Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Spouse Threatening [Solved]


  • This topic is locked This topic is locked

#16
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
I need the whole log, so paste half in one post and the rest in a 2nd post. OR attach the log, using the Choose file then Attach This File
  • 0

Advertisements


#17
rocket985

rocket985

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
File attached.

Attached Files


  • 0

#18
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Awesome Sauce, looking good!

Those files flagged are OK and are clean. So.....let's get HAL to open the pod doors and clean some infected entries with OTL. We will remove that CouponBar icon from Programs and Features as well.

Malwarebytes and ESET will then check if there are any leftovers. :)


1. OTL Fix

  • Right click the OTL icon and select Run as Administrator.
  • Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.

    :COMMANDS
    [CREATERESTOREPOINT]

    :OTL
    O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
    O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
    O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found

    :REG

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TTB000001.TTB000001Toolbar]

    :FILES
    C:\Users\Owner\Downloads\dds(1).scr
    C:\Users\Owner\Downloads\dds.scr
    C:\ProgramData\Microsoft\Windows\DRM\113.tmp.dat
    C:\ProgramData\Microsoft\Windows\DRM\8F9F.tmp.dat
    C:\ProgramData\Microsoft\Windows\DRM\C17A.tmp
    C:\ProgramData\Microsoft\Windows\DRM\ncrypt.dll
    C:\Users\All Users\Microsoft\Windows\DRM\ncrypt.dll

  • Then click Run Fix
  • Click O.K if asked to Reboot.
  • An OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - Where mmddyyy _hhmmss is the date and time of fix.
  • Copy and Paste the Fix Log in your next reply.


2. UPDATE AND RUN MALWAREBYTES

  • Open Malwarebytes select the Updates Tab - Select Check for Updates and click O.K
  • Once complete click the Scanner Tab and select Perform quick scan
  • The scan will take a few minutes. Once complete click O.K and Show Results
  • Make sure anything found is checked and click Remove Selected
  • A reboot may be needed please proceed if asked.
  • If a reboot was needed the log is automatically saved by MBAM and can be viewed by clicking the Logs Tab then Open Log I need to see this.


3. ESET SCAN ONLY

You will need to disable your currently installed Anti-Virus, how to do so can be read here.


IMPORTANT - Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu, Quick Launch Bar or the Taskbar and select Run as Administrator. For Taskbar right click IE then right click the IE icon that appears.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

Now use this link to run an online scan with the ESET Online Scanner

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Uncheck the Remove Found Threats box. I want to check the results first as ESET may remove a false positive :)
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you copy the logfile
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files (x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste the log in your next reply.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!



Things I want to see in your next post.

Use 2 Posts If Necessary

  • OTL fix.txt
  • Malwarebytes results
  • ESET results
  • CouponBar icon removed?
  • How is the PC running now?

  • 0

#19
rocket985

rocket985

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Done, done, and done.

CouponBar gone.

Don't really know on computer performance because all I done is geekstogo since we started. :huh:









[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=399ccd4b25e38045a7bc939ba67bb63a
# engine=17162
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-02-21 06:17:21
# local_time=2014-02-21 01:17:21 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 77 1285183 2106163 0 0
# compatibility_mode=5893 16776573 100 94 0 144506891 0 0
# scanned=249076
# found=20
# cleaned=0
# scan_time=8781
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=639EC700B0AE3E4022B0E2194154C35804C1495D ft=1 fh=cea679b0d15a81f3 vn="Win64/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\internethelper3.1\hk64tbInte.dll.vir"
sh=E81DDA2EB87C2B9FC5567266DCB0F473CA8879DD ft=1 fh=ce9365354cde4d2d vn="Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\internethelper3.1\hktbInte.dll.vir"
sh=BB64EAB4A8D339B38E2C84ECCDC1EB9BCB508661 ft=1 fh=b9050071cbb9d4b1 vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\internethelper3.1\ldrtbInte.dll.vir"
sh=41565A5C7C5DE65C949CC2C3566265E05A0BA782 ft=1 fh=95024ab9b65b3320 vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\internethelper3.1\tbInte.dll.vir"
sh=1E437EEA6067C94EEAF0B55D70C46AA61CB5AFB1 ft=1 fh=8b0bf2da7e3e86d3 vn="a variant of Win32/InstallCore.D potentially unwanted application" ac=I fn="C:\Users\Owner\Downloads\cnet_wax20e_zip.exe"
sh=0F2F0F9885A9F39AE8ED1AADB16A2D253FB282D5 ft=1 fh=04db9efc76a890ec vn="a variant of Win32/RegistryBooster potentially unwanted application" ac=I fn="C:\Users\Owner\Downloads\registrybooster.exe"
sh=F8617AB64643ACE7C731DB41C6443CC11DDD41AF ft=1 fh=f40954c17da1e2f7 vn="Win32/InstallCore.CD potentially unwanted application" ac=I fn="C:\Users\Owner\Downloads\ZipOpenerSetup.exe"
sh=639EC700B0AE3E4022B0E2194154C35804C1495D ft=1 fh=cea679b0d15a81f3 vn="Win64/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Users\Scott\AppData\LocalLow\InternetHelper3.1\hk64tbInte.dll"
sh=E81DDA2EB87C2B9FC5567266DCB0F473CA8879DD ft=1 fh=ce9365354cde4d2d vn="Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\Users\Scott\AppData\LocalLow\InternetHelper3.1\hktbInte.dll"
sh=BB64EAB4A8D339B38E2C84ECCDC1EB9BCB508661 ft=1 fh=b9050071cbb9d4b1 vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\Users\Scott\AppData\LocalLow\InternetHelper3.1\ldrtbInte.dll"
sh=41565A5C7C5DE65C949CC2C3566265E05A0BA782 ft=1 fh=95024ab9b65b3320 vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\Users\Scott\AppData\LocalLow\InternetHelper3.1\tbInte.dll"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Windows\System32\Adobe\Shockwave 11\gt.exe"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Windows\System32\Adobe\Shockwave 12\gt.exe"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\Adobe\Shockwave 11\gt.exe"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe"
sh=2BD3A9A65EDD44DAD867D108FFCB03D564108B94 ft=1 fh=b4b068413bf83d4f vn="a variant of Win32/Kryptik.AGWA trojan" ac=I fn="C:\_OTL\MovedFiles\02202014_220428\C_ProgramData\Microsoft\Windows\DRM\113.tmp.dat"
sh=77439B2D9932E8CA78A365E09B893D71310205A6 ft=1 fh=6437780cc695185c vn="a variant of Win32/Kryptik.AIPA trojan" ac=I fn="C:\_OTL\MovedFiles\02202014_220428\C_ProgramData\Microsoft\Windows\DRM\8F9F.tmp.dat"
sh=6F37B6E29EC0636427ECD1D826B5F810ED70BA36 ft=1 fh=6437780ce4eefcb6 vn="a variant of Win32/Kryptik.AIPA trojan" ac=I fn="C:\_OTL\MovedFiles\02202014_220428\C_ProgramData\Microsoft\Windows\DRM\C17A.tmp"
sh=6F37B6E29EC0636427ECD1D826B5F810ED70BA36 ft=1 fh=6437780ce4eefcb6 vn="a variant of Win32/Kryptik.AIPA trojan" ac=I fn="C:\_OTL\MovedFiles\02202014_220428\C_ProgramData\Microsoft\Windows\DRM\ncrypt.dll"














Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.21.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Owner :: OWNER-PC [administrator]

2/20/2014 10:14:29 PM
mbam-log-2014-02-20 (22-14-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 301350
Time elapsed: 13 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)















========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk moved successfully.
File move failed. C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk scheduled to be moved on reboot.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TTB000001.TTB000001Toolbar\ deleted successfully.
========== FILES ==========
C:\Users\Owner\Downloads\dds(1).scr moved successfully.
C:\Users\Owner\Downloads\dds.scr moved successfully.
C:\ProgramData\Microsoft\Windows\DRM\113.tmp.dat moved successfully.
C:\ProgramData\Microsoft\Windows\DRM\8F9F.tmp.dat moved successfully.
C:\ProgramData\Microsoft\Windows\DRM\C17A.tmp moved successfully.
C:\ProgramData\Microsoft\Windows\DRM\ncrypt.dll moved successfully.
File\Folder C:\Users\All Users\Microsoft\Windows\DRM\ncrypt.dll not found.

OTL by OldTimer - Version 3.2.69.0 log created on 02202014_220428

Files\Folders moved on Reboot...
File\Folder C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#20
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Nearly there I feel :)

When you have installed Adobe products in the past Google Toolbar was also installed, you need to be careful when installing any program that nothing else is being installed without your knowledge. It's one of the main reasons I see for infected PC's. :thumbsup:

What ESET found was mainly quarantined items we have dealt with and some others that we will deal with here. 2 items ring alarm bells with me - CNET and a Registry Booster.

CNET installers and Downloads are notorius for Bundled Applications. Check the installers on this site very carefully.

Registry Boosters, rarely boost anything and can potentially overclean the registry causing a multitude of problems. More on these issues in my final post with some site recomendations.


Todays Homework

We will uninstall some Adobe products, run an OTL fix then re-install Adobe products without bundled sofware. The Java update is extremely important, I think you are on top of this but JavaRa does a good job clearing old entries.

1. Uninstall

  • Click Start then select Control Panel
  • In control panel click Uninstall a Program or Programs and Features and uninstall the following:
  • Adobe Reader 9
  • Adobe Reader 10.1.9
  • Adobe Shockwave

2. OTL Fix

  • Right click the OTL icon and select Run as Administrator.
  • Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.

    :FILES
    C:\Users\Owner\Downloads\cnet_wax20e_zip.exe
    C:\Users\Owner\Downloads\registrybooster.exe
    C:\Users\Owner\Downloads\ZipOpenerSetup.exe
    C:\Users\Scott\AppData\LocalLow\InternetHelper3.1
    C:\Windows\System32\Adobe
    C:\Windows\SysWOW64\Adobe

  • Then click Run Fix
  • Click O.K if asked to Reboot.
  • An OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - Where mmddyyy _hhmmss is the date and time of fix.
  • Copy and Paste the Fix Log in your next reply.


3. Install ADOBE

Adobe is bundled with Chrome, Google toolbar and or McAfee Security Scan. Uncheck the Optional Offer box before downloading both Reader, Flash player and Shockwave.

Enter the OS, language and version then then uncheck the Optional Offer



4. Java - Please Read

  • Java is one of the most exploited software at this time and the majority of home users can do without it. Installing the latest updates is also important
  • The easiest way to find out if Java is needed is to disable Java in your web browser. (see link below)
  • If a trusted program or webpage asks for Java then enable it, otherwise Uninstall completely using JavaRa

    Update or Remove Java

  • Use this link to download JavaRa
  • Run JavaRa.exe, then click on Remove Java Runtime.
  • Select the Java version you have from the drop down list, and then click on Run Uninstaller
  • Press Yes if it asks to uninstall the product.
  • Allow the uninstaller to remove the installed version.
  • Follow the next steps only if you want to keep Java install the latest version
  • When its finished, go back to JavaRa, and click Back
  • Click on Update Java Runtime and then select Download and install latest version.
  • Press Next
  • Press Java Manual Download.
  • A browser window will open with the Java download page.
  • Click the Windows offline link to download Java.
  • Run the installer.
  • Close JavaRa

5. ENSURE AUTOMATIC UPDATES ARE ENABLED

All security updates released by Microsoft must be Automatically Installed.

  • Click Start and in the search box type windows update and press ENTER.
  • Click Change Settings and make sure the Install updates automatically (recommended) option is selected, if not select it and click O.K to save settings.


6. Test Computer

  • Check if Browsers are OK and Collaborate Blackboard connects.


I only need to see the OTL fix next post and the running state of the PC :)
  • 0

#21
rocket985

rocket985

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Browsers are ok. The operator for the blackboard connects was unavailable this weekend. :rolleyes:
Will try tonight to find out.










========== FILES ==========
File\Folder C:\Users\Owner\Downloads\cnet_wax20e_zip.exe not found.
File\Folder C:\Users\Owner\Downloads\registrybooster.exe not found.
File\Folder C:\Users\Owner\Downloads\ZipOpenerSetup.exe not found.
File\Folder C:\Users\Scott\AppData\LocalLow\InternetHelper3.1 not found.
File\Folder C:\Windows\System32\Adobe not found.
File\Folder C:\Windows\SysWOW64\Adobe not found.

OTL by OldTimer - Version 3.2.69.0 log created on 02242014_081301
  • 0

#22
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Great job, and thanks for sticking with me. I think the finish line is in sight....but something is bothering me :)

ESET found some files on your machine which I then attempted to remove with OTL in the last fix. The results show that those files are no longer present. Could you navigate to the following locations and see if the .exe files are in fact gone:

C:\Users\Owner\Downloads
cnet_wax20e_zip.exe?
registrybooster.exe?
ZipOpenerSetup.exe?

and also navigate to this location and see if there is an Adobe folder present:

C:\Windows\System32
Adobe?
  • 0

#23
rocket985

rocket985

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
The .exe's were not there.

No Adobe folder.
  • 0

#24
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hello there, great job thanks :)

Well I am happy that the malware is clear and if the PC is running well I can clear away our tools and offer some advice.

I will leave this topic open for you in case you run into problems with Collaborate Blackboard.

Start a new topic for the 2nd machine and I or a colleague will answer. :thumbsup:


Dustpan and Brush


1. DELFIX by XPLODE

We need to remove the tools we've used during cleaning your machine and delete the quarantined files.

  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    DELFIXpic.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. I only need to see this logs if errors are shown.



Tips For A Clean Surf with Toolbar and Homepage free waves



Avoid the following

  • Torrent downloaders, Torrent files and Torrent sites. - Otherwise known as P2P. The files are mainly illegal, contain malware and\or adult material. Steer clear of P2P programs and files..
  • Registry Cleaners - They can clean a little too much and remove needed entries. The best thing to do with the registry is leave it be.
  • PC Performance Boosters. - Programs that promise to speed up your PC. These are useless and\or come packed with Toolbars and other uneeded software that runs in the background causing, you guessed it Performance Issues!
  • Not Checking Install Screens - Dont just click next, next, next and Install when installing programs. Some of the screens may contain Browsers or Toolbars. Check each screen before clicking next.

Free Download Site

  • FileHippo At this site the download links are available at the right hand side of the screen.


The main thing is to Keep On Top Of Your Updates and run Weekly Scans with Malwarebytes and your Antivirus.

I will keep this post open for 48 hours if you need assistance. If after that you need help then please start a new Topic in the appropriate forum.

Select the following link and add it to your Favourites or Bookmark for future use. The answers to the majority of PC problems. :wave:
  • 0

#25
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP