Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible Malware/Virus Infections


  • Please log in to reply

#16
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Some antivirus programs do list Malwarebytes as a competing program.

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


Open AdwCleaner, and click the Uninstall button to have it remove itself.

----------

Disable your antivirus program and click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file to run the scanner.

If you accept the Terms of Use, check the box and click Start. It will take a couple minutes for the scanner to get ready. When the Computer scan settings display shows, check the following boxes:

Remove found threats
Scan unwanted applications


Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives).

Then click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

Click Start. This scan may take a while, so please be patient.

If infection is found, at the end of the scan click "List of found threats".

In that display, at the bottom, select the option to save the results as a text file, and save that to your desktop. Post that back here please.

Post that log and the AdwCleaner log please.
  • 0

Advertisements


#17
Navy Seal

Navy Seal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
I ran both the scans. The second scan said it found no threats and did not give me an option to save a log file.

AdwCleaner Log

# AdwCleaner v2.301 - Logfile created 05/23/2013 at 23:01:25
# Updated 16/05/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : HP_Administrator - YOUR-55E5F9E3D2
# Boot Mode : Normal
# Running from : C:\Documents and Settings\HP_Administrator\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\sninvaev.default\searchplugins\Askcom.xml
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask

***** [Registry] *****

Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF0118D4-63FF-4138-9327-F3028FB1A578}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF0118D4-63FF-4138-9327-F3028FB1A578}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\sninvaev.default\prefs.js

Deleted : user_pref("browser.search.order.1", "Ask.com");

*************************

AdwCleaner[S1].txt - [2709 octets] - [23/05/2013 23:01:25]

########## EOF - C:\AdwCleaner[S1].txt - [2769 octets] ##########
  • 0

#18
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Looking clean right now. What problems still exist we need to address please?
  • 0

#19
Navy Seal

Navy Seal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
Great to hear! I'm still having issues with my Outlook Express e-mail. I remember you saying earlier in our conversation asking if I used Outlook or something pertaining to it. When I go to send e-mails, they just sit in my outbox and don't actually send. I'm not sure if this is/was a malware or spyware issue, and if you would be able to help diagnose the problem through a program?
  • 0

#20
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
That error I mentioned earlier seems to be related to security software.

Go here and download the Norton Removal Tool that is appropriate for your version. Then close all open windows and disable all protective software, and click the downloaded file to completely remove Norton from your system. If the removal does not cause a reboot, reboot after the tool has completed the removal. Be sure to save all registration keys before running the tool if you plan to reinstall Norton later.

If you do not recall the version that is okay - the same tool is used for most versions. The exception is Norton 360, which requires you run a BUdump.exe tool first.

After the reboot, try Outlook again (before you install any security software.
  • 0

#21
Navy Seal

Navy Seal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
I actually found the solution to the problem..my sent box was completely full so it wouldn't let anything else send through. So I got that all figured out.

I think you may have forgotten to attach the link for the removal tool though? I do in fact have the Norton 360 version. Since Outlook Express is working fine now, is it necessary to uninstall Norton? I only ask this because of the error you mentioned before. Could you maybe explain that a little more in depth.

Other than that, you said my system was clean of all infections correct?
  • 0

#22
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Sorry about the link. But yes, the system shows as clean, and no reason to uninstall Norton if things are working right. Post back on that, before we just do some final steps to finish up here.
  • 0

#23
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Link, in case anyone else arrives here in a web search and needs the uninstaller for Norton:

https://www-secure.s...n=1&lg=en&ct=us
  • 0

#24
Navy Seal

Navy Seal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
Yep everything seems to be running pretty good! Nothing has popped up recently, but is there a way to see if that outlook error you were talking about is gone? Maybe in the finishing up steps you discussed haha
  • 0

#25
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Unless you can reproduce the error, other than it would seem resolved at this point, I can't really see a way to check it. You can always post back here in the forum if it isn't resolved.
  • 0

Advertisements


#26
Navy Seal

Navy Seal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
Sounds good! Ready for the final steps when you are.
  • 0

#27
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Just some final steps then.


Go to Start – Settings – Control Panel. Click on Add/Remove Programs. If any of the following programs are listed there, click on the program to highlight it, and click on Remove. Then close the Control Panel.

J2SE Runtime Environment 5.0 - Outdated/vulnerable.

------------

The logs show you have a slightly outdated version of Adobe Reader and Flash Player, so go here and install the latest version:

http://www.adobe.com/downloads/
(For Adobe Reader and Flash Player - uncheck the useless McAfee scan, if offered)

-----------

Go to Start > Run and type:

cmd.exe

and OK. At the prompt type or copy/paste each of the following, pressing Enter after each:

cd "%userprofile%\desktop"

combofix /uninstall


ComboFix should uninstall itself at this time.

--------

You can also at this time delete the files/folders of the tools we used. To assist with some of that, run OTL again. This will help by automatically removing some of the tools we used.

Just click CleanUp, and select Yes. When it finishes removing some of the tools and files we used there just agree to the reboot.

-------

In addition, I like to recommend reviewing the following information to make sure you stay malware free.

http://www.geekstogo...he-first-place/

http://www.geekstogo...safe-computing/
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP