Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Snapdo [Closed] [Solved]


  • This topic is locked This topic is locked

#16
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

ok cool thanks


You're welcome :)


Let's run a sweep for remnants and check for any out of date programs on your machine. :)

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: ESET Online Scanner


ESET Online Virus Scan

Please note: You can use Internet Explorer or Firefox for this step.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->Posted Image

  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Step 2: Scan with Malwarebytes


Posted Image Please download Malwarebytes' Anti-Malware from Here.

  • Double Click mbam-setup.exe to install the application (Windows 7 users, right click and select Run as Administrator.)
  • Proceed through the setup
    • Choose your language
    • Accept the License Agreement
    • Select Destination Location
    • Select Start Menu Folder
    • Select Addtional Tasks
    • Click Install
    • In the Completeing the Malwarebytes Anti-Malware Setup Wizard Window
      • Uncheck Enable free trial of Malwarebytes Anti-Malware PRO
      • Keep the check mark beside Update Malwarebytes' Anti-Malware
      • Keep the check mark beside Launch Malwarebytes' Anti-Malware
    • Click Finish.
    • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan
  • Click Scan. The scan may take some time to finish,so please be patient.

    Posted Image
  • When the scan is complete, click OK, then Show Results to view the results.

    Posted Image
  • Make sure that everything is checked, and click Remove Selected.

    Posted Image
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply.



Step 3: SecurityCheck Scan


Download Security CheckPosted Image by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Things I need to see in your next post:

  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log
  • How is the computer running now?

  • 0

Advertisements


#17
Socaflex

Socaflex

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
I will respond later
  • 0

#18
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
:thumbsup:
  • 0

#19
Socaflex

Socaflex

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
my eset is still scanning 12 hours now
  • 0

#20
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

my eset is still scanning 12 hours now


Yes, that scan can take quite a while. It's a very in depth scan. And your machine was heavily infested. As long as it's progressing, let it continue running. :)
  • 0

#21
Socaflex

Socaflex

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Ok will do
  • 0

#22
Socaflex

Socaflex

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=62826ebdcd1d2c4d96a5ce0e4a33aa4a
# engine=16093
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-12-01 02:31:13
# local_time=2013-12-01 09:31:13 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 0 138293636 0 0
# scanned=1248
# found=18
# cleaned=0
# scan_time=343
sh=BCAA26922FC5A4BB3E9FEA7D29C525BB33D16572 ft=1 fh=e670698edca7a71b vn="a variant of Win32/Toolbar.Conduit.P application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\internethelper3.1\ldrtbInte.dll.vir"
sh=31E93E104678E9814A5E5D43A73387819E6282E5 ft=1 fh=b31cd14a0801e57c vn="a variant of Win32/Toolbar.Conduit.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\internethelper3.1\tbInte.dll.vir"
sh=A696C5A0D50145AFDE3D3A71F70B1C3006AC2199 ft=1 fh=da0003b6601dbc17 vn="a variant of Win32/Adware.MultiPlug.I application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\MagniPic\5115c6db68a4c.dll.vir"
sh=48EF8B4E06E0F1D3C06C4D6E1EA2B6CE48AA5231 ft=1 fh=ac26df35aa8ade69 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll.vir"
sh=456CDDCB4DBBD1255871EEBC22F4EE83A1AADFF8 ft=1 fh=de4e9e6d1369d358 vn="a variant of Win32/Toolbar.Babylon.I application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.1_0\BabMaint.x.vir"
sh=43EAA89AE51391FE6219B415ED726FB621B354FE ft=1 fh=c71c00115a62a541 vn="a variant of Win32/Toolbar.Babylon.P application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.1_0\BUSolution.dll.vir"
sh=9B681F8881061950994735A6D08697F2C2D95E7C ft=1 fh=e2c81e275b18bb83 vn="a variant of Win32/Toolbar.Babylon.I application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.3_0\BabMaint.x.vir"
sh=5FAFC7C0CF5A8BA1B9023805434FA3FF30284617 ft=1 fh=c71c0011cc00d37a vn="a variant of Win32/Toolbar.Babylon.P application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.3_0\BUSolution.dll.vir"
sh=615AEC34ABF0221B29D3E43B20AAD714B4C683FD ft=1 fh=5629cfff8a0dcf8e vn="a variant of Win32/Toolbar.Babylon.Q application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.3_0\NPObject.dll.vir"
sh=BA556E78EB7BFFBF16EACBB7FE2BD4EC3EF6F2F1 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdopkelddmilohmfonbpdkgjfkkcllkl\1\5115c6db6880e2.16426726.js.vir"
sh=BCAA26922FC5A4BB3E9FEA7D29C525BB33D16572 ft=1 fh=e670698edca7a71b vn="a variant of Win32/Toolbar.Conduit.P application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\LocalLow\internethelper3.1\ldrtbInte.dll.vir"
sh=31E93E104678E9814A5E5D43A73387819E6282E5 ft=1 fh=b31cd14a0801e57c vn="a variant of Win32/Toolbar.Conduit.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\LocalLow\internethelper3.1\tbInte.dll.vir"
sh=C2C7BD3BD6C75D5DBCCA298C785C208AB6C73CF0 ft=1 fh=154117e7567d41ef vn="a variant of Win32/Toolbar.Conduit.P application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\LocalLow\WhiteSmoke_B\ldrtbWhit.dll.vir"
sh=D9F40FED54DC0A576A1F461357617E9412D02947 ft=1 fh=aea68ab3b9997ab2 vn="a variant of Win32/Toolbar.Conduit.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\LocalLow\WhiteSmoke_B\tbWhit.dll.vir"
sh=4D5B1DA43DB2A4E3C2CC33EC25C142150A2A0415 ft=1 fh=42cdebd77adffd28 vn="a variant of Win32/FileScout.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\file scout\filescout.exe.vir"
sh=39D545307059D69604C2ED112C11AAA303AAE834 ft=1 fh=36dc4f7032c73daa vn="a variant of Win32/AdWare.MediaFinder.I application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Media Finder\Extensions\IEPlugin32.dll.vir"
sh=A501C2C68B23CF979310B6DF5DE677B533C90125 ft=1 fh=5fe854450464fe57 vn="a variant of Win32/Toolbar.Perion.G application" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\ARFC\wrtc.exe.vir"
sh=F0583DDAE95D2C50EE017A7B16941AFBC9E004D5 ft=1 fh=72c2adac041db1f9 vn="a variant of Win32/Toolbar.Perion.G application" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\WNLT\Installation\WSSetup.exe.vir"
[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=62826ebdcd1d2c4d96a5ce0e4a33aa4a
# engine=16093
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-12-01 02:40:54
# local_time=2013-12-01 09:40:54 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 0 138294217 0 0
# scanned=1248
# found=18
# cleaned=0
# scan_time=519
sh=BCAA26922FC5A4BB3E9FEA7D29C525BB33D16572 ft=1 fh=e670698edca7a71b vn="a variant of Win32/Toolbar.Conduit.P application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\internethelper3.1\ldrtbInte.dll.vir"
sh=31E93E104678E9814A5E5D43A73387819E6282E5 ft=1 fh=b31cd14a0801e57c vn="a variant of Win32/Toolbar.Conduit.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\internethelper3.1\tbInte.dll.vir"
sh=A696C5A0D50145AFDE3D3A71F70B1C3006AC2199 ft=1 fh=da0003b6601dbc17 vn="a variant of Win32/Adware.MultiPlug.I application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\MagniPic\5115c6db68a4c.dll.vir"
sh=48EF8B4E06E0F1D3C06C4D6E1EA2B6CE48AA5231 ft=1 fh=ac26df35aa8ade69 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll.vir"
sh=456CDDCB4DBBD1255871EEBC22F4EE83A1AADFF8 ft=1 fh=de4e9e6d1369d358 vn="a variant of Win32/Toolbar.Babylon.I application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.1_0\BabMaint.x.vir"
sh=43EAA89AE51391FE6219B415ED726FB621B354FE ft=1 fh=c71c00115a62a541 vn="a variant of Win32/Toolbar.Babylon.P application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.1_0\BUSolution.dll.vir"
sh=9B681F8881061950994735A6D08697F2C2D95E7C ft=1 fh=e2c81e275b18bb83 vn="a variant of Win32/Toolbar.Babylon.I application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.3_0\BabMaint.x.vir"
sh=5FAFC7C0CF5A8BA1B9023805434FA3FF30284617 ft=1 fh=c71c0011cc00d37a vn="a variant of Win32/Toolbar.Babylon.P application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.3_0\BUSolution.dll.vir"
sh=615AEC34ABF0221B29D3E43B20AAD714B4C683FD ft=1 fh=5629cfff8a0dcf8e vn="a variant of Win32/Toolbar.Babylon.Q application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.3_0\NPObject.dll.vir"
sh=BA556E78EB7BFFBF16EACBB7FE2BD4EC3EF6F2F1 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdopkelddmilohmfonbpdkgjfkkcllkl\1\5115c6db6880e2.16426726.js.vir"
sh=BCAA26922FC5A4BB3E9FEA7D29C525BB33D16572 ft=1 fh=e670698edca7a71b vn="a variant of Win32/Toolbar.Conduit.P application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\LocalLow\internethelper3.1\ldrtbInte.dll.vir"
sh=31E93E104678E9814A5E5D43A73387819E6282E5 ft=1 fh=b31cd14a0801e57c vn="a variant of Win32/Toolbar.Conduit.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\LocalLow\internethelper3.1\tbInte.dll.vir"
sh=C2C7BD3BD6C75D5DBCCA298C785C208AB6C73CF0 ft=1 fh=154117e7567d41ef vn="a variant of Win32/Toolbar.Conduit.P application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\LocalLow\WhiteSmoke_B\ldrtbWhit.dll.vir"
sh=D9F40FED54DC0A576A1F461357617E9412D02947 ft=1 fh=aea68ab3b9997ab2 vn="a variant of Win32/Toolbar.Conduit.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\LocalLow\WhiteSmoke_B\tbWhit.dll.vir"
sh=4D5B1DA43DB2A4E3C2CC33EC25C142150A2A0415 ft=1 fh=42cdebd77adffd28 vn="a variant of Win32/FileScout.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\file scout\filescout.exe.vir"
sh=39D545307059D69604C2ED112C11AAA303AAE834 ft=1 fh=36dc4f7032c73daa vn="a variant of Win32/AdWare.MediaFinder.I application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Media Finder\Extensions\IEPlugin32.dll.vir"
sh=A501C2C68B23CF979310B6DF5DE677B533C90125 ft=1 fh=5fe854450464fe57 vn="a variant of Win32/Toolbar.Perion.G application" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\ARFC\wrtc.exe.vir"
sh=F0583DDAE95D2C50EE017A7B16941AFBC9E004D5 ft=1 fh=72c2adac041db1f9 vn="a variant of Win32/Toolbar.Perion.G application" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\WNLT\Installation\WSSetup.exe.vir"
[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=62826ebdcd1d2c4d96a5ce0e4a33aa4a
# engine=16093
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-12-01 02:59:30
# local_time=2013-12-01 09:59:30 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 0 138295333 0 0
# scanned=1248
# found=18
# cleaned=0
# scan_time=1044
sh=BCAA26922FC5A4BB3E9FEA7D29C525BB33D16572 ft=1 fh=e670698edca7a71b vn="a variant of Win32/Toolbar.Conduit.P application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\internethelper3.1\ldrtbInte.dll.vir"
sh=31E93E104678E9814A5E5D43A73387819E6282E5 ft=1 fh=b31cd14a0801e57c vn="a variant of Win32/Toolbar.Conduit.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\internethelper3.1\tbInte.dll.vir"
sh=A696C5A0D50145AFDE3D3A71F70B1C3006AC2199 ft=1 fh=da0003b6601dbc17 vn="a variant of Win32/Adware.MultiPlug.I application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\MagniPic\5115c6db68a4c.dll.vir"
sh=48EF8B4E06E0F1D3C06C4D6E1EA2B6CE48AA5231 ft=1 fh=ac26df35aa8ade69 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll.vir"
sh=456CDDCB4DBBD1255871EEBC22F4EE83A1AADFF8 ft=1 fh=de4e9e6d1369d358 vn="a variant of Win32/Toolbar.Babylon.I application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.1_0\BabMaint.x.vir"
sh=43EAA89AE51391FE6219B415ED726FB621B354FE ft=1 fh=c71c00115a62a541 vn="a variant of Win32/Toolbar.Babylon.P application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.1_0\BUSolution.dll.vir"
sh=9B681F8881061950994735A6D08697F2C2D95E7C ft=1 fh=e2c81e275b18bb83 vn="a variant of Win32/Toolbar.Babylon.I application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.3_0\BabMaint.x.vir"
sh=5FAFC7C0CF5A8BA1B9023805434FA3FF30284617 ft=1 fh=c71c0011cc00d37a vn="a variant of Win32/Toolbar.Babylon.P application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.3_0\BUSolution.dll.vir"
sh=615AEC34ABF0221B29D3E43B20AAD714B4C683FD ft=1 fh=5629cfff8a0dcf8e vn="a variant of Win32/Toolbar.Babylon.Q application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.3_0\NPObject.dll.vir"
sh=BA556E78EB7BFFBF16EACBB7FE2BD4EC3EF6F2F1 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdopkelddmilohmfonbpdkgjfkkcllkl\1\5115c6db6880e2.16426726.js.vir"
sh=BCAA26922FC5A4BB3E9FEA7D29C525BB33D16572 ft=1 fh=e670698edca7a71b vn="a variant of Win32/Toolbar.Conduit.P application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\LocalLow\internethelper3.1\ldrtbInte.dll.vir"
sh=31E93E104678E9814A5E5D43A73387819E6282E5 ft=1 fh=b31cd14a0801e57c vn="a variant of Win32/Toolbar.Conduit.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\LocalLow\internethelper3.1\tbInte.dll.vir"
sh=C2C7BD3BD6C75D5DBCCA298C785C208AB6C73CF0 ft=1 fh=154117e7567d41ef vn="a variant of Win32/Toolbar.Conduit.P application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\LocalLow\WhiteSmoke_B\ldrtbWhit.dll.vir"
sh=D9F40FED54DC0A576A1F461357617E9412D02947 ft=1 fh=aea68ab3b9997ab2 vn="a variant of Win32/Toolbar.Conduit.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\LocalLow\WhiteSmoke_B\tbWhit.dll.vir"
sh=4D5B1DA43DB2A4E3C2CC33EC25C142150A2A0415 ft=1 fh=42cdebd77adffd28 vn="a variant of Win32/FileScout.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\file scout\filescout.exe.vir"
sh=39D545307059D69604C2ED112C11AAA303AAE834 ft=1 fh=36dc4f7032c73daa vn="a variant of Win32/AdWare.MediaFinder.I application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Media Finder\Extensions\IEPlugin32.dll.vir"
sh=A501C2C68B23CF979310B6DF5DE677B533C90125 ft=1 fh=5fe854450464fe57 vn="a variant of Win32/Toolbar.Perion.G application" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\ARFC\wrtc.exe.vir"
sh=F0583DDAE95D2C50EE017A7B16941AFBC9E004D5 ft=1 fh=72c2adac041db1f9 vn="a variant of Win32/Toolbar.Perion.G application" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\WNLT\Installation\WSSetup.exe.vir"
[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=62826ebdcd1d2c4d96a5ce0e4a33aa4a
# engine=16093
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-12-02 05:40:57
# local_time=2013-12-02 12:40:57 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 0 138348220 0 0
# scanned=113956
# found=25
# cleaned=0
# scan_time=52827
sh=BCAA26922FC5A4BB3E9FEA7D29C525BB33D16572 ft=1 fh=e670698edca7a71b vn="a variant of Win32/Toolbar.Conduit.P application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\internethelper3.1\ldrtbInte.dll.vir"
sh=31E93E104678E9814A5E5D43A73387819E6282E5 ft=1 fh=b31cd14a0801e57c vn="a variant of Win32/Toolbar.Conduit.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\internethelper3.1\tbInte.dll.vir"
sh=A696C5A0D50145AFDE3D3A71F70B1C3006AC2199 ft=1 fh=da0003b6601dbc17 vn="a variant of Win32/Adware.MultiPlug.I application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\MagniPic\5115c6db68a4c.dll.vir"
sh=48EF8B4E06E0F1D3C06C4D6E1EA2B6CE48AA5231 ft=1 fh=ac26df35aa8ade69 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll.vir"
sh=456CDDCB4DBBD1255871EEBC22F4EE83A1AADFF8 ft=1 fh=de4e9e6d1369d358 vn="a variant of Win32/Toolbar.Babylon.I application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.1_0\BabMaint.x.vir"
sh=43EAA89AE51391FE6219B415ED726FB621B354FE ft=1 fh=c71c00115a62a541 vn="a variant of Win32/Toolbar.Babylon.P application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.1_0\BUSolution.dll.vir"
sh=9B681F8881061950994735A6D08697F2C2D95E7C ft=1 fh=e2c81e275b18bb83 vn="a variant of Win32/Toolbar.Babylon.I application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.3_0\BabMaint.x.vir"
sh=5FAFC7C0CF5A8BA1B9023805434FA3FF30284617 ft=1 fh=c71c0011cc00d37a vn="a variant of Win32/Toolbar.Babylon.P application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.3_0\BUSolution.dll.vir"
sh=615AEC34ABF0221B29D3E43B20AAD714B4C683FD ft=1 fh=5629cfff8a0dcf8e vn="a variant of Win32/Toolbar.Babylon.Q application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.3_0\NPObject.dll.vir"
sh=BA556E78EB7BFFBF16EACBB7FE2BD4EC3EF6F2F1 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdopkelddmilohmfonbpdkgjfkkcllkl\1\5115c6db6880e2.16426726.js.vir"
sh=BCAA26922FC5A4BB3E9FEA7D29C525BB33D16572 ft=1 fh=e670698edca7a71b vn="a variant of Win32/Toolbar.Conduit.P application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\LocalLow\internethelper3.1\ldrtbInte.dll.vir"
sh=31E93E104678E9814A5E5D43A73387819E6282E5 ft=1 fh=b31cd14a0801e57c vn="a variant of Win32/Toolbar.Conduit.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\LocalLow\internethelper3.1\tbInte.dll.vir"
sh=C2C7BD3BD6C75D5DBCCA298C785C208AB6C73CF0 ft=1 fh=154117e7567d41ef vn="a variant of Win32/Toolbar.Conduit.P application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\LocalLow\WhiteSmoke_B\ldrtbWhit.dll.vir"
sh=D9F40FED54DC0A576A1F461357617E9412D02947 ft=1 fh=aea68ab3b9997ab2 vn="a variant of Win32/Toolbar.Conduit.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\LocalLow\WhiteSmoke_B\tbWhit.dll.vir"
sh=4D5B1DA43DB2A4E3C2CC33EC25C142150A2A0415 ft=1 fh=42cdebd77adffd28 vn="a variant of Win32/FileScout.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\file scout\filescout.exe.vir"
sh=39D545307059D69604C2ED112C11AAA303AAE834 ft=1 fh=36dc4f7032c73daa vn="a variant of Win32/AdWare.MediaFinder.I application" ac=I fn="C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Media Finder\Extensions\IEPlugin32.dll.vir"
sh=A501C2C68B23CF979310B6DF5DE677B533C90125 ft=1 fh=5fe854450464fe57 vn="a variant of Win32/Toolbar.Perion.G application" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\ARFC\wrtc.exe.vir"
sh=F0583DDAE95D2C50EE017A7B16941AFBC9E004D5 ft=1 fh=72c2adac041db1f9 vn="a variant of Win32/Toolbar.Perion.G application" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\WNLT\Installation\WSSetup.exe.vir"
sh=ED909A2F1746708A38D2A0E7F7A89D9271EA2BAB ft=0 fh=0000000000000000 vn="a variant of Win32/KillProcess.A application" ac=I fn="C:\ICDC Software\Medisoft.zip"
sh=93D3D3A90EF91763660A548E277646309F9D6A66 ft=1 fh=8c5fd7ad890b7c87 vn="a variant of Win32/XrayMyPC application" ac=I fn="C:\Program Files\Winferno\PC Confidential\PCConfidential.exe"
sh=1760CE74267F25CF870B6C1704C8AF88DB27B9F1 ft=1 fh=312ac98394cc5c3d vn="multiple threats" ac=I fn="C:\Users\user\Downloads\minecraft-setup (1).exe"
sh=1760CE74267F25CF870B6C1704C8AF88DB27B9F1 ft=1 fh=312ac98394cc5c3d vn="multiple threats" ac=I fn="C:\Users\user\Downloads\minecraft-setup.exe"
sh=4A0C93D45CBA6AD37398981E3BFBB8EFFD861ADA ft=1 fh=8d627586d5436967 vn="a variant of Win32/InstallIQ.A application" ac=I fn="C:\Users\user\Downloads\sunset.exe"
sh=0315BCEB21B2DD0B699F55C46D5FF739EDFC6F9C ft=1 fh=d91ea6391d54793b vn="a variant of Win32/Toolbar.DefaultTab.B application" ac=I fn="C:\_OTL\MovedFiles\11302013_220046\C_Users\user\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll"
sh=6D5F2FAAE9420650D15627831811CD676A6D6AD9 ft=1 fh=5e4922cb28ca9ce8 vn="a variant of Win32/Toolbar.Perion.G application" ac=I fn="C:\_OTL\MovedFiles\11302013_220046\C_Windows\System32\dmwu.exe"
  • 0

#23
Socaflex

Socaflex

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.02.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16428
user :: USER-PC [administrator]

12/2/2013 5:01:47 AM
mbam-log-2013-12-02 (05-01-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204738
Time elapsed: 13 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 7
HKCR\CLSID\{A8DBEAC4-5F57-C394-05AD-43727E71AD63} (PUP.ShopToWin) -> Quarantined and deleted successfully.
HKCR\TypeLib\{E8303531-595F-42C4-CD01-14F4200EB855} (PUP.ShopToWin) -> Quarantined and deleted successfully.
HKCR\Interface\{F0D78F0D-93C4-6F51-A45B-198AF05B3BD0} (PUP.ShopToWin) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{472F6BB8-3D5A-BC24-4155-3192C7AC8CF6} (PUP.ShopToWin) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Google\Chrome\Extensions\oelbclnhkbhlhikfmpmbakbgeonbjjnp (PUP.Optional.WhiteSmoke.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\oelbclnhkbhlhikfmpmbakbgeonbjjnp (PUP.Optional.WhiteSmoke.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Updater By SweetPacks (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\user\Downloads\sunset.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Windows\Installer\1e53e99d.msi (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.

(end)
  • 0

#24
Socaflex

Socaflex

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Results of screen317's Security Check version 0.99.77
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Computer Security
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java™ 6 Update 27
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 10.1.1 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
F-Secure PC Protection Plus apps ComputerSecurity\Anti-Virus\FSGK32.EXE
F-Secure PC Protection Plus apps ComputerSecurity\Anti-Virus\fssm32.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
  • 0

#25
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello, your logs are looking good! :) Let's clear out the remnants and get your programs updated.

Let's run an OTL fix:

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Run OTL

  • Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.

Posted Image

:Commands
[createrestorepoint]

:Files
C:\ICDC Software\Medisoft.zip
C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
C:\Users\user\Downloads\minecraft-setup (1).exe
C:\Users\user\Downloads\minecraft-setup.exe
C:\Users\user\Downloads\sunset.exe

:Commands
[reboot]





  • Click the Run Fix button at the top of the OTL control panel.
  • Let the program run until it's finished and then reboot the computer.
  • Once your machine has rebooted, a log will open. Please post that log in your next reply.

If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.



Step 2: Program Updates


Enable UAC in Windows 7

  • Open User Account Control Settings by clicking the Start button and then clicking Control Panel
  • In the Search Box, type in uac and then click Change User Account Control settings.
  • To turn on UAC, move the slider to choose when you want to be notified, and then click OK.
  • If you're prompted for an administrator password or confirmation, type the password or provide confirmation.



A word about Java

Java has become the #1 program exploited by thieves and hackers as of today. It's gotten so bad, the Department of Homeland Security recently recommended that users disable Java on their machines.

For more information regarding this, see the two articles below:

Forbes: US Department of Homeland Security Calls on user do disable Java

US warns on Java software

Unless you have software on your machine that absolutely requires Java, I highly recommend you completely remove it from your system.

If you do have software that requires it, then disable it until such time as it's needed by those programs.

Please click the link below for instructions to disable Java.

How to Disable Java in your Web Browser


If you wish to continue to use Java on your machine, please be sure to keep it updated by following the instructions below.




  • Click on this link Java Website and click Do I Have Java?
  • Then click the Verify Java Version button. It will scan your current version and show you if you have the most current version.

You can also download a tool called JavaRa that will automatically search for new updates and remove older versions of Java.
Click the link below to go to the download page to get the tool.

JavaRa

Once you have downloaded JavaRa

  • Unzip the files to the directory of your choice.
  • Double click the JavaRa icon in the directory and choose your language preference.
  • Click Remove Older Versions from the menu.
  • Click Yes.
  • If you get a warning that Internet Explorer needs to be closed, close it, then click ok.
  • JavaRa will then search for and remove old versions of Java from your machine.

You can find instructions for manually removing older versions for Windows XP, Vista, and 7 by clicking the link below:

Instructions for manually removing old versions of Java



Updating Adobe Reader

  • Malware will exploit any vulnerabilities it can find in outdated software. If you are using Adobe Reader for reading pdf files, try using FoxIt Reader. It is a very capable alternative to Adobe.
  • Please click here to download FoxIt Reader.
  • If you wish to continue to use Adobe Reader, then please update it by clicking here.
  • Please remember to uncheck the option to install McAfee's Security Suite.


Updating Flash Player


Your Flash player is out of date. Please click here to update it to the latest version.

Please remember to uncheck the option to install McAfee's Security Suite


Are there any further issues remaining I can assist you with? :)
  • 0

Advertisements


#26
Socaflex

Socaflex

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Will do when I'm home about 8
  • 0

#27
Socaflex

Socaflex

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
otl didn't give me a log
  • 0

#28
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hi :)

You can find a copy of the fix log here: C:\_OTL\MovedFiles
  • 0

#29
Socaflex

Socaflex

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
File\Folder C:\ICDC Software\Medisoft.zip not found.
C:\Program Files\Winferno\PC Confidential\PCConfidential.exe moved successfully.
C:\Users\user\Downloads\minecraft-setup (1).exe moved successfully.
C:\Users\user\Downloads\minecraft-setup.exe moved successfully.
File\Folder C:\Users\user\Downloads\sunset.exe not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 12022013_192316
  • 0

#30
Socaflex

Socaflex

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
everything is done thanks a million....
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP