Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

No infection name. Computer becoming unusable [Closed]


  • This topic is locked This topic is locked

#16
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
User returned.
  • 0

Advertisements


#17
Thumperness

Thumperness

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
I actually finally got Malwarebytes to run. I ran it last though. hope that didn't make a difference. Things seem to be running better from what I can tell. I don't use this computer much myself.


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-03-2014
Ran by Wendy at 2014-03-11 21:03:30 Run:3
Running from C:\Users\Wendy\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
S2 1a34a8e0; C:\Program Files (x86)\WSSvc.dll [175952 2014-02-05] ()
C:\Program Files (x86)\WSSvc.dll
End
*****************

1a34a8e0 => Service deleted successfully.
C:\Program Files (x86)\WSSvc.dll => Moved successfully.

==== End of Fixlog ====



Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.11.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
Wendy :: WENDY-HP [administrator]

3/16/2014 7:54:03 PM
mbam-log-2014-03-16 (19-54-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 243290
Time elapsed: 35 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 10
HKCR\CLSID\{8CF420C1-5324-EC8D-BA65-47B740B6560B} (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8CF420C1-5324-EC8D-BA65-47B740B6560B} (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{8CF420C1-5324-EC8D-BA65-47B740B6560B} (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8CF420C1-5324-EC8D-BA65-47B740B6560B} (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8CF420C1-5324-EC8D-BA65-47B740B6560B} (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252} (PUP.Optional.GreatSaver.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{643CAF08-2DA3-3CF1-0842-64205CD6F435} (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\Software\Coupon Companion Plugin (PUP.Optional.CouponCompanionPlugin.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\Users\Wendy\AppData\Roaming\player (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\Wendy\AppData\Roaming\player\images (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.

Files Detected: 46
C:\ProgramData\AllTubeNoAdds\U3B.dll (PUP.Optional.MultiPlug.A) -> Delete on reboot.
C:\ProgramData\AllTubeNoAdds\U3B.exe (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
C:\ProgramData\AllTubeNoAdds\U3B.x64.dll (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\WS.Enabler (Trojan.SProtector) -> Quarantined and deleted successfully.
C:\Users\Wendy\Downloads\breathe carolina savages lyric video.mp3__4958_il1434991.exe (PUP.Optional.InstallMonetizer) -> Quarantined and deleted successfully.
C:\Users\Wendy\Downloads\Potload_Download_Manager.exe (PUP.Optional.Tarma) -> Quarantined and deleted successfully.
C:\Windows\Installer\f1b8163.msi (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Windows\Installer\f1b8183.msi (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
C:\Users\Wendy\AppData\Roaming\player\playlist.vpl (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\Wendy\AppData\Roaming\player\config.ini (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\Wendy\AppData\Roaming\player\images\channel_ld_103.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\Wendy\AppData\Roaming\player\images\channel_ld_11.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\Wendy\AppData\Roaming\player\images\channel_ld_120.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\Wendy\AppData\Roaming\player\images\channel_ld_121.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\Wendy\AppData\Roaming\player\images\channel_ld_122.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\Wendy\AppData\Roaming\player\images\channel_ld_123.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\Wendy\AppData\Roaming\player\images\channel_ld_124.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\Wendy\AppData\Roaming\player\images\channel_ld_125.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\Wendy\AppData\Roaming\player\images\channel_ld_126.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\Wendy\AppData\Roaming\player\images\channel_ld_127.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\Wendy\AppData\Roaming\player\images\channel_ld_136.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\Wendy\AppData\Roaming\player\images\channel_ld_137.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\Wendy\AppData\Roaming\player\images\channel_ld_140.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\Wendy\AppData\Roaming\player\images\channel_ld_141.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\Wendy\AppData\Roaming\player\images\channel_ld_149.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\Wendy\AppData\Roaming\player\images\channel_ld_150.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\Wendy\AppData\Roaming\player\images\channel_ld_160.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\Wendy\AppData\Roaming\player\images\channel_ld_165.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\Wendy\AppData\Roaming\player\images\channel_ld_181.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\Wendy\AppData\Roaming\player\images\channel_ld_191.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\Wendy\AppData\Roaming\player\images\channel_ld_193.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\Wendy\AppData\Roaming\player\images\channel_ld_199.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\Wendy\AppData\Roaming\player\images\channel_ld_200.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\Wendy\AppData\Roaming\player\images\channel_ld_201.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\Wendy\AppData\Roaming\player\images\channel_ld_204.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\Wendy\AppData\Roaming\player\images\channel_ld_219.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\Wendy\AppData\Roaming\player\images\channel_ld_221.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\Wendy\AppData\Roaming\player\images\channel_ld_224.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\Wendy\AppData\Roaming\player\images\channel_ld_268.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\Wendy\AppData\Roaming\player\images\channel_ld_28.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\Wendy\AppData\Roaming\player\images\channel_ld_34.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\Wendy\AppData\Roaming\player\images\channel_ld_37.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\Wendy\AppData\Roaming\player\images\channel_ld_49.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\Wendy\AppData\Roaming\player\images\channel_ld_57.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\Wendy\AppData\Roaming\player\images\channel_ld_86.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\Wendy\AppData\Roaming\player\images\channel_ld_99.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.

(end)



C:\AdwCleaner\Quarantine\C\Program Files (x86)\SNT\_GbYOA1J.dll.vir a variant of Win32/AdWare.MultiPlug.N application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SNT\_GbYOA1J.x64.dll.vir a variant of Win64/Adware.MultiPlug.A application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YoutubeAdblocker\2wXyNSCHEn.dll.vir a variant of Win32/AdWare.MultiPlug.N application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YoutubeAdblocker\2wXyNSCHEn.x64.dll.vir a variant of Win64/Adware.MultiPlug.A application
C:\AdwCleaner\Quarantine\C\ProgramData\AlLCheapPriice\NW0XRGE.exe.vir a variant of Win32/AdWare.MultiPlug.K.gen application
C:\AdwCleaner\Quarantine\C\ProgramData\goreAtsaveur\ULlrS_exB.exe.vir a variant of Win32/AdWare.MultiPlug.S application
C:\AdwCleaner\Quarantine\C\ProgramData\SNT\jnCf7FicI.exe.vir a variant of Win32/AdWare.MultiPlug.S application
C:\AdwCleaner\Quarantine\C\ProgramData\YoutubeAdblocker\0uUKnuGsk.exe.vir a variant of Win32/AdWare.MultiPlug.S application
C:\FRST\Quarantine\C\Program Files (x86)\WSSvc.dll.xBAD a variant of Win32/SProtector.D potentially unwanted application
C:\FRST\Quarantine\C\programdata\setapp\ws.enabler\WS.Enabler.exe.xBAD Win32/TrojanDownloader.Agent.AFD trojan
C:\Program Files (x86)\WS.Enabler a variant of Win32/SProtector.D potentially unwanted application
C:\Program Files (x86)\WS_x64.Enabler a variant of Win64/SProtector.A potentially unwanted application
C:\ProgramData\AllTubeNoAdds\U3B.dll a variant of Win32/AdWare.MultiPlug.N application
C:\ProgramData\AllTubeNoAdds\U3B.exe a variant of Win32/AdWare.MultiPlug.K.gen application
C:\ProgramData\AllTubeNoAdds\U3B.x64.dll a variant of Win64/Adware.MultiPlug.A application
C:\ProgramData\InstallMate\{14816941-DBD8-4A2D-A8C6-93FACF624BB7}\Custom.dll Win32/InstalleRex.M potentially unwanted application
C:\Users\All Users\AllTubeNoAdds\U3B.dll a variant of Win32/AdWare.MultiPlug.N application
C:\Users\All Users\AllTubeNoAdds\U3B.exe a variant of Win32/AdWare.MultiPlug.K.gen application
C:\Users\All Users\AllTubeNoAdds\U3B.x64.dll a variant of Win64/Adware.MultiPlug.A application
C:\Users\All Users\InstallMate\{14816941-DBD8-4A2D-A8C6-93FACF624BB7}\Custom.dll Win32/InstalleRex.M potentially unwanted application
C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000 Win32/InstalleRex.M potentially unwanted application
C:\Users\Wendy\AppData\Local\Temp\DDTQZE.tmp Win32/TrojanDownloader.Agent.AFD trojan
C:\Users\Wendy\AppData\Local\Temp\FXEGYP.tmp Win32/TrojanDownloader.Agent.AFD trojan
C:\Users\Wendy\AppData\Local\Temp\LZVMJB.tmp Win32/TrojanDownloader.Agent.AFD trojan
C:\Users\Wendy\AppData\Local\Temp\OXQKER.tmp Win32/TrojanDownloader.Agent.AFD trojan
C:\Users\Wendy\AppData\Local\Temp\ULKEOC.tmp Win32/TrojanDownloader.Agent.AFD trojan
C:\Users\Wendy\Downloads\breathe carolina savages lyric video.mp3__4958_il1434991.exe a variant of Win32/Amonetize.AG potentially unwanted application
C:\Users\Wendy\Downloads\Potload_Download_Manager.exe Win32/InstalleRex.M potentially unwanted application
C:\_OTL\MovedFiles\05092013_190855\C_Program Files\Updater By SweetPacks\Extension32.dll a variant of Win32/Toolbar.Perion.A potentially unwanted application
C:\_OTL\MovedFiles\05092013_190855\C_Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe a variant of Win32/Toolbar.BitCocktail.B potentially unwanted application
C:\_OTL\MovedFiles\05092013_190855\C_Program Files\Updater By SweetPacks\InstallerHelper.dll a variant of Win32/Toolbar.BitCocktail.A potentially unwanted application
C:\_OTL\MovedFiles\05142013_182311\C_Users\Wendy\AppData\Local\Temp\DIQ\FlashPlayer_151\DomaIQ10.exe a variant of Win32/DomaIQ.L potentially unwanted application
C:\_OTL\MovedFiles\05192013_150026\C_Users\Wendy\AppData\Local\Temp\Shortcut_SweetIPacks.exe probably a variant of Win32/SweetIM.C potentially unwanted application
C:\_OTL\MovedFiles\05192013_150026\C_Users\Wendy\AppData\Local\Updater21804\Updater21804.exe a variant of Win32/Toolbar.CrossRider.C potentially unwanted application
C:\_OTL\MovedFiles\05192013_150026\C_Users\Wendy\Downloads\FlashPlayerPro.exe a variant of Win32/AirAdInstaller.A potentially unwanted application
Operating memory a variant of Win32/AdWare.MultiPlug.N application




Results of screen317's Security Check version 0.99.80
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 51
Adobe Reader XI
Google Chrome 32.0.1700.107
Google Chrome 33.0.1750.154
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
  • 0

#18
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

I actually finally got Malwarebytes to run. I ran it last though. hope that didn't make a difference. Things seem to be running better from what I can tell. I don't use this computer much myself.


Hello :)

I'm glad to hear that it's running better. :) We're close to being done, a few remnants to get rid of and some cleanup procedures left to go.

It looks like the ESET log is incomplete, it's missing the header to the log. Please check here: C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt and post the log there. :thumbsup:
  • 0

#19
Thumperness

Thumperness

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

Seems short. Is this what you were looling for?
  • 0

#20
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

Seems short. Is this what you were looling for?


That happens on occasion for some reason, but I believe I have enough information from the log to get rid of the remnants on the machine.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: FRST Fix


  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
C:\Program Files (x86)\WS.Enabler
C:\Program Files (x86)\WS_x64.Enabler
C:\ProgramData\AllTubeNoAdds
C:\ProgramData\InstallMate
C:\Users\All Users\AllTubeNoAdds
C:\Users\All Users\InstallMate
C:\Users\Wendy\Downloads\breathe carolina savages lyric video.mp3__4958_il1434991.exe
C:\Users\Wendy\Downloads\Potload_Download_Manager.exe
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.



Step 2: Run TFC


Please run TFC again to clear out the temp folders.

  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


Things I need to see in your next post:

FRST Log

  • 0

#21
Thumperness

Thumperness

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-03-2014
Ran by Wendy at 2014-03-19 21:33:30 Run:4
Running from C:\Users\Wendy\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
C:\Program Files (x86)\WS.Enabler
C:\Program Files (x86)\WS_x64.Enabler
C:\ProgramData\AllTubeNoAdds
C:\ProgramData\InstallMate
C:\Users\All Users\AllTubeNoAdds
C:\Users\All Users\InstallMate
C:\Users\Wendy\Downloads\breathe carolina savages lyric video.mp3__4958_il1434991.exe
C:\Users\Wendy\Downloads\Potload_Download_Manager.exe
End
*****************

"C:\Program Files (x86)\WS.Enabler" => File/Directory not found.
C:\Program Files (x86)\WS_x64.Enabler => Moved successfully.
C:\ProgramData\AllTubeNoAdds => Moved successfully.
C:\ProgramData\InstallMate => Moved successfully.
"C:\Users\All Users\AllTubeNoAdds" => File/Directory not found.
"C:\Users\All Users\InstallMate" => File/Directory not found.
"C:\Users\Wendy\Downloads\breathe carolina savages lyric video.mp3__4958_il1434991.exe" => File/Directory not found.
"C:\Users\Wendy\Downloads\Potload_Download_Manager.exe" => File/Directory not found.

==== End of Fixlog ====
  • 0

#22
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hi :)

I'd like to take one more look and make sure everything is clean. :)

Please start FRST and press the scan button. Please post the log when it completes.\
  • 0

#23
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP