Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

System Probs - suspected malware [Closed]


  • This topic is locked This topic is locked

#16
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi. I just wanted to let you know that I have a busy weekend, but hopefully I will be able to reply some time today.
  • 0

Advertisements


#17
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Ok. One more value to clean up and then we can start repairing services. How is the computer functioning now? Any better?

Please download and run this fixlist as before and post the fixlog.txt for me.

Attached Files


  • 0

#18
lawnguybri

lawnguybri

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 101 posts
The computer does seem to be running a lot better. Lol I can actually properly shut down the computer, the settings button actually works.

Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-11-2013
Ran by gwengoetter at 2013-12-07 12:36:22 Run:3
Running from C:\Users\gwengoetter\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\gwengoetter\AppData\Roaming\Ubxyumy
HKCU\...\Run: [Vougowloypqiuxg] - C:\Users\gwengoetter\AppData\Roaming\Ubxyumy\udnia.exe
cmd: netsh winsock reset
*****************

"C:\Users\gwengoetter\AppData\Roaming\Ubxyumy" => File/Directory not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Vougowloypqiuxg => Value deleted successfully.

========= netsh winsock reset =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


==== End of Fixlog ====
  • 0

#19
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Ok. Let's repair services.


Download the ESET services repair tool, extract the file to your desktop.
  • Double-click ServicesRepair.exe.
  • If security notifications appear, click Continue or Run and then click Yes when asked if you want to proceed.
  • Once the tool has finished, you will be prompted to restart your computer. Click Yes to restart.
  • A log will be saved in the CCSupport folder the tool created on your desktop, please post the content in your next reply.

Then, run FSS again.


  • Make sure the all of the options are checked:

    Posted Image
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

  • 0

#20
lawnguybri

lawnguybri

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 101 posts
Repair log:

Log Opened: 2013-12-08 @ 11:19:41
11:19:41 - -----------------
11:19:41 - | Begin Logging |
11:19:41 - -----------------
11:19:41 - Fix started on a WIN_8 X64 computer
11:19:41 - Prep in progress. Please Wait.
11:19:44 - Prep complete
11:19:44 - Repairing Services Now. Please wait...
11:19:44 - Services Repair Complete.
11:20:51 - Reboot Initiated
Log Opened: 2013-12-08 @ 11:26:32
11:26:32 - -----------------
11:26:32 - | Begin Logging |
11:26:32 - -----------------
11:26:32 - Fix started on a WIN_8 X64 computer
11:26:32 - Prep in progress. Please Wait.
11:26:34 - Prep complete
11:26:34 - Repairing Services Now. Please wait...
11:26:35 - Services Repair Complete.
11:26:43 - Reboot Initiated


FSS scan:

Farbar Service Scanner Version: 23-11-2013
Ran by gwengoetter (administrator) on 08-12-2013 at 11:28:11
Running from "C:\Users\gwengoetter\Desktop"
Microsoft Windows 8 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error.
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.
Checking LEGACY_mpsdrv: ATTENTION!=====> Unable to open LEGACY_mpsdrv\0000 registry key. The key does not exist.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" registry key does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MsMpEng.exe => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#21
lawnguybri

lawnguybri

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 101 posts
I may be getting ahead of things here, but I know I'll need virus protection on the computer. Is there any you suggest? Is there anything available for free that is decent? Otherwise I'' have to buy something, and I'll need to start shopping around
  • 0

#22
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts



I may be getting ahead of things here, but I know I'll need virus protection on the computer. Is there any you suggest? Is there anything available for free that is decent? Otherwise I'' have to buy something, and I'll need to start shopping around




I recommend the free Avast for an AV. But let's fix your services first to ensure that it can install properly. In the mean time, I would avoid surfing the internet unless absolutely necessary.

Okay, the last tool didn't work, so let's try this.


Download Windows Repair (all in one) from this site

Install the programme then run

Posted Image

You can skip the optional steps here:
Posted Image


Select only #25 Restore Important Windows Services.
Posted Image

Let the program run, then get a fresh FSS scan again.
  • 0

#23
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Did you have any trouble with those instructions?
  • 0

#24
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#25
lawnguybri

lawnguybri

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 101 posts
FSS log:

Farbar Service Scanner Version: 23-11-2013
Ran by gwengoetter (administrator) on 21-12-2013 at 21:05:23
Running from "C:\Users\gwengoetter\Desktop"
Microsoft Windows 8 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MsMpEng.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


Was there anything else from that post? I think I have the malwarebytes log too, it found 22 (23?) issues, which were all resolved.
  • 0

Advertisements


#26
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
That looks pretty good. How is the computer running?

When did you run MBAM? Please post the log so I can check it.

I think now would be a good time to install a antivirus to protect your computer. I would recommend the free Avast.

Let me know when you have installed it and then we can fix the last few things and run a final sweep.



  • 0

#27
lawnguybri

lawnguybri

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 101 posts
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.21.05

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16484
gwengoetter :: GOETTERS4BACON [administrator]

12/21/2013 1:35:41 PM
mbam-log-2013-12-21 (13-35-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 246872
Time elapsed: 27 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 19
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0} (PUP.Optional.Softomate.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D} (PUP.Optional.Softomate.A) -> Quarantined and deleted successfully.
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B} (PUP.Optional.Softomate.A) -> Quarantined and deleted successfully.
HKCR\URLSearchHook.ToolbarURLSearchHook.1 (PUP.Optional.Softomate.A) -> Quarantined and deleted successfully.
HKCR\URLSearchHook.ToolbarURLSearchHook (PUP.Optional.Softomate.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268} (PUP.Optional.PCSpeedUp.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{3157E247-2784-4028-BF0F-52D6DDC70E1B} (PUP.Optional.PCSpeedUp.A) -> Quarantined and deleted successfully.
HKCR\Interface\{6C42038D-817A-472C-8C2A-EF46F1DA576D} (PUP.Optional.PCSpeedUp.A) -> Quarantined and deleted successfully.
HKCR\PCSU.Registry.1 (PUP.Optional.PCSpeedUp.A) -> Quarantined and deleted successfully.
HKCR\PCSU.Registry (PUP.Optional.PCSpeedUp.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A444752C-F03B-4E19-B2CD-E80F1FC2809C} (PUP.LyricsAd) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A444752C-F03B-4E19-B2CD-E80F1FC2809C} (PUP.LyricsAd) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111271159} (PUP.CrossRider) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111271159} (PUP.CrossRider) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\BabylonToolbar (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (PUP.Optional.Snapdo) -> Bad: (http://feed.snap.do/...e={installDate}) Good: (http://www.google.com) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|SearchAssistant (PUP.Optional.Snapdo) -> Bad: (http://feed.snap.do/...e={installDate}) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 12
C:\Users\gwengoetter\Documents\PCSpeedUp (PUP.Optional.PCSpeedUp.A) -> Quarantined and deleted successfully.
C:\Users\gwengoetter\Documents\PCSpeedUp\RestorePoints (PUP.Optional.PCSpeedUp.A) -> Quarantined and deleted successfully.
C:\Users\gwengoetter\Documents\PCSpeedUp\ScanResults (PUP.Optional.PCSpeedUp.A) -> Quarantined and deleted successfully.
C:\Users\gwengoetter\AppData\Local\Temp\mt_ffx\Delta (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
C:\Users\gwengoetter\AppData\Local\Temp\mt_ffx\Delta\delta (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
C:\Users\gwengoetter\AppData\Local\Temp\mt_ffx\Delta\delta\1.8.16.16 (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
C:\Users\gwengoetter\AppData\Local\Temp\mt_ffx\BabylonToolbar (PUP.Optional.BabylonToolbar.A) -> Quarantined and deleted successfully.
C:\Users\gwengoetter\AppData\Local\Temp\mt_ffx\BabylonToolbar\BabylonToolbar (PUP.Optional.BabylonToolbar.A) -> Quarantined and deleted successfully.
C:\Users\gwengoetter\AppData\Local\Temp\mt_ffx\BabylonToolbar\BabylonToolbar\1.8.7.2 (PUP.Optional.BabylonToolbar.A) -> Quarantined and deleted successfully.
C:\Users\gwengoetter\AppData\Local\Temp\ct3268926 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\gwengoetter\AppData\Local\Temp\CT3268934 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AutoLyrics (PUP.Optional.AutoLyrics.A) -> Quarantined and deleted successfully.

Files Detected: 23
C:\Users\gwengoetter\AppData\Local\Temp\1347692656.exe (Trojan.Downloader.ED) -> Quarantined and deleted successfully.
C:\Users\gwengoetter\AppData\Local\Temp\1347718124.exe (Trojan.Inject.gen) -> Quarantined and deleted successfully.
C:\Users\gwengoetter\AppData\Local\Temp\1356745641.exe (Trojan.Downloader.ED) -> Quarantined and deleted successfully.
C:\Users\gwengoetter\AppData\Local\Temp\1356754460.exe (Trojan.Crypt.NKN) -> Quarantined and deleted successfully.
C:\Users\gwengoetter\AppData\Local\Temp\1366243624itinstallerp.exe (PUP.Optional.Vittalia) -> Quarantined and deleted successfully.
C:\Users\gwengoetter\AppData\Local\Temp\autolrcstmp.exe (PUP.Optional.LyricsAd) -> Quarantined and deleted successfully.
C:\Users\gwengoetter\AppData\Local\Temp\E521.tmp (PUP.Optional.PerformerSoft.A) -> Quarantined and deleted successfully.
C:\Users\gwengoetter\AppData\Local\Temp\msimg32.dll (Rootkit.0Access.ZPE) -> Quarantined and deleted successfully.
C:\Users\gwengoetter\AppData\Local\Temp\setup.exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
C:\Users\gwengoetter\AppData\Local\Temp\91B11FEF-BAB0-7891-A304-C3602AEB9564\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\gwengoetter\AppData\Local\Temp\91B11FEF-BAB0-7891-A304-C3602AEB9564\MyBabylonTB.exe (PUP.Optional.Delta) -> Quarantined and deleted successfully.
C:\Users\gwengoetter\AppData\Local\Temp\ct3268926\ieLogic.exe (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Users\gwengoetter\AppData\Local\Temp\ct3268926\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\gwengoetter\AppData\Local\Conduit\CT3268934\Vgrabber_v1AutoUpdateHelper.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\gwengoetter\AppData\Local\Temp\9573063.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\gwengoetter\Documents\PCSpeedUp\App.log (PUP.Optional.PCSpeedUp.A) -> Quarantined and deleted successfully.
C:\Users\gwengoetter\Documents\PCSpeedUp\ScanResults\FragmentedDisksCollection.log (PUP.Optional.PCSpeedUp.A) -> Quarantined and deleted successfully.
C:\Users\gwengoetter\Documents\PCSpeedUp\ScanResults\JunkFilesCollection.log (PUP.Optional.PCSpeedUp.A) -> Quarantined and deleted successfully.
C:\Users\gwengoetter\AppData\Local\Temp\ct3268926\chLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\gwengoetter\AppData\Local\Temp\CT3268934\CT3268934.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\gwengoetter\AppData\Local\Temp\CT3268934\dtime.csf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\gwengoetter\AppData\Local\Temp\CT3268934\initData.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\gwengoetter\AppData\Local\Temp\CT3268934\manifest.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

(end)


The malwarebytes was run with the tweaking windows repair tool you suggested.

My wife actually got Norton for a couple of our other computers, and its a 3-pack, so I can install that.

Seems to be running iok, but haven't really tested it yet.
  • 0

#28
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Okay, go ahead and install Norton. Then let's fix the last little bit. We'll sweep for remnants now, then do one last fix (hopefully...).


Step 1: Run SecurityCheck

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step 2: Run online scan.

Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Things I need in your next reply:
  • SecurityCheck log
  • ESET log
  • Any outstanding problems?

  • 0

#29
lawnguybri

lawnguybri

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 101 posts
SECURITY CHECK:

Results of screen317's Security Check version 0.99.77
x64 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 10
Java version out of Date!
Adobe Flash Player 11.6.602.180
Adobe Reader XI
Mozilla Firefox (26.0)
Google Chrome 31.0.1650.57
Google Chrome 31.0.1650.63
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````



I tried the ESET scan and it keeps bogging down...at 49% scanned it has found 146 threats, with some trojans present, but the scan will not complete.

Would installing Norton first and using that to scan help?
  • 0

#30
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
It looks like a lot of malware is left residing in your temp folder. Let's clean that out and see if ESET will run.
Please be aware that this program will delete all files located in the temporary folders on your computer.

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Then try ESET again. If it fails, please run a fresh FRST scan.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP