Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

only 3.5 GB out of 681GB free on my hard drive [Solved]


  • This topic is locked This topic is locked

#211
1324

1324

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
23red,
Yes, Duckduckgo is preferred.

Malwarebytes log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.21.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Rich :: RICH-HP [administrator]

2/25/2014 5:42:06 AM
mbam-log-2014-02-25 (05-42-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210314
Time elapsed: 3 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

So how do we look? Good?
is this possible?
Thanks for your patients,
Rich
  • 0

Advertisements


#212
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts
Hi Rich :D

So how do we look? Good?
is this possible?


Yes, looks great! Except for the uninstall that would not go, I cannot let you go without getting rid of that savingsbullfilter entry best I can. So we have to do that, other than that ~ Excellent! :happy:

Thanks for your patients,


You are very welcome, Rich :D Great job! Excellent work :thumbsup: I trust you've learned some things, yes? I as well :D

Ok, last fix I swear Rich ~ let's get out that SavingsBullFilter that would not uninstall:

Please right click on Posted Image on your Desktop and select Run as Administrator, accept UAC prompts.

Under Posted Image
in the textbox at the bottom, please paste in the following text:

:Commands
[CREATERESTOREPOINT]
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]/64
"{813BA625-B0FA-48D8-9B75-59759C88C219}"=-





• Push the Posted Image button.
• OTL may ask to reboot the machine. Please do so if asked.

I do not need to see the log unless it says it was not removed.

As long as it removed, please continue on:

Let's clean up the tools, your logs look clean :thumbsup:

  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore

    Posted Image
  • Click Run

The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

I did not forget Rich, you had asked earlier:

How do I know which is the legit Open office and not some rogue site?


This last infection all started due to your innocent attept to download OpenOffice. Not uncommon, it happens to many folks! As seen in this post not only with OpenOffice.

Using OpenOffice as an example, it was explained previously to go to the source. I want to show you exactly what is meant by that and how to know the difference:

Using Google, and searching "Open Office" we find:
http://www.downloada...CFZNsfgodlywACQ <~ That link which already says it's adding funmoods toolbar which will change your browser settings. And that's what it tells you comes with the download. Upon checking their Privacy Policy Which you can see only in the set up window in teeny tiny letters and nobody reads anyway but should, one finds:

We supply free entertainment and utility software including video playing software, password managers, file zipping software and games. Our Products include Toolbars. Our Toolbars add search functionality to your browser. They also allow one click access to news and our offers. (We refer to our software and Products throughout this agreement as our “Services”).

We offer our Services to you in exchange for your agreement to view promotions, advertisements, or participate in other offers. We also offer you the opportunity to download third-party software.



yay! :no: You're not going to want it. It will bork your computer. Nothing will be as it was.

And further down we find under:

Some Terms We Use in This Policy

Offers include e-mail, promotions, advertisements contests and third-party software presented by our Partners and us.

Personally Identifiable Information (PII) is any information that identifies or could be used to identify, contact or locate you. It also includes your credit card number.


and still further we find:

Installation
During installation, we will present you with Offers. You may choose not to accept our Offers. Your participation is voluntary, you are not required to disclose to our Partners any information they request. However, if you provide your Personally Identifiable Information in response to any Offer, we will share it with our Partners so they can provide you with the Offers in which you have expressed interest.


Well, atleast they tell you they're going to share your PII....or your credit card number with their partners. No telling what else. Not likely you're going to use your credit card in this instance but they've already said they'll look for it and save your PII for you and pass it along!! ..think it's safe with them? No. :no:

And this is just what they SAY is there, the Board is full of what they do not say is there.

Now: https://www.openoffi...load/index.html <~ this link is good. All it says is Open Office. It's https which means it's a secure page
So this one is one clean place where you could go to download the program. Actually, it is the best one. The Source. The least confusing as well.

http://www.filehippo...oad_openoffice/ also has it. Filehippo is a decent place to find clean downloads also. Be aware: you must read carefully even in places like this as there are usually many download buttons. Make sure you get the right one! In this case it's the one at the very top of the page. You will get a download without extra junk.

Of the choices presented, you can see the second one ~ the one that actually says openoffice.org is the best choice of the 3. Once you download it and it's sitting on your desktop, right click on the downloaded program on your Desktop and run Malwarebytes on it. Or have Norton scan it. or both!


Hope that helps you understand better how to find cleaner downloads and what to look for in a clean download and what may be lurking in a not clean download ;)

To that end, and just in case, because websites ~ even basic program updates like Adobe have Add Ons you're not there to get, I have a tool that will help. It's called Unchecky. The link is ~> here <~ It will automatically uncheck boxes in download windows. That is not to say you don't have to pay attention any more, it just gives you an edge ~ a start of not checked boxes (in most cases so you do not automatically get junk you do not want. To help make it a little easier. Check the video at the site and see what you think. I think it's pretty cool and thought it might help :)

Instructions there are easy for Unchecky:

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder


Right click on the Unchecky_setupPosted Image or folder and choose to Run as Administrator

Once open click the Install button.

Posted Image

Then click on Finish

Posted Image

Unchecky is now installed and will help you keep unwanted check boxes unchecked ;)


Now: Let's proceed here and get you a clean OpenOffice.

Please click on this link: https://www.openoffice.org

Once there, click on I want to download Apache OpenOffice 4.0.1

You'll be taken to the download page. Click on Download Apache OpenOffice 4.0.1

Click Save
Click Open folder It will begin to download. Once finished a new window opens:

Posted Image

Read, Click Next

Posted Image

Add a Username..leave the other as is, check your user preferences for other computer users.
Click Next

Posted Image

Choose Custom Install
Always choose custom install.

Posted Image

This is where you may have unwanted downloads
Click next after you read and make sure there's not checked boxes with unwanted downloads added. In this case, it's all ok, click Next.

Posted Image

Check your default preferences here. If you want to use OpenOffice for all of these items, click all the boxes. Otherwise, choose which you wish it to be used for, or none as the window suggests. You do not have to make it the default program for anything.
Once finished, click Next

Posted Image

Last window: Choose whether you want an icon on your Desktop and choose Install.

That's it :D

You're good to go, Rich! :D
We'll leave this thread open for a couple of days just in case. Please advise if there are any issues.
Please also post the DelFix log and let me know all went well ;)

Surf Safe, Rich :thumbsup:
  • 0

#213
1324

1324

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
23red,
OTL log:

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{813BA625-B0FA-48D8-9B75-59759C88C219} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{813BA625-B0FA-48D8-9B75-59759C88C219}\ not found.

OTL by OldTimer - Version 3.2.69.0 log created on 02262014_054644


SavingsbullFilter is still on my computer. Re booted and tried to uninstall but it still remains :-(

So close and yet so far,
Rich

Edited by 1324, 26 February 2014 - 05:55 AM.

  • 0

#214
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts
Hi Rich :)

It is gone :thumbsup: You can go ahead with DelFix if you've not already :D
  • 0

#215
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts
Hi Rich :)

SavingsbullFilter is still on my computer. Re booted and tried to uninstall but it still remains :-(


Since it is still in programs and features then do this:

Use this tool to deregister the program.

Once you get there click on the Run now button.
Download it to your computer.
Accept the UAC prompt. It will load.
Click the Accept button to accept the Microsoft License Agreement.
In the next window, choose the second option: Detect problems and let me select the fixes to apply
It will ask if you're having a problem installing or uninstalling, choose uninstalling
A program list will come up.
Choose the offending program from the list and follow the prompts to have the tool remove it completely.

Now: if it is not on the list, and it will not or cannot go that way, then use the first option to let the tool find, detect and fix.
You may have to restart the tool to do this.

Let me know how it goes, Rich.
Thank you :)
  • 0

#216
1324

1324

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
23red,
Will do all of this on the weekend.
R
  • 0

#217
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts
:thumbsup:
  • 0

#218
1324

1324

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
23red,
Success, SavingsbullFilter deleted.
Rich
  • 0

#219
1324

1324

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
23red,
Delfix log:

# DelFix v10.6 - Logfile created 01/03/2014 at 05:26:53
# Updated 11/11/2013 by Xplode
# Username : Rich - RICH-HP
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\_OTL
Deleted : C:\AdwCleaner
Deleted : C:\Users\Rich\Desktop\SecurityCheck - Shortcut.lnk
Deleted : C:\Users\Rich\Downloads\adwcleaner.exe
Deleted : C:\Users\Rich\Downloads\Extras.Txt
Deleted : C:\Users\Rich\Downloads\OTL.Txt
Deleted : C:\Users\Rich\Downloads\OTL.exe
Deleted : C:\Users\Rich\Downloads\SecurityCheck.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #21 [Windows Update | 02/13/2014 12:18:17]
Deleted : RP #22 [Removed SavingsbullFilter | 02/16/2014 11:23:29]
Deleted : RP #23 [Removed SavingsbullFilter | 02/16/2014 11:37:24]
Deleted : RP #24 [Removed SavingsbullFilter | 02/16/2014 11:39:04]
Deleted : RP #25 [Windows Update | 02/16/2014 11:39:41]
Deleted : RP #26 [Removed SavingsbullFilter | 02/16/2014 11:47:35]
Deleted : RP #27 [Installed HP Support Assistant | 02/20/2014 12:08:05]
Deleted : RP #28 [Windows Modules Installer | 02/20/2014 12:11:10]
Deleted : RP #29 [Windows Modules Installer | 02/20/2014 12:11:44]
Deleted : RP #30 [OTL Restore Point - 2/22/2014 8:34:36 AM | 02/22/2014 14:34:38]
Deleted : RP #31 [Installed Adobe Photoshop Elements 11. | 02/23/2014 20:25:25]
Deleted : RP #32 [OTL Restore Point - 2/26/2014 5:44:57 AM | 02/26/2014 11:45:00]
Deleted : RP #33 [Removed SavingsbullFilter | 02/26/2014 11:46:22]
Deleted : RP #34 [OTL Restore Point - 2/26/2014 5:46:54 AM | 02/26/2014 11:46:54]
Deleted : RP #35 [Removed SavingsbullFilter | 02/26/2014 11:53:34]
Deleted : RP #37 [Restore Point before SavingsbullFilter was removed using Program Install and Uninstall troubleshooter | 03/01/2014 11:19:06]
Deleted : RP #39 [ SavingsbullFilter | 03/01/2014 11:19:22]

New restore point created !

########## - EOF - ##########
  • 0

#220
1324

1324

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
23red,
all done. CAn this truly be the end?
You have been wonderful, so patient.
I have learned a lot from you.
Thanks a million.
Rich
  • 0

Advertisements


#221
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts
Hi Rich :D


all done. Can this truly be the end?



Everything is running ok? If so, you are good! We are finished. Excellent work :thumbsup:


I have learned a lot from you.



Great! You're armed with good tools and much more knowledge :geek:


Thanks a million.



You are very welcome :D My pleasure, Rich.


Surf safe, my friend :cool:
  • 0

#222
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts
Incorrect post. Sorry!

Edited by 23red, 03 March 2014 - 05:55 PM.

  • 0

#223
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP