want to see it, please let me know how you want me to get it to you as it is a .zip file.

Thank you again,

Joshua


Report •

#12
November 4, 2014 at 13:00:09
Before we do anything else Joshua, did you password protect your system?

If you did, do you know how to unlock it?

If you do, run ESET again.

If you don't know how to unlock, run ESET in Safe mode.

message edited by Johnw


Report •

#13
November 4, 2014 at 21:58:39
I did as you suggested and have a report ready to send to you. Can I send it you other than posting it? thx,

Report •

#14
November 4, 2014 at 23:16:41
"other than posting it?"
Yep, no problem.

No account needed. Give us the link please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif


Report •

#15
November 5, 2014 at 01:09:41
I used my hightail account. Please let me know if there is any problem.

https://www.hightail.com/download/U...

Thank you again.


Report •

#16
November 5, 2014 at 02:12:34
"I also performed a EEST SysInspector analysis. If you want to see it, please let me know how you want me to get it to you as it is a .zip file"
Yes please.

"Please let me know if there is any problem"
Got it, the log is very unusual.

Run herdProtect Anti-Malware Scanner & let me see the log please.
http://www.softpedia.com/get/Antivi...
http://www.herdprotect.com/
http://www.herdprotect.com/download...
http://www.herdprotect.com/installe...


Report •

#17
November 5, 2014 at 02:37:23
Thank you so much for your time and help.

You can download it here:
https://www.hightail.com/download/U...

I look forward to your response.


Report •

#18
November 5, 2014 at 02:43:12
"You can download it here:
https://www.hightail.com/download/U...

I look forward to your response"
I already have that log.


Report •

#19
November 5, 2014 at 03:52:36
Have I been keylogged and/or anything else?

I am working on the other scan you asked me to do.


Report •

#20
November 5, 2014 at 04:17:51
The herdprotect log can be downloaded at: https://www.hightail.com/download/U...

Once again, I deeply aprpreciate you time and help.


Report •

#21
November 5, 2014 at 06:43:21
"Have I been keylogged and/or anything else?"
Still trying to work that out.

Run both of these, in this order.

Step 1: Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.raymond.cc/blog/adwclean...
http://www.bleepingcomputer.com/dow...
Author's site
http://general-changelog-team.fr/en...
Tutorial
http://general-changelog-team.fr/en...
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Clean.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please Copy & Paste the contents of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 2: Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved onto your Desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.


Report •

#22
November 5, 2014 at 06:44:16
Going to bed now.

I'm here.

http://www.timeanddate.com/worldclo...


Report •

#23
November 5, 2014 at 07:01:34
Thank you so much. However, my ex got caught key logging me on a different hard drive as well as having my email accounts. cleanup arrested over the summer and is headed for indictment. Thus, if there is any similar type of issues with this hard drive, it needs to be given to the police as it is evidence.

Therefore, please let me know if it has been comprimised before I perform any cleanup.

Thank you again so much for your help.

Sincerely,

Joshua


Report •

#24
November 5, 2014 at 13:04:53
"Before we do anything else Joshua, did you password protect your system?"
You didn't answer this question.

The logs so far are not revealing what is going on, which is very unusual.

" please let me know if it has been comprimised"
Err on the side of caution & assume you have.

"before I perform any cleanup"
If you mean, reinstall the operating system, make sure you delete all partitions.

W7 - Click on > Drive options (advanced) Then highlight each partition & hit > Delete.
http://www.blackviper.com/os-instal...
http://www.blackviper.com/os-instal...


Report •

#25
November 5, 2014 at 14:53:43
There was on the herd analysis as I put it back after I did the hughtail. will rerun the tests and send it to you in case there was a problem

Report •

#26
November 5, 2014 at 17:40:35
I did as you asked and reran the scan. You can access it at: https://www.hightail.com/download/U...

I look forward to your response.

Thank you again,

YY


Report •

#27
November 6, 2014 at 11:12:09
Any luck?

Thank you again.


Report •

#28
November 6, 2014 at 14:12:06
"Any luck?"

I am still waiting on you to answer my post #21

Also this is the third time I have asked > did you password protect your system?


Report •

#29
November 6, 2014 at 19:02:27
Any luck with what?

No I did not password protect the system.


Report •

#30
November 9, 2014 at 00:27:52
Any luck with what?

No I did not password protect the system.


Report •

#31
November 11, 2014 at 17:07:43
I was finally able to make a clone of my hard drive so I can do what you wanted without corrupting a potential crime scene. The results of the adware and urt junkware are as follows:

1. Adware is: https://www.hightail.com/download/U...

2. URT Junkware is: https://www.hightail.com/download/U...

Once again, thank you so much for your help and I look forward to finding out what was in my computer.


Report •

#32
November 11, 2014 at 19:41:08
" The results of the adware and urt junkware are as follows:"
Click on those links & see what you have sent me. Now reread my instructions.

Report •

#33
November 11, 2014 at 20:28:02
I just realized that I gave you the wrong links. The correct ones are as follows:

1. ADWARE: https://www.hightail.com/download/U...

2. JRT: https://www.hightail.com/download/U...


Report •

#34
November 11, 2014 at 21:39:58
"aol email account"
Nothing super serious, so far Joshua.

Run RogueKiller
http://www.softpedia.com/get/Securi...
http://majorgeeks.com/RogueKiller_d...
http://www.geekstogo.com/forum/file...
http://tigzy.geekstogo.com/roguekil...
http://www.sur-la-toile.com/RogueKi...
User Guide
http://www.adlice.com/softwares/rog...
Official tutorial
http://www.adlice.com/softwares/rog...
If RogueKiller won't run, open IE & turn off SmartScreen Filter.
http://windows.microsoft.com/en-AU/...
Download & SAVE to your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Quit all programs that you may have started.
Shutdown your antivirus to avoid any conflicts.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7/8, right-click and select "Run as Administrator to start"

For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
Click on "Delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and Copy & Paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop.
Exit/Close RogueKiller.
When completed make sure to re-enable your antivirus.


Report •

#35
November 11, 2014 at 22:26:28
I will do as you suggest above. Is it something in my AOL email? It is very important for me to know if it so.

Thank you again,

Joshua


Report •

#36
November 12, 2014 at 01:30:03
The RogueKiller report link is: https://www.hightail.com/download/U...

I look forward to your feedback. Please also answer my question on the AOL email infection.

Thank you again, Joshua


Report •

#37
November 12, 2014 at 01:42:03
"Is it something in my AOL email?"
If it is, it is well hidden, as one would expect.
has my aol account been hacked
http://is.gd/gHthr6

Download ComboFix onto your Desktop & then run. If your default download location is not the Desktop, drag it out of it's location onto the Desktop. Copy & Paste the contents of the log in your next post please. ComboFix's log should be located at C:\COMBOFIX.TXT.
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.forospyware.com/sUBs/Com...
A guide and tutorial on using ComboFix
http://www.bleepingcomputer.com/com...
http://www.winhelp.us/index.php/gen...
Manually restoring the Internet connection
http://www.bleepingcomputer.com/com...
There are circumstances ComboFix will hang, crash or stall at various stages due to malware interference, failure to disable other real-time protection tools or the presence of CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. Also, depending on how badly a system is infected, ComboFix may take longer to complete its routine than it normally does or fail to run properly. While that is not normal behavior, it is not unusual"
If you think it's frozen, look at the computer clock.
If it's running, Combofix is still working.
NOTE: Do not mouseclick combofix's window while it is running. That may cause it to stall.
NOTE: ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
**Please Note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
http://www.experts-exchange.com/Vir...
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Once these two steps have been completed, double-click on the ComboFix icon found on your Desktop.
Please Note: Once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.


Report •

#38
November 12, 2014 at 01:59:23
I will run it now. Thank you again. Out of curiosity, what is inn the report that necessitates running ComboFix?
Could I still have a key log program somewhere in my computer?
Thank you again.
Joshua

Report •

#39
November 12, 2014 at 02:08:50
"Out of curiosity, what is inn the report that necessitates running ComboFix?"
Nothing, that is why I am being thorough.

"Could I still have a key log program somewhere in my computer?"
I have not seen any yet, but it is early days.

message edited by Johnw


Report •

#40
November 12, 2014 at 04:04:26
The combofix scan results can be found at: https://www.hightail.com/download/U...

Once again, I look foward to your feedback.

Sincerely,

Mic D.


Report •

#41
November 12, 2014 at 04:58:36
"No I did not password protect the system"
Double check you havn't turned BitLocker on, leave it on if it already is.
If it hasn't been turned on, leave it off.

How to Use BitLocker to Encrypt Your Hard Drive
http://www.pcworld.com/article/2426...
http://www.pcworld.com/article/2426...
http://www.pcworld.com/article/2426...
http://www.pcworld.com/article/2426...


Report •

#42
November 12, 2014 at 05:10:38
It is turned off. Now what?

Report •

#43
November 12, 2014 at 05:11:28
Please download Rkill from any one of these links and save it to your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop. Copy & Paste the contents of the log in your reply.
http://www.bleepingcomputer.com/dow...
Double click on Rkill to run it. If the first one doesn't work try the next one.
This will help remove certain processes and should restore any file associations and your desktop. Note: Your system is still infected as Rkill does not delete files - it merely helps to temporarily disable the infections, allowing us to start the cleansing process.
Do NOT reboot your machine. Each time you reboot, Rkill is disabled and you would have to run it again in order for it to be effective.

Update & Run Malwarebytes' Anti-Malware ( MBAM ) Free Version. Use Quick scan ( now called Threat Scan )
Malwarebytes' Anti-Malware
http://www.softpedia.com/get/Antivi...
http://www.malwarebytes.org/free/
Make sure you uncheck > Enable free trial < at the END of the install.
http://i.imgur.com/tUFCbYz.gif
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box to Scan for rootkits.
http://i.imgur.com/dZgt1g2.gif
Copy and Paste the contents of the log, in your reply please.

If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
If your MBAM log indicates "No action taken". That's usually a result of NOT clicking the Apply Actions button after the scan. In most cases, a restart will be required.
http://i.imgur.com/U9IqcVj.gif
http://i.imgur.com/zHMG6J9.gif
Or,
http://i.imgur.com/eLcvyZD.gif


Report •

#44
November 12, 2014 at 23:54:05
The results of the MBAM scan can be found at this link: https://www.hightail.com/download/U...

Thank you again and I look forward to your response.

Sincerely,

Mic DD


Report •

#45
November 13, 2014 at 00:05:46
Run TFC
http://www.geekstogo.com/forum/file...
http://www.bleepingcomputer.com/dow...
http://oldtimer.geekstogo.com/TFC.exe
http://www.itxassociates.com/OT-Too...
Download it onto your Desktop If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Double-click TFC.exe to run it. Note: If you are running on Vista/Windows 7/8, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt).


Report •

#46
November 13, 2014 at 00:53:50
Thank you again. Have you seen anything that might remotely be similar to a keylog program and/or a virus that could have deleted my emails off of the AOL server?

Sincerely,

Joshua


Report •

#47
November 13, 2014 at 02:37:33
Addition txt can be found at: https://www.hightail.com/download/U...

FRST can be found at:
https://www.hightail.com/download/U...

Thank you again, Joshua


Report •

#48
November 13, 2014 at 02:41:35
Will now go through the Farbar logs, it takes at least 2 hours.

In the meantime Update & run ESET again. Follow my previous instructions, we did not get the correct result last time. Post the log please.


Report •

#49
November 13, 2014 at 03:37:14
Please remember, that to avoid tampering with a potential crime scene, I am using a ghost hard drive than the one that was initially infected. Thus, if there are any physical issues with the hard drive, then you need not waste time trying to fix it as I will use a different one. Once again, I have no idea who you are or why you are helping me, but I want to express my most sincere appreciation.

Sincerely,

Joshua


Report •

#50
November 13, 2014 at 03:41:51
"physical issues with the hard drive"
Not physical, just need a new ESET log.

"I have no idea who you are or why you are helping me"
My hobby is fixing computers, alongside me, I have 2 comps I am getting ready for community use.


Report •

#51
November 13, 2014 at 04:19:23
The report is long so I am sending it in two parts. The following file is the first 99% that was checked - I am going to bed now and will send the rest of it when I wake up. I am not sure what is happening, but look forward to my new good friend to tell me. Thank you again. Joshua

https://www.hightail.com/download/U...

message edited by YaakovYosef51


Report •

#52
November 13, 2014 at 04:30:11
"Partial reading of Boot sector of disk C"

Double, double check your instructions, I have seen hundreds of ESET logs, never one like that.


Report •

#53
November 13, 2014 at 09:13:53
I did, but will again.

Report •

#54
November 13, 2014 at 13:45:42
I ran ESET overnight, the log is exactly where it should be.

http://i.imgur.com/7cYTaCW.gif

As a side note, keep ESET as part of your toolbox.


Report •

#55
November 13, 2014 at 14:56:43
Please review this EEST scan: https://www.hightail.com/download/U...

Report •

#56
November 13, 2014 at 15:11:38
Ok ESET say's > Number of threats found: 0

But it also say's a lot of files are password protected/archive damaged.
I hope you have gone through those, you are the only one who knows if they are important.

Lets move on.

Copy & Paste the text below ( starting closeprocesses: ), save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

closeprocesses:
emptytemp:
AlternateDataStreams: C:\ProgramData\TEMP:612B5BD9
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-294162858-1168591993-3618529560-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKCU - DefaultScope {944F349F-FDC7-4104-8A90-25A662C75EC8} URL = https://search.yahoo.com/search?fr=...
SearchScopes: HKCU - {6B13E7BD-0B4A-4F27-A7A4-72F59B742113} URL = https://www.google.com/search?q={se...
SearchScopes: HKCU - {944F349F-FDC7-4104-8A90-25A662C75EC8} URL = https://search.yahoo.com/search?fr=...
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 DFUBTUSB; System32\Drivers\frmupgr.sys [X]
CustomCLSID: HKU\S-1-5-21-294162858-1168591993-3618529560-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Joshua\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HomePage: Default -> hxxp://www.google.com/

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.


Report •

#57
November 13, 2014 at 17:51:44
Wow. Will do. What kind of stuff needs fixin?
Thank you again.

Report •

#58
November 13, 2014 at 21:30:02
The log can be found at:
https://www.hightail.com/download/U...

thank you again, Joshua


Report •

#59
November 13, 2014 at 21:35:33
Run Tweaking.com - Windows Repair

Disable your antivirus program before running Windows Repair.

Start at Step 1 ( Skip Step 2 ) & when you get to the final step, check/tick all the boxes. Reboot when finished.

http://www.softpedia.com/get/Tweak/...
http://www.tweaking.com/
http://www.tweaking.com/content/pag...

Copy and Paste the contents of the following log in your reply:
C:\Program Files\Tweaking.com\Windows Repair (All in One)\Tweaking.com_Windows_Repair_Logs\_Windows_Repair_Log.txt


Report •

#60
November 16, 2014 at 04:31:17
Download & run Unhide
http://www.bleepingcomputer.com/for...
http://download.bleepingcomputer.co...
To run Unhide, simply download it onto your DesktopIf your default download location is not the Desktop, drag it out of it's location onto the Desktopand then double-click on the Unhide icon. The program will open a black box and start making the files on your fixed disks visible again. Please note, that this program will not unhide removable drives like flash cards and usb drives as the FakeHDD rogues do not target these types of drives. Once it has finished, the program will display a Windows alert stating that your files have been restored. You should then reboot your computer for all of the settings to go into effect.
When Unhide is complete, it will create a logfile on the Windows Desktop called Unhide.txt.
Copy & Paste the contents of the log in your next post please. Let me know if it doesn't produce a log.

Lets see if we can extract any more info ater running Tweaking.com & Unhide.

Run ESET again & upload the complete ( unaltered ) log please.


Report •

#61
November 17, 2014 at 22:57:49
I am just reading the above email now as I was not available the last few days. Is there anything similar for my Galaxy Note 3 smartphone?

Thx again,

Joshua


Report •

#62
November 17, 2014 at 23:14:14
" Is there anything similar for my Galaxy Note 3 smartphone?"
Sorry, don't know Joshua.

Report •

#63
November 18, 2014 at 03:19:29
On. Thx. I will follow up with you after I do what you asked above. Joshua

Report •

#64
November 20, 2014 at 03:04:26
We are nearly finished Joshua, are you still with me?

Report •

#65
November 20, 2014 at 04:28:47
Yes. I haven't finished yet, but will hopefully today. Thank you again, Joshua

Report •

#66
November 21, 2014 at 13:16:15
I have the tweaking log files in the following dropbox folder:

https://www.dropbox.com/sh/mmj61zg1...

Thank you again, JS


Report •

#67
November 21, 2014 at 16:27:41
Waiting on the new ESET scan result.

After that, run DelFix
https://toolslib.net/downloads/view...
DelFix is designed to delete all removal tools used during a disinfection.
Indeed, these tools are often updated. It's recommended not to have and use outdated versions on computer.
It's compatible with Windows XP, Vista, 7, 8 in 32 & 64 bits.
Run the tool by right click on the DelFix icon and Run as administrator option.
Make sure that these ones are checked:
Remove disinfection tools
Purge system restore
Reset system settings
Click Run and wait until the tool completes his work.
All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)

message edited by Johnw


Report •

#68
November 22, 2014 at 15:50:18
Unhide log info: https://www.hightail.com/download/U...

will run eeset next


Report •

#69
November 22, 2014 at 16:44:45
eest log info: https://www.hightail.com/download/U...

Report •

#70
November 22, 2014 at 16:49:05
delfix report: https://www.hightail.com/download/U...

Report •

#71
November 22, 2014 at 17:13:43
Now to finsih off.

As you can see from your logs, you had stuff installed, that you do not know, how it had been installed.
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom install. No more click, click during an install, you have to read after each click.

I use Softpedia, down the bottom of the page, they make you aware what Ad-supported programs the author of the program has included.
Sample pages
http://www.softpedia.com/get/CD-DVD...
First and foremost, extra attention needs to be paid during installation as ImgBurn offers to create desktop shortcuts to third-party apps, as well as install a browser toolbar onto the host computer, which are not required to ensure the smooth running of the app.
SS of above.
http://i.imgur.com/jgGYNsP.gif
This is what ImgBurn tries to install.
http://i.imgur.com/ms4DzE9.gif
http://i.imgur.com/vVkd39a.gif
http://i.imgur.com/rqFVaHs.gif
http://i.imgur.com/sm1T7h6.gif
http://i.imgur.com/vhkKLYo.gif

Use Unchecky to help prevent these third party installs. Nothing is perfect, the badies are always ahead of the goodies, so be vigilant.
http://www.softpedia.com/get/System...
http://unchecky.com/
A reliable application that aims to protect your computer against third-party components often offered during software installations.


Report •

#72
November 22, 2014 at 17:15:18
" Have you seen anything that might remotely be similar to a keylog program and/or a virus that could have deleted my emails off of the AOL server?"
No, your computer is now clean.
The whole goal of why I have done so much work for you, was to find a keylog program and/or a virus, if I had found anything, I would have told you.

In your ESET log, you have a number of archive damaged files, you may as well delete those.

The next place anyone could access your comp, is through your modem/router, if you don't have a strong password.
Change the Default Password on a Network Router ( 5 pages )
http://compnetworking.about.com/od/...

It is now between you & AOL. Did you do your research as per my post #37?


Report •

Ask Question