[l3arefoot]

Here they are. Sorry for the delay,  was away till late last night. Thank you again for your help and patience!

 

 

 

ESET

 

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9ffa5e3b1d3ad343ae352c5546170385
# engine=17591
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-24 10:20:03
# local_time=2014-03-24 06:20:03 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=772 16777213 83 80 259392 259514 0 0
# compatibility_mode=5893 16776573 100 94 0 147243053 0 0
# scanned=67032
# found=0
# cleaned=0
# scan_time=1414
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9ffa5e3b1d3ad343ae352c5546170385
# engine=17591
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-03-24 11:27:50
# local_time=2014-03-24 07:27:50 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=772 16777213 83 80 263459 263581 0 0
# compatibility_mode=5893 16776573 100 94 0 147247120 0 0
# scanned=203159
# found=1
# cleaned=0
# scan_time=3721
sh=D8339526811E264DA87727E3C59D508C3D2CFC62 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Users\Bears\AppData\Local\Downloaded Installations\{0710724E-1A91-4F52-ACCA-1B2BB24A0590}\The Weather Channel App.msi"

 

 

 

MBAM

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.24.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
Bears :: BEARS-1B [administrator]

3/24/2014 5:43:50 PM
mbam-log-2014-03-24 (17-43-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216904
Time elapsed: 3 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

[Advertisements]

Here they are. Sorry for the delay,  was away till late last night. Thank you again for your help and patience!

No worries, we work on the schedule that works best for you.


Let's run a small OTL Fix to get rid of the one threat that ESET found.


Warning:  This fix is to be used on this system and this system ONLY.  Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Run OTL by double clicking it (Windows Vista, Windows 7, and 8, right click and select "Run as Administrator)
 

• Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.

:Commands
[createrestorepoint]

:Files
C:\Users\Bears\AppData\Local\Downloaded Installations\{0710724E-1A91-4F52-ACCA-1B2BB24A0590}\The Weather Channel App.msi

:Commands
[reboot]

                                                                                            
 

• Click the Run Fix button at the top of the OTL control panel.
• Let the program run until it's finished and then reboot the computer.
• Once your machine has rebooted, a log will open.  If the log doesn't open, you can find a copy of it here:  C:\_OTL\MovedFiles   Please post that log in your next reply.

If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.
 

[pystryker]

Here they are. Sorry for the delay,  was away till late last night. Thank you again for your help and patience!

No worries, we work on the schedule that works best for you.


Let's run a small OTL Fix to get rid of the one threat that ESET found.


Warning:  This fix is to be used on this system and this system ONLY.  Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Run OTL by double clicking it (Windows Vista, Windows 7, and 8, right click and select "Run as Administrator)
 

• Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.

:Commands
[createrestorepoint]

:Files
C:\Users\Bears\AppData\Local\Downloaded Installations\{0710724E-1A91-4F52-ACCA-1B2BB24A0590}\The Weather Channel App.msi

:Commands
[reboot]

                                                                                            
 

• Click the Run Fix button at the top of the OTL control panel.
• Let the program run until it's finished and then reboot the computer.
• Once your machine has rebooted, a log will open.  If the log doesn't open, you can find a copy of it here:  C:\_OTL\MovedFiles   Please post that log in your next reply.

If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.
 

[l3arefoot]

this looks a bit dubious. Also there are some hidden files visible on my desktop

 

 

 

========== COMMANDS ==========
Restore point Set: OTL Restore Point
Error: Unable to interpret < :Files> in the current context!
Error: Unable to interpret < C:\Users\Bears\AppData\Local\Downloaded Installations\{0710724E-1A91-4F52-ACCA-1B2BB24A0590}\The Weather Channel App.msi> in the current context!
Error: Unable to interpret < :Commands> in the current context!
 
OTL by OldTimer - Version 3.2.69.0 log created on 03242014_211613
 

[pystryker]

this looks a bit dubious. Also there are some hidden files visible on my desktop

 

 

 

========== COMMANDS ==========
Restore point Set: OTL Restore Point
Error: Unable to interpret < :Files> in the current context!
Error: Unable to interpret < C:\Users\Bears\AppData\Local\Downloaded Installations\{0710724E-1A91-4F52-ACCA-1B2BB24A0590}\The Weather Channel App.msi> in the current context!
Error: Unable to interpret < :Commands> in the current context!
 
OTL by OldTimer - Version 3.2.69.0 log created on 03242014_211613
 

 

Hi, this error is given when the Run Scan button is pushed instead of the Run Fix button.  Please re-run the fix, and press the Run Fix button and that should take care of it.  Also, regarding the files, those appear during some of the fixes being run.  We'll re-hide them once your logs are clean.

[l3arefoot]

Same results. Positive I hit run fix

[pystryker]

Same results. Positive I hit run fix

Ok, uninstall Malwarebytes Anti-Malware, and then try running the fix again.  MBAM can interfere with OTL fixes some times and this maybe one of those times.

[l3arefoot]

same results

[pystryker]

Ok, run ESET again, and this time check the box that says Remove Found Threats and that should get rid of that pesky file.

[l3arefoot]

here is the new eset log. Should I run otl again?

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9ffa5e3b1d3ad343ae352c5546170385
# engine=17591
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-24 10:20:03
# local_time=2014-03-24 06:20:03 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=772 16777213 83 80 259392 259514 0 0
# compatibility_mode=5893 16776573 100 94 0 147243053 0 0
# scanned=67032
# found=0
# cleaned=0
# scan_time=1414
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9ffa5e3b1d3ad343ae352c5546170385
# engine=17591
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-03-24 11:27:50
# local_time=2014-03-24 07:27:50 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=772 16777213 83 80 263459 263581 0 0
# compatibility_mode=5893 16776573 100 94 0 147247120 0 0
# scanned=203159
# found=1
# cleaned=0
# scan_time=3721
sh=D8339526811E264DA87727E3C59D508C3D2CFC62 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Users\Bears\AppData\Local\Downloaded Installations\{0710724E-1A91-4F52-ACCA-1B2BB24A0590}\The Weather Channel App.msi"

[pystryker]

ESET is showing this program has Ask toolbar software included with it.    It's not active malware on your machine as your logs are clean, but if you decided to install the Weather Channel app, it would ask you if you wanted to install the Ask Toolbar.  We can leave it as it's not active.  If you do decide to install that app at some point, then make sure you go read each screen and not be "click happy"  And now...

 

 

Great news, your logs are CLEAN!    , but we still have a few things we need to address namely:
 

• I need to remove the tools we installed on your machine.
• I have some tips, information, and protection against a new ransomware program called CryptoLocker.

Step 1:  OTL Tool Removal

Start OTL and press the Clean Up button.  OTL will empty out it's quarantined files and delete itself.

The hidden files that were visible should no longer be visible.  Please let me know if they are still visible.


Step 2:  Remove Remaining Tools with Delfix

• Download Delfix from here
• Ensure Remove disinfection tools is ticked
  Also tick:
  • Create registry backup
  • Purge system restore
  
• Click Run

You can uninstall ESET Online Scanner at this time.


Step 3:  Tips, Information, and protection against CryptoLocker


Watch what you open in your emails.  If you get an email from an unknown source with any attached files, do not open it.  

Be careful of the websites you visit.

When installing new programs, don't be "click happy" and click through the screens.  Many programs come with adware in them and are set to install them by default.  Several programs require that you uncheck or select no to prevent the installation.  Take you time and read each screen as you go.

To help protect yourself while on the web, I recommend you read  How did I get infected in the first place?  

A warning about CryptoLocker

CryptoLocker is a ransomware program that was released around the beginning of September 2013 that targets all versions of Windows including Windows XP, Windows Vista, Windows 7, and Windows 8. This ransomware will encrypt certain files using a mixture of RSA & AES encryption. When it has finished encrypting your files, it will display a CryptoLocker payment program that prompts you to send a ransom of either $100 or $300 in order to decrypt the files. This screen will also display a timer stating that you have 72 hours, or 4 days, to pay the ransom or it will delete your encryption key and you will not have any way to decrypt your files. This ransom must be paid using MoneyPak vouchers or Bitcoins. Once you send the payment and it is verified, the program will decrypt the files that it encrypted.

Please download and install CryptoPrevent to lock your machine down from this infection.



Are there any further issues I can assist  you with?



 

 

[l3arefoot]

Thank you so much for your help with my machine. You share your expertise in a courteous and friendly manner! It really was a pleasure!

I was thinking about changing browsers to chrome. I have that on my mobile devices. any opinions on Chrome?

[pystryker]

Thank you so much for your help with my machine. You share your expertise in a courteous and friendly manner! It really was a pleasure!

I was thinking about changing browsers to chrome. I have that on my mobile devices. any opinions on Chrome?

You're very much welcome   It's been a pleasure working with you as well

 

Regarding Chrome:  I've not used it that much, I stick mostly to FF, so I can't really give you an accurate opinion.    But, I will tell you this:  one of the instructors that taught me *hates* that browser   On the flip side though, I've seen many people that really enjoy using it.

[pystryker]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.