Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

All the tricks you have taught me [Solved]


  • This topic is locked This topic is locked

#16
bhzendner

bhzendner

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 219 posts
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.11.09

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16843
Jose :: QUATRINEDESKTOP [administrator]

3/11/2014 3:03:58 PM
mbam-log-2014-03-11 (15-03-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 246235
Time elapsed: 2 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

C:\Program Files\Common Files\Microsoft\ART\Backup\Google Chrome\Default\Cache\f_0000eb JS/Toolbar.Crossrider.B potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Jose\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdhfjlpbianbchmhaiaekeceonnchalc\1.26.9_0\extensionData\plugins\102_dealply_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Jose\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdhfjlpbianbchmhaiaekeceonnchalc\1.26.9_0\extensionData\plugins\104_jollywallet_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Jose\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdhfjlpbianbchmhaiaekeceonnchalc\1.26.9_0\extensionData\plugins\191_ciuvo_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Jose\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdhfjlpbianbchmhaiaekeceonnchalc\1.26.9_0\extensionData\plugins\91_monetizationLoader.js.js.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Jose\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdhfjlpbianbchmhaiaekeceonnchalc\1.26.9_0\extensionData\plugins\93_superfish_no_coupons_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\Users\Jose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000eb JS/Toolbar.Crossrider.B potentially unwanted application
C:\Users\Jose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000223 JS/Toolbar.Crossrider.B potentially unwanted application
C:\Users\Jose\AppData\Local\Installer\Install_28499\ytdownloader_setup_20140203.exe a variant of Win32/SpeedBit.A potentially unwanted application
C:\Users\Jose\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C68TDXST\price_gong_m[1].js JS/Toolbar.Crossrider.B potentially unwanted application
C:\Users\Jose\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C68TDXST\similar_products_m[1].js JS/Toolbar.Crossrider.B potentially unwanted application
C:\Users\Jose\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MIR2S7SV\monetizationLoader[1].js JS/Toolbar.Crossrider.B potentially unwanted application
C:\Users\Jose\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MIR2S7SV\monetizationLoader[2].js JS/Toolbar.Crossrider.B potentially unwanted application

Results of screen317's Security Check version 0.99.80
x64 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
"Endpoint Antivirus"
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Google Chrome 33.0.1750.117
Google Chrome 33.0.1750.146
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
  • 0

Advertisements


#17
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hi :)

The ESET log looks incomplete, please look here: C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt and post the complete log. :thumbsup:
  • 0

#18
bhzendner

bhzendner

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 219 posts
[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=8
# IEXPLORE.EXE=10.00.9200.16384 (win8_rtm.120725-1247)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d2f01af68be63247b337f658d1bdfc66
# engine=17403
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-03-11 08:46:34
# local_time=2014-03-11 03:46:34 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=5893 16776574 100 94 0 11830323 0 0
# scanned=167326
# found=13
# cleaned=0
# scan_time=2179
sh=D5BF3BEAF19D898EB32267722392039A56C90C28 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\Program Files\Common Files\Microsoft\ART\Backup\Google Chrome\Default\Cache\f_0000eb"
sh=9EFDE89A61BAAA7D5D5D4B08214BE3D2EE505248 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Jose\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdhfjlpbianbchmhaiaekeceonnchalc\1.26.9_0\extensionData\plugins\102_dealply_m.js.vir"
sh=30630D311A124BA372D209C02247D8A4238E3610 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Jose\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdhfjlpbianbchmhaiaekeceonnchalc\1.26.9_0\extensionData\plugins\104_jollywallet_m.js.vir"
sh=39D85F60370A7E5065A9BDC9D83216476D768A60 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Jose\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdhfjlpbianbchmhaiaekeceonnchalc\1.26.9_0\extensionData\plugins\191_ciuvo_m.js.vir"
sh=5F9D4692A21A19632CA89DE2711351AF39A1F82B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Jose\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdhfjlpbianbchmhaiaekeceonnchalc\1.26.9_0\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=0C5AC30A082628E85A9A8B68EF5E5EAFA46F0CC7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Jose\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdhfjlpbianbchmhaiaekeceonnchalc\1.26.9_0\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=D5BF3BEAF19D898EB32267722392039A56C90C28 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\Users\Jose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000eb"
sh=AEC51C64537A96EA1530C0A768638757CA37A55B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\Users\Jose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000223"
sh=C6B44F78F2397DE2F60970B4F8BE825CC5D2CD23 ft=1 fh=221cbc7fa0bb8f1b vn="a variant of Win32/SpeedBit.A potentially unwanted application" ac=I fn="C:\Users\Jose\AppData\Local\Installer\Install_28499\ytdownloader_setup_20140203.exe"
sh=B8DCC1355AF30C027794D10BC8FD83670866BA2A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\Users\Jose\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C68TDXST\price_gong_m[1].js"
sh=AEC51C64537A96EA1530C0A768638757CA37A55B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\Users\Jose\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C68TDXST\similar_products_m[1].js"
sh=AA8FE1C31F7A81FB3089A8543C02D0EF97AA3678 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\Users\Jose\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MIR2S7SV\monetizationLoader[1].js"
sh=202C1899F9B92EF86E40333C701C620BB16CE1F2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\Users\Jose\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MIR2S7SV\monetizationLoader[2].js"
  • 0

#19
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Thank you :)

Let's get rid of the temporary files and run a small FRST fix.

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Run TFC


Clear Cache/Temp Files
Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


Step 2: FRST Fix


  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
C:\Users\Jose\AppData\Local\Installer\Install_28499\ytdownloader_setup_20140203.exe
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Things I need to see in your next post:

Fixlog.txt log

  • 0

#20
bhzendner

bhzendner

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 219 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2014
Ran by Jose at 2014-03-11 16:39:52 Run:2
Running from C:\Users\Jose\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
C:\Users\Jose\AppData\Local\Installer\Install_28499\ytdownloader_setup_20140203.exe
End
*****************

C:\Users\Jose\AppData\Local\Installer\Install_28499\ytdownloader_setup_20140203.exe => Moved successfully.

==== End of Fixlog ====
  • 0

#21
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Looks good :)


Great news, your logs are CLEAN! :thumbsup: :) We still have a few things we need to address namely:

  • I need to remove the tools we installed on your machine.
  • We also have some programs on your machine that need updating to help protect you in the future.
  • I also have some information for you and protection against a new ransomware program called CryptoLocker.



Step 1: Tool Removal and Creation of a New Clean Restore Point


  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    Posted Image
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

  • You can uninstall ESET Online Scanner at this time.
  • I'd recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week.


Step 2: Update Internet Explorer


Your IE is out of date, please click the link below to go to Microsoft's website, then select Downloads, then select Internet Explorer.

http://www.microsoft...us/default.aspx


Step 3: Tips, Information, and protection against CryptoLocker


Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.

Be careful of the websites you visit.

When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take you time and read each screen as you go. :)

To help protect yourself while on the web, I recommend you read How did I get infected in the first place?

A warning about CryptoLocker

CryptoLocker is a ransomware program that was released around the beginning of September 2013 that targets all versions of Windows including Windows XP, Windows Vista, Windows 7, and Windows 8. This ransomware will encrypt certain files using a mixture of RSA & AES encryption. When it has finished encrypting your files, it will display a CryptoLocker payment program that prompts you to send a ransom of either $100 or $300 in order to decrypt the files. This screen will also display a timer stating that you have 72 hours, or 4 days, to pay the ransom or it will delete your encryption key and you will not have any way to decrypt your files. This ransom must be paid using MoneyPak vouchers or Bitcoins. Once you send the payment and it is verified, the program will decrypt the files that it encrypted.

Please download and install CryptoPrevent to lock your machine down from this infection.

Posted Image


Are there any further issues I can assist you with?
  • 0

#22
bhzendner

bhzendner

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 219 posts
# DelFix v10.6 - Logfile created 11/03/2014 at 16:59:53
# Updated 11/11/2013 by Xplode
# Username : Jose - QUATRINEDESKTOP
# Operating System : Windows 8 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\ComboFix.txt
Deleted : C:\Users\Jose\Desktop\JRT.txt
Deleted : C:\Users\Jose\Downloads\Addition.txt
Deleted : C:\Users\Jose\Downloads\adwcleaner.exe
Deleted : C:\Users\Jose\Downloads\aswmbr.exe
Deleted : C:\Users\Jose\Downloads\aswMBR.txt
Deleted : C:\Users\Jose\Downloads\Fixlog.txt
Deleted : C:\Users\Jose\Downloads\Fixlog1.txt
Deleted : C:\Users\Jose\Downloads\FRST.txt
Deleted : C:\Users\Jose\Downloads\FRST64.exe
Deleted : C:\Users\Jose\Downloads\JRT.exe
Deleted : C:\Users\Jose\Downloads\MBR.dat
Deleted : C:\Users\Jose\Downloads\Search.txt
Deleted : C:\Users\Jose\Downloads\TFC.exe
Deleted : C:\Windows\grep.exe
Deleted : C:\Windows\PEV.exe
Deleted : C:\Windows\NIRCMD.exe
Deleted : C:\Windows\MBR.exe
Deleted : C:\Windows\SED.exe
Deleted : C:\Windows\SWREG.exe
Deleted : C:\Windows\SWSC.exe
Deleted : C:\Windows\SWXCACLS.exe
Deleted : C:\Windows\Zip.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

########## - EOF - ##########
  • 0

#23
bhzendner

bhzendner

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 219 posts
It seems to be acting fine.
Are you telling me we are good to go?
Thanks
  • 0

#24
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

It seems to be acting fine.
Are you telling me we are good to go?
Thanks


Yes, we're good to go. :thumbsup: You're quite welcome and please don't hesitate to come back if you need us again. :)
  • 0

#25
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP