Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

FBI Ransomware Issue, not resolved using Kaspersky Rescue Disk [Solve


  • This topic is locked This topic is locked

#46
Jay2014

Jay2014

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Naat, Here is the Malwarebytes Scan

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 8/24/2014
Scan Time: 2:58:47 PM
Logfile: Malwarebytes 2nd Scan.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.08.24.06
Rootkit Database: v2014.08.21.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: mary58
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 305314
Time Elapsed: 9 min, 16 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Panda Cloud Cleaner Scan
 
. FILE: C:\PROGRAM FILES (X86)\RADIO_1.1\RADIO_1.1TOOLBARHELPER.EXE to be deleted.
 
. REGKEY: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0A96DD14-21CB-44B9-98F6-898BAC404DCA}. Key to be deleted.
 
. FILE: C:\PROGRAM FILES (X86)\RADIO_1.1\UNINSTALL.EXE to be deleted.
 
Malware. FILE: C:\Users\mary58\AppData\Roaming\MICROSOFT\Windows\Cookies\Low\AFYPSQ7I.txt to be deleted.
 
Malware. FILE: C:\USERS\MARY58\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\0RNV9IMK.TXT to be deleted.
 
Malware. FILE: C:\USERS\MARY58\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\A92MJ2K3.TXT to be deleted.
 
. FILE: C:\PROGRAM FILES (X86)\ASKPARTNERNETWORK\TOOLBAR\UPDATER\TBNOTIFIER.EXE to be deleted.
 
. REGKEY: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[ApnTBMon]. Value: ApnTBMon To be deleted.
 
. REGKEY: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run[ApnTBMon]. Value: ApnTBMon To be deleted.
 
. REGKEY: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run[ApnTBMon]. Value: ApnTBMon To be deleted.
 
Malware. FILE: C:\USERS\MARY58\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\E5CVFJI0.TXT to be deleted.
 
Malware. FILE: C:\Users\mary58\AppData\Roaming\MICROSOFT\Windows\Cookies\Low\V1A3FJG9.txt to be deleted.
 
Malware. FILE: C:\USERS\MARY58\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S3CQVATW.TXT to be deleted.
 
. FILE: C:\PROGRAM FILES (X86)\ASKPARTNERNETWORK\TOOLBAR\TOOLBAR.EXE to be deleted.
 
. REGKEY: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}. Key to be deleted.
 
. REGKEY: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}. Key to be deleted.
 
Malware. FILE: C:\USERS\MARY58\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\A4LKSA7R.TXT to be deleted.
 
Malware. FILE: C:\USERS\MARY58\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\[email protected][2].TXT to be deleted.
 
Malware. FILE: C:\USERS\MARY58\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SI2I61BJ.TXT to be deleted.
 
Unknown. FILE: C:\PROGRAM FILES (X86)\LEAPFROG\LEAPFROG CONNECT\COMMANDSERVICE.EXE to be deleted.
 
Unknown. REGKEY: HKLM\SYSTEM\CurrentControlSet\Services\LeapFrog Connect Device Service. Key to be deleted.
 
. FILE: C:\PROGRAM FILES (X86)\ASKPARTNERNETWORK\TOOLBAR\APNMCP.EXE to be deleted.
 
. REGKEY: HKLM\SYSTEM\CurrentControlSet\Services\APNMCP. Key to be deleted.
 
Malware. FILE: C:\USERS\MARY58\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\3OZOK01H.TXT to be deleted.
 
. FILE: C:\PROGRAM FILES (X86)\RADIO_1.1\PRXTBRADI.DLL to be deleted.
 
Malware. FILE: C:\USERS\MARY58\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\IKQ99ZPB.TXT to be deleted.
 
Malware. FILE: C:\USERS\MARY58\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\5FWXSLYV.TXT to be deleted.
 
Unknown. FILE: C:\PROGRAM FILES (X86)\LEAPFROG\LEAPFROG CONNECT\MONITOR.EXE to be deleted.
 
Unknown. REGKEY: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[Monitor]. Value: Monitor To be deleted.
 
Unknown. REGKEY: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run[Monitor]. Value: Monitor To be deleted.
 
Unknown. REGKEY: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run[Monitor]. Value: Monitor To be deleted.
 
Malware. FILE: C:\USERS\MARY58\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\088P26JQ.TXT to be deleted.
 
Malware. FILE: C:\USERS\MARY58\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\01Y7YY5A.TXT to be deleted.
 
. FILE: C:\PROGRAM FILES (X86)\ASKPARTNERNETWORK\TOOLBAR\SERVICELOCATOR.EXE to be deleted.
 
. REGKEY: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}. Key to be deleted.
 
. REGKEY: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}. Key to be deleted.
 
Malware. FILE: C:\USERS\MARY58\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TTOA7NAX.TXT to be deleted.
 
. FILE: C:\PROGRAM FILES (X86)\RADIO_1.1\LDRTBRADI.DLL to be deleted.
 
Malware. FILE: C:\USERS\MARY58\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\ESWDSAN4.TXT to be deleted.
 
Malware. FILE: C:\USERS\MARY58\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\[email protected][1].TXT to be deleted.
 
Malware. FILE: C:\USERS\MARY58\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\58W10STS.TXT to be deleted.
 
Malware. FILE: C:\USERS\MARY58\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\LRKMWT1T.TXT to be deleted.
 
. FILE: C:\PROGRAM FILES (X86)\RADIO_1.1\TBRADI.DLL to be deleted.
 
Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0
 
Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0
 
. REGKEY: HKLM\SOFTWARE\CONDUIT. Key to be deleted.
 
. REGKEY: HKCU\SOFTWARE\APPDATALOW\SOFTWARE\SMARTBAR. Key to be deleted.
 
. REGKEY: HKCU\SOFTWARE\APPDATALOW\SOFTWARE\CONDUITSEARCHSCOPES. Key to be deleted.
 
. REGKEY: HKCU\SOFTWARE\APPDATALOW\SOFTWARE\CONDUIT. Key to be deleted.
 
. REGKEY: HKCU\SOFTWARE\APPDATALOW\SOFTWARE\SMARTBAR. Key to be deleted.
 
. REGKEY: HKCU\SOFTWARE\APPDATALOW\SOFTWARE\CONDUITSEARCHSCOPES. Key to be deleted.
 
. REGKEY: HKCU\SOFTWARE\APPDATALOW\SOFTWARE\CONDUIT. Key to be deleted.
 
Malware. FILE: C:\PROGRAM FILES (X86)\CONDUIT\COMMUNITY ALERTS\ALERT.DLL to be deleted.
 
. FOLDER: C:\PROGRAM FILES (X86)\CONDUIT to be deleted.
 
. FILE: C:\USERS\MARY58\APPDATA\LOCALLOW\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\APPNOTIFICATION.JS to be deleted.
 
. FILE: C:\USERS\MARY58\APPDATA\LOCALLOW\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\IMAGES\CLOSE.PNG to be deleted.
 
. FILE: C:\USERS\MARY58\APPDATA\LOCALLOW\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\IMAGES\DARK\CLOSE.PNG to be deleted.
 
. FILE: C:\USERS\MARY58\APPDATA\LOCALLOW\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\IMAGES\DARK\CLOSEBTN.PNG to be deleted.
 
. FILE: C:\USERS\MARY58\APPDATA\LOCALLOW\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\IMAGES\DARK\NEXT.PNG to be deleted.
 
. FILE: C:\USERS\MARY58\APPDATA\LOCALLOW\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\IMAGES\DARK\NEXT_HOVER.PNG to be deleted.
 
. FILE: C:\USERS\MARY58\APPDATA\LOCALLOW\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\IMAGES\DARK\POWERED-BY.PNG to be deleted.
 
. FILE: C:\USERS\MARY58\APPDATA\LOCALLOW\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\IMAGES\DARK\PREV.PNG to be deleted.
 
. FILE: C:\USERS\MARY58\APPDATA\LOCALLOW\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\IMAGES\DARK\PREV_HOVER.PNG to be deleted.
 
. FILE: C:\USERS\MARY58\APPDATA\LOCALLOW\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\IMAGES\DARK\SETTINGS.PNG to be deleted.
 
. FILE: C:\USERS\MARY58\APPDATA\LOCALLOW\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\IMAGES\DARK\SETTINGSBTN.PNG to be deleted.
 
. FILE: C:\USERS\MARY58\APPDATA\LOCALLOW\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\IMAGES\LIGHT\CLOSE.PNG to be deleted.
 
. FILE: C:\USERS\MARY58\APPDATA\LOCALLOW\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\IMAGES\LIGHT\CLOSEBTN.PNG to be deleted.
 
. FILE: C:\USERS\MARY58\APPDATA\LOCALLOW\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\IMAGES\LIGHT\NEXT.PNG to be deleted.
 
. FILE: C:\USERS\MARY58\APPDATA\LOCALLOW\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\IMAGES\LIGHT\NEXT_HOVER.PNG to be deleted.
 
. FILE: C:\USERS\MARY58\APPDATA\LOCALLOW\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\IMAGES\LIGHT\POWERED-BY.PNG to be deleted.
 
. FILE: C:\USERS\MARY58\APPDATA\LOCALLOW\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\IMAGES\LIGHT\PREV.PNG to be deleted.
 
. FILE: C:\USERS\MARY58\APPDATA\LOCALLOW\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\IMAGES\LIGHT\PREV_HOVER.PNG to be deleted.
 
. FILE: C:\USERS\MARY58\APPDATA\LOCALLOW\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\IMAGES\LIGHT\SETTINGS.PNG to be deleted.
 
. FILE: C:\USERS\MARY58\APPDATA\LOCALLOW\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\IMAGES\LIGHT\SETTINGSBTN.PNG to be deleted.
 
. FILE: C:\USERS\MARY58\APPDATA\LOCALLOW\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\IMAGES\LIGHT\THUMBS.DB to be deleted.
 
. FILE: C:\USERS\MARY58\APPDATA\LOCALLOW\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\IMAGES\LIKE.PNG to be deleted.
 
. FILE: C:\USERS\MARY58\APPDATA\LOCALLOW\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\IMAGES\NEXT.PNG to be deleted.
 
. FILE: C:\USERS\MARY58\APPDATA\LOCALLOW\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\IMAGES\NEXT_HOVER.PNG to be deleted.
 
. FILE: C:\USERS\MARY58\APPDATA\LOCALLOW\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\IMAGES\POWERED-BY.PNG to be deleted.
 
. FILE: C:\USERS\MARY58\APPDATA\LOCALLOW\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\IMAGES\PREV.PNG to be deleted.
 
. FILE: C:\USERS\MARY58\APPDATA\LOCALLOW\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\IMAGES\PREV_HOVER.PNG to be deleted.
 
. FILE: C:\USERS\MARY58\APPDATA\LOCALLOW\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\IMAGES\SETTINGS.PNG to be deleted.
 
. FILE: C:\USERS\MARY58\APPDATA\LOCALLOW\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\IMAGES\THUMBS.DB to be deleted.
 
. FILE: C:\USERS\MARY58\APPDATA\LOCALLOW\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\INITIALNOTIFICATION.HTML to be deleted.
 
. FILE: C:\USERS\MARY58\APPDATA\LOCALLOW\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\MAIN.HTML to be deleted.
 
. FILE: C:\USERS\MARY58\APPDATA\LOCALLOW\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\NOTIFICATIONDIALOGSTYLE.CSS to be deleted.
 
. FILE: C:\USERS\MARY58\APPDATA\LOCALLOW\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\NOTIFICATIONDIALOGSTYLEIE9.CSS to be deleted.
 
. FILE: C:\USERS\MARY58\APPDATA\LOCALLOW\CONDUIT\COMMUNITY ALERTS\DIALOGS\APPNOTIFICATIONDIALOG\SAMPLENOTIFICATION.HTML to be deleted.
 
. FILE: C:\USERS\MARY58\APPDATA\LOCALLOW\CONDUIT\COMMUNITY ALERTS\DIALOGS\DIALOGSAPI.JS to be deleted.
 
. FILE: C:\USERS\MARY58\APPDATA\LOCALLOW\CONDUIT\COMMUNITY ALERTS\DIALOGS\PIE.HTC to be deleted.
 
. FILE: C:\USERS\MARY58\APPDATA\LOCALLOW\CONDUIT\COMMUNITY ALERTS\DIALOGS\SETTINGS.JS to be deleted.
 
. FILE: C:\USERS\MARY58\APPDATA\LOCALLOW\CONDUIT\COMMUNITY ALERTS\DIALOGS\VERSION.TXT to be deleted.
 
. FILE: C:\USERS\MARY58\APPDATA\LOCALLOW\CONDUIT\COMMUNITY ALERTS\FEEDS\HTTP___ALERTS_CONDUIT-SERVICES_COM_ROOT_1405667_1401325_US.XML to be deleted.
 
. FILE: C:\USERS\MARY58\APPDATA\LOCALLOW\CONDUIT\COMMUNITY ALERTS\LANGUAGEPACKS\EN.XML to be deleted.
 
. FILE: C:\USERS\MARY58\APPDATA\LOCALLOW\CONDUIT\LOCALSTORAGE\APPSFILES\2D2F2F16-9432-4890-9F93-624A84CF6261\MAM_GK_USERID.TXT to be deleted.
 
. FOLDER: C:\USERS\MARY58\APPDATA\LOCALLOW\CONDUIT to be deleted.
 
. FILE: C:\USERS\MARY58\APPDATA\LOCAL\CONDUIT\BACKGROUNDCONTAINER\BACKGROUNDCONTAINER.DLL to be deleted.
 
. FILE: C:\USERS\MARY58\APPDATA\LOCAL\CONDUIT\BACKGROUNDCONTAINER\TBUPDATERLOGIC_1.0.0.1.DLL to be deleted.
 
. FILE: C:\USERS\MARY58\APPDATA\LOCAL\CONDUIT\BACKGROUNDCONTAINER\TBUPDATERLOGIC_1.0.0.2.DLL to be deleted.
 
. FOLDER: C:\USERS\MARY58\APPDATA\LOCAL\CONDUIT to be deleted.
 
. FILE: C:\USERS\MARY58\APPDATA\LOCAL\ILIVID\LOG.LOG to be deleted.
 
. FOLDER: C:\USERS\MARY58\APPDATA\LOCAL\ILIVID to be deleted.

  • 0

Advertisements


#47
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi :)


Looks like there is a light at the end of the tunnel :)



FRST.gif Fix with Farbar Recovery Scan Tool
 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif


Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.

  • Copy the entire content of the codebox below and paste into the Notepad document:
    start
    C:\USERS\MARY58\APPDATA\LOCAL\ILIVID
    C:\USERS\MARY58\APPDATA\LOCAL\CONDUIT
    C:\USERS\MARY58\APPDATA\LOCALLOW\CONDUIT
    C:\PROGRAM FILES (X86)\CONDUIT
    C:\PROGRAM FILES (X86)\ASKPARTNERNETWORK
    C:\PROGRAM FILES (X86)\RADIO_1.1
    C:/Users/mary58/Downloads/security_cleaner.exe
    C:/Users/mary58/AppData/Local/Temp/Low/YtAV.dll
    C:/Users/mary58/AppData/Local/Temp/Low/1RCS.dll
    end
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please include it in your reply.




ESETOnline.png Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.
Click there Run ESET Online Scanner.

If using Internet Explorer:

  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.

If using Mozilla Firefox or Google Chrome:

  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.

To perform the scan:

  • Make sure that Enable detecion of potentially unwanted applications is checked.
  • In the Advanced Settings dropdown menu:
    • Make sure that Remove found threats is unchecked.
    • Scan archives is checked.
    • Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
    • Use custom proxy settings is unchecked.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.

Please include this logfile in your next reply.
Don't forget to re-enable previously switched-off protection software!


  • 0

#48
Jay2014

Jay2014

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Naat here is the FRST Fixlog, the ESET Online Scanner is still running. I will post the log when it's done.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-08-2014 03
Ran by mary58 at 2014-08-25 04:43:45 Run:1
Running from J:\
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
C:\USERS\MARY58\APPDATA\LOCAL\ILIVID
C:\USERS\MARY58\APPDATA\LOCAL\CONDUIT
C:\USERS\MARY58\APPDATA\LOCALLOW\CONDUIT
C:\PROGRAM FILES (X86)\CONDUIT
C:\PROGRAM FILES (X86)\ASKPARTNERNETWORK
C:\PROGRAM FILES (X86)\RADIO_1.1
C:/Users/mary58/Downloads/security_cleaner.exe
C:/Users/mary58/AppData/Local/Temp/Low/YtAV.dll
C:/Users/mary58/AppData/Local/Temp/Low/1RCS.dll
end
*****************
 
C:\USERS\MARY58\APPDATA\LOCAL\ILIVID => Moved successfully.
C:\USERS\MARY58\APPDATA\LOCAL\CONDUIT => Moved successfully.
C:\USERS\MARY58\APPDATA\LOCALLOW\CONDUIT => Moved successfully.
C:\PROGRAM FILES (X86)\CONDUIT => Moved successfully.
C:\PROGRAM FILES (X86)\ASKPARTNERNETWORK => Moved successfully.
C:\PROGRAM FILES (X86)\RADIO_1.1 => Moved successfully.
C:/Users/mary58/Downloads/security_cleaner.exe => Error: No automatic fix found for this entry.
C:/Users/mary58/AppData/Local/Temp/Low/YtAV.dll => Error: No automatic fix found for this entry.
C:/Users/mary58/AppData/Local/Temp/Low/1RCS.dll => Error: No automatic fix found for this entry.
 
==== End of Fixlog ====

  • 0

#49
Jay2014

Jay2014

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Here is the log file for the ESET Online Scanner

 

[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

  • 0

#50
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Quite strange that ESET generated only this part of report...


FRST.gif Fix with Farbar Recovery Scan Tool
 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif


Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire content of the codebox below and paste into the Notepad document:
    start
    C:\Users\mary58\Downloads\security_cleaner.exe
    C:\Users\mary58\AppData\Local\Temp\Low\YtAV.dll
    C:\Users\mary58\AppData\Local\Temp\Low\1RCS.dll
    EmptyTemp:
    end
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please include it in your reply.
  • 0

#51
Jay2014

Jay2014

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Here is the new Fixlog. I already rebooted the pc.

 

`Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-08-2014 03

Ran by mary58 at 2014-08-25 06:28:37 Run:2
Running from J:\
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
C:\Users\mary58\Downloads\security_cleaner.exe
C:\Users\mary58\AppData\Local\Temp\Low\YtAV.dll
C:\Users\mary58\AppData\Local\Temp\Low\1RCS.dll
EmptyTemp:
end
*****************
 
"C:\Users\mary58\Downloads\security_cleaner.exe" => File/Directory not found.
"C:\Users\mary58\AppData\Local\Temp\Low\YtAV.dll" => File/Directory not found.
"C:\Users\mary58\AppData\Local\Temp\Low\1RCS.dll" => File/Directory not found.
EmptyTemp: => Removed 3.7 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ===

  • 0

#52
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

OK, any other issues at this point?


51c9d14017fa0-SecurityCheck.PNG Scan with Security Check

Please download Security Check by Screen317 and save it to your desktop.

  • Right-click on 51c9d14017fa0-SecurityCheck.PNG icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow onscreen instructions inside the black box. This scan won't take long.
  • Soon a notepad document called checkup.txt will open automaticaly.

Please include the content of that document.


  • 0

#53
Jay2014

Jay2014

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Naat here is the Security Check log, at this point there are no other issues. 

 

 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Norton Internet Security   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
  Adobe Flash Player 11.8.800.168 Flash Player out of Date!  
 Adobe Reader XI  
 Google Chrome 36.0.1985.125  
 Google Chrome 36.0.1985.143  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 2% 
````````````````````End of Log`````````````````````` 

  • 0

#54
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

updates.png Update outdated software

Staying always updated is crucial, not only for your operating system, but also for any third-party installed software.
Your logs clearly indicate that some of your software needs updating.

adobe-flash-player.jpeg.png Updating Adobe Flash Player manually

  • Visit Adobe website.
  • You will see a download option there for the newest Adobe Flash Player version.
  • In the center part you will be prompted to install Google Chrome as a recommended bundled installation. This is foistware. Remember to leave the box for Chrome UNCHECKED.
  • Click on Install, save the file to a convenient location, double-click it and follow the prompts.

Please remember to keep it always updated.


51a5ce45263de-delfix.png Clean with DelFix

Please download DelFix by Xplode and save it to your desktop.

  • Right-click on 51a5ce45263de-delfix.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Ensure that Remove disinfection tools, Purge system restore and Reset system settings are checked.
  • Push Run.
  • When finished, it will display a notepad report.

Include it for my review.
Please also manually reboot your machine after posting your logfile.


  • 0

#55
Jay2014

Jay2014

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Hi Naat, here is the DelFix log file.

 

# DelFix v10.8 - Logfile created 25/08/2014 at 19:26:44
# Updated 29/07/2014 by Xplode
# Username : mary58 - MARY58-HP
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
 
~ Cleaning system restore ...
 
Deleted : RP #265 [Scheduled Checkpoint | 06/25/2014 05:00:00]
Deleted : RP #266 [Windows Update | 07/10/2014 22:49:49]
Deleted : RP #267 [Windows Update | 07/11/2014 08:00:12]
Deleted : RP #268 [Windows Update | 07/12/2014 08:00:15]
Deleted : RP #269 [Windows Update | 07/20/2014 13:15:33]
Deleted : RP #270 [Scheduled Checkpoint | 07/28/2014 05:00:01]
Deleted : RP #271 [Scheduled Checkpoint | 08/04/2014 23:19:09]
Deleted : RP #272 [Windows Update | 08/06/2014 01:21:47]
Deleted : RP #273 [Windows Update | 08/06/2014 08:00:10]
Deleted : RP #274 [Windows Update | 08/17/2014 23:56:10]
Deleted : RP #275 [Windows Update | 08/20/2014 12:39:09]
Deleted : RP #276 [Windows Update | 08/21/2014 11:22:56]
Deleted : RP #277 [Windows Update | 08/22/2014 07:33:18]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########

  • 0

Advertisements


#56
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Looks very nice, and I think that you are ready to go :thumbsup:



Below you will find my thoughts about securing your machine. Go ahead through it, you will benefit from some useful advice about safe computing.

 

Recommended reading:


icon_exclaim.gif MUST READ - security tips: Computer Security - a short guide to staying safer online.
icon_exclaim.gif MUST READ - general maintenance: What to do if your Computer is running slowly?




Recommended additional software:


icon_arrow.gif TFC - to clean unneeded temporary files.
icon_arrow.gif Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
icon_arrow.gif Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
icon_arrow.gif McShield - to prevent infections spread by removable media.
icon_arrow.gif CryptoPrevent - to secure yourself from very severe CryptoLocker infection.
icon_arrow.gif Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.


Now if you have any other questions, feel free to ask me. Otherwise simply acknowledge my recommendations and this topic will be closed.




Minion-Bye-smaller.jpg


Stay safe,
Naat :)
 


  • 0

#57
Jay2014

Jay2014

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

HI Naat, thanks so much for all your help and patience. I will pass this information on to my mom and also keep it for my own pc's. I wasn't aware of some of these programs and use I agree they are definitely useful in securing your pc. 


  • 0

#58
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

You are welcome :)

 

If any problem will appear, don't hesitate to shout :)


  • 0

#59
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP