Little Old Lady PC, Need Help Helping
Started by
The_Omni
, Nov 10 2014 09:08 PM
Trojans PUPS POWERLIKS ReDirects Multiple Chrome Instances Powerliks Rogues PUPs Bogus Chrome Instances
#31
Posted 11 November 2014 - 10:08 PM
DonnaB
-
- GeekU Moderator
-
- 8,529 posts
Miss Congeniality
#32
Posted 11 November 2014 - 11:14 PM
The_Omni
- Topic Starter
-
- Member
-
- 43 posts
Member
OK That is exactly what I was worried about. The window autosizes and I couldnt see the start button. Ok manually fixed that. Scanning
Step 3 of 4 about half way through from the looks of it.
Found 86 beasties so far and wonder of wonder 3 instances of Powerliks
#33
Posted 12 November 2014 - 12:17 AM
The_Omni
- Topic Starter
-
- Member
-
- 43 posts
Member
looks like I misread the number when I peeked, it was only 67.
Here is the Log
C:\DirectControl.exe Win32/AdWare.Loadshop.H application
C:\AdwCleaner\Quarantine\C\Program Files\Web Protect\MyOSProtect.dll.vir Win32/AdWare.Loadshop.C application
C:\AdwCleaner\Quarantine\C\Program Files\Web Protect\MyOSProtect64.dll.vir Win64/Adware.Loadshop.C application
C:\AdwCleaner\Quarantine\C\Program Files\Web Protect\PCProxyDLL.dll.vir a variant of Win32/AdWare.Loadshop.A application
C:\AdwCleaner\Quarantine\C\Program Files\Web Protect\pcwtc64f.sys.vir Win64/Adware.Loadshop.D application
C:\AdwCleaner\Quarantine\C\Program Files\Web Protect\pcwtc64r.sys.vir Win64/Adware.Loadshop.E application
C:\AdwCleaner\Quarantine\C\Program Files\Web Protect\postcollect.exe.vir Win32/AdWare.Loadshop.G application
C:\AdwCleaner\Quarantine\C\Program Files\Web Protect\precollect.exe.vir Win32/AdWare.Loadshop.G application
C:\AdwCleaner\Quarantine\C\Program Files\Web Protect\uninstaller.exe.vir Win32/AdWare.Loadshop.H application
C:\AdwCleaner\Quarantine\C\Program Files\Web Protect\uninstallhelper.exe.vir Win32/AdWare.Loadshop.H application
C:\AdwCleaner\Quarantine\C\Program Files\Web Protect\WDCertInstaller.dll.vir Win32/AdWare.Loadshop.F application
C:\AdwCleaner\Quarantine\C\Users\Chilson\AppData\Local\Search Extensions\Client.exe.vir a variant of MSIL/Adware.iBryte.I application
C:\AdwCleaner\Quarantine\C\Windows\system32\MyOSProtect.dll.vir Win32/AdWare.Loadshop.C application
C:\AdwCleaner\Quarantine\C\Windows\system32\roboot.exe.vir a variant of Win32/Systweak.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Windows Optimizer\v7\optimizer.exe a variant of Win32/Agent.WMC trojan
C:\FRST\Quarantine\C\Program Files\Windows Optimizer\v7\powermgr.exe a variant of Win32/Agent.WMC trojan
C:\FRST\Quarantine\C\Program Files\Windows Optimizer\v7\vmnet.exe a variant of Win32/Agent.WMC trojan
C:\FRST\Quarantine\C\ProgramData\Optimizer\program\newver_95259_1.6.4.0.exe a variant of Win32/Agent.WMC trojan
C:\FRST\Quarantine\C\ProgramData\YaqapIhewa\YaqapIhewa.dat a variant of Win32/Kryptik.CPMR trojan
C:\FRST\Quarantine\C\Users\Chilson\AppData\Local\LogMeIn Rescue Applet\Yhkuaop(129).dll Win32/TrojanDownloader.Tracur.AM trojan
C:\FRST\Quarantine\C\Users\Chilson\AppData\Local\LogMeIn Rescue Applet\Yhkuaop.dll Win32/TrojanDownloader.Tracur.AM trojan
C:\FRST\Quarantine\C\Users\Chilson\Downloads\DownloadFileSetup_52HFn.exe.xBAD a variant of Win32/bmMedia.DY potentially unwanted application
C:\Program Files\Adware-Removal-Tool\ARTP3.exe MSIL/FakeTool.PS trojan
C:\Program Files\HP\HP Software Update\jucheck.exe a variant of Win32/Kelihos.G trojan
C:\Program Files\HP\HP Software Update\lucoms.exe a variant of Win32/Kelihos.G trojan
C:\Program Files\YouTube Downloader Services\avasts.exe a variant of Win32/Agent.WMC trojan
C:\Program Files\YouTube Downloader Services\powermgr.exe a variant of Win32/Agent.WMC trojan
C:\Program Files\YouTube Downloader Services\vmnet.exe a variant of Win32/Agent.WMC trojan
C:\Program Files\YouTube Downloader Services\youtubeserv.exe a variant of Win32/Agent.WMC trojan
C:\ProgramData\RogueKiller\Quarantine\306D986739755FB3.reg Win32/Poweliks.C trojan
C:\ProgramData\RogueKiller\Quarantine\38CFD41A325EEFAB.reg Win32/Poweliks.C trojan
C:\ProgramData\RogueKiller\Quarantine\763A068E9E255E7A.reg Win32/Poweliks.C trojan
C:\ProgramData\RogueKiller\Quarantine\879E5569F2B83875.vir a variant of Win32/Kryptik.CPAH trojan
C:\ProgramData\RyMMiLto\dat\rFBLfkuqsTj.dll a variant of MSIL/Adware.PullUpdate.C application
C:\ProgramData\RyMMiLto\dat\yOefCIVAJW.dll a variant of MSIL/Adware.PullUpdate.C application
C:\Qoobox\Quarantine\C\Program Files\SearchProtect\Main\bin\CltMngSvc.exe.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Chilson\AppData\Local\nsi9EAA.tmp.vir Win32/AnyProtect.F potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Chilson\AppData\Local\nsjFB89.tmp.vir Win32/AnyProtect.F potentially unwanted application
C:\TDSSKiller_Quarantine\06.11.2014_03.44.19\susp0000\svc0000\tsk0000.dta a variant of Win32/AdWare.Adpeak.J application
C:\TDSSKiller_Quarantine\06.11.2014_03.44.19\susp0001\svc0000\tsk0000.dta Win32/AdWare.Loadshop.D application
C:\TDSSKiller_Quarantine\06.11.2014_03.44.19\susp0002\svc0000\tsk0000.dta Win32/AdWare.Loadshop.E application
C:\TDSSKiller_Quarantine\06.11.2014_03.44.19\susp0004\file0000\tsk0000.dta Win32/AdWare.FUPM.A application
C:\TDSSKiller_Quarantine\06.11.2014_03.44.19\susp0005\file0000\tsk0000.dta Win32/AdWare.FUPM.A application
C:\TDSSKiller_Quarantine\06.11.2014_03.44.19\susp0006\svc0000\tsk0000.dta a variant of Win32/AdWare.Adpeak.J application
C:\TDSSKiller_Quarantine\06.11.2014_03.44.19\susp0007\svc0000\tsk0000.dta Win32/AdWare.Loadshop.D application
C:\TDSSKiller_Quarantine\06.11.2014_03.44.19\susp0008\svc0000\tsk0000.dta Win32/AdWare.Loadshop.E application
C:\TDSSKiller_Quarantine\06.11.2014_03.44.19\susp0010\file0000\tsk0000.dta Win32/AdWare.FUPM.A application
C:\TDSSKiller_Quarantine\06.11.2014_03.44.19\susp0011\file0000\tsk0000.dta Win32/AdWare.FUPM.A application
C:\TDSSKiller_Quarantine\06.11.2014_03.44.19\uds0000\file0000\tsk0000.dta Win32/Kovter.A trojan
C:\TDSSKiller_Quarantine\06.11.2014_03.44.19\uds0001\file0000\tsk0000.dta Win32/Kovter.A trojan
C:\TDSSKiller_Quarantine\06.11.2014_03.59.01\susp0000\svc0000\tsk0000.dta a variant of Win32/AdWare.Adpeak.J application
C:\TDSSKiller_Quarantine\06.11.2014_03.59.01\susp0002\svc0000\tsk0000.dta Win32/AdWare.Loadshop.D application
C:\TDSSKiller_Quarantine\06.11.2014_03.59.01\susp0004\svc0000\tsk0000.dta Win32/AdWare.Loadshop.E application
C:\TDSSKiller_Quarantine\06.11.2014_03.59.01\susp0010\file0000\tsk0000.dta Win32/AdWare.FUPM.A application
C:\TDSSKiller_Quarantine\06.11.2014_03.59.01\susp0011\file0000\tsk0000.dta Win32/AdWare.FUPM.A application
C:\TDSSKiller_Quarantine\06.11.2014_03.59.01\susp0014\file0000\tsk0000.dta Win32/Kovter.A trojan
C:\TDSSKiller_Quarantine\07.11.2014_00.50.36\susp0002\svc0000\tsk0000.dta Win32/AdWare.Loadshop.D application
C:\TDSSKiller_Quarantine\07.11.2014_00.50.36\susp0003\svc0000\tsk0000.dta Win32/AdWare.Loadshop.E application
C:\TDSSKiller_Quarantine\07.11.2014_01.09.33\susp0002\svc0000\tsk0000.dta Win32/AdWare.Loadshop.D application
C:\TDSSKiller_Quarantine\07.11.2014_01.09.33\susp0003\svc0000\tsk0000.dta Win32/AdWare.Loadshop.E application
C:\Users\All Users\RogueKiller\Quarantine\306D986739755FB3.reg Win32/Poweliks.C trojan
C:\Users\All Users\RogueKiller\Quarantine\38CFD41A325EEFAB.reg Win32/Poweliks.C trojan
C:\Users\All Users\RogueKiller\Quarantine\763A068E9E255E7A.reg Win32/Poweliks.C trojan
C:\Users\All Users\RogueKiller\Quarantine\879E5569F2B83875.vir a variant of Win32/Kryptik.CPAH trojan
C:\Users\All Users\RyMMiLto\dat\rFBLfkuqsTj.dll a variant of MSIL/Adware.PullUpdate.C application
C:\Users\All Users\RyMMiLto\dat\yOefCIVAJW.dll a variant of MSIL/Adware.PullUpdate.C application
C:\Users\Chilson\AppData\Roaming\Opera Software\Opera Stable\Extensions\ljefoakgfhcoeobgicjgejglnpfpemgb\1.26.45_0\extensionData\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application
#34
Posted 12 November 2014 - 12:19 AM
The_Omni
- Topic Starter
-
- Member
-
- 43 posts
Member
looks like most of what it found was already quarantined
#35
Posted 12 November 2014 - 06:17 AM
DonnaB
-
- GeekU Moderator
-
- 8,529 posts
Miss Congeniality
Good morning John,
Yes. Most of what was found are in the quarantine folders of AdwCleaner, RogueKiller, ComboFix, and TDSSKiller.
You can go ahead and scan with ESET again and this time under the Hide Advanced Settings, check the box to the left of Remove Found Threats so ESET will remove them. Once we remove all the programs during cleanup, the quarantine folders and all logs should be deleted as well.
See if you can talk the owner into installing a different Antivirus such as Avast. If they can not afford the paid version, even the free version is better than McAfee as far as I am concerned,then they can pay for a subscription of Malwarebytes Pro to protect them from their bad surfing habits. I also have a program called Unchecky that I will have you install during cleanup which will detect and uncheck any prechecked software included in downloads.
Ask them if they use their Adobe Reader. From what I see, it is outdated. Even if they do use it, I would like to uninstall and install an alternative such as Foxit or Sumatra Reader.
Once you rescan with ESET to remove the threats found, create a clean System Restore Point, then please run the Security Check scan below so we can check for other outdated software that needs to be tended to.
Download Security Check by screen317 from here or here.
Also, if the system is behaving appropriately, please do the following:
Keep me informed as to how the system is behaving. Must head off the work now. Should be back before 7pm this evening.
Have a nice day!
Donna
Yes. Most of what was found are in the quarantine folders of AdwCleaner, RogueKiller, ComboFix, and TDSSKiller.
You can go ahead and scan with ESET again and this time under the Hide Advanced Settings, check the box to the left of Remove Found Threats so ESET will remove them. Once we remove all the programs during cleanup, the quarantine folders and all logs should be deleted as well.
See if you can talk the owner into installing a different Antivirus such as Avast. If they can not afford the paid version, even the free version is better than McAfee as far as I am concerned,then they can pay for a subscription of Malwarebytes Pro to protect them from their bad surfing habits. I also have a program called Unchecky that I will have you install during cleanup which will detect and uncheck any prechecked software included in downloads.
Ask them if they use their Adobe Reader. From what I see, it is outdated. Even if they do use it, I would like to uninstall and install an alternative such as Foxit or Sumatra Reader.
Once you rescan with ESET to remove the threats found, create a clean System Restore Point, then please run the Security Check scan below so we can check for other outdated software that needs to be tended to.
Download Security Check by screen317 from here or here.
- Save it to your Desktop.
- Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document in your next reply.
Also, if the system is behaving appropriately, please do the following:
- Go to Start > All Programs > Accessories > System Tools
- Right click on Disk Cleanup and choose Run as Administrator.
- Select Local C: Drive.
- Click OK.
- Allow time for Disk Cleanup to calculate how much space will you will be able to free.
- Click on the More Options tab.
- Under System Restore and Shadow Copies click on Clean up... > Delete > Delete Files
- The window should close once finished.
Keep me informed as to how the system is behaving. Must head off the work now. Should be back before 7pm this evening.
Have a nice day!
Donna
#36
Posted 12 November 2014 - 06:48 PM
The_Omni
- Topic Starter
-
- Member
-
- 43 posts
Member
All but two items cleaned
Posting log
C:\Users\All Users\RogueKiller\Quarantine\306D986739755FB3.reg Win32/Poweliks.C trojan
C:\Users\All Users\RogueKiller\Quarantine\38CFD41A325EEFAB.reg Win32/Poweliks.C trojan
C:\Users\All Users\RogueKiller\Quarantine\763A068E9E255E7A.reg Win32/Poweliks.C trojan
C:\Users\All Users\RogueKiller\Quarantine\879E5569F2B83875.vir a variant of Win32/Kryptik.CPAH trojan
C:\Users\All Users\RyMMiLto\dat\rFBLfkuqsTj.dll a variant of MSIL/Adware.PullUpdate.C application
C:\Users\All Users\RyMMiLto\dat\yOefCIVAJW.dll a variant of MSIL/Adware.PullUpdate.C application
C:\DirectControl.exe Win32/AdWare.Loadshop.H application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Web Protect\MyOSProtect.dll.vir Win32/Adware.Loadshop.C application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Web Protect\MyOSProtect64.dll.vir Win64/Adware.Loadshop.C application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Web Protect\PCProxyDLL.dll.vir a variant of Win32/AdWare.Loadshop.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Web Protect\pcwtc64f.sys.vir Win64/Adware.Loadshop.D application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Web Protect\pcwtc64r.sys.vir Win64/Adware.Loadshop.E application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Web Protect\postcollect.exe.vir Win32/AdWare.Loadshop.G application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Web Protect\precollect.exe.vir Win32/AdWare.Loadshop.G application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Web Protect\uninstaller.exe.vir Win32/AdWare.Loadshop.H application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Web Protect\uninstallhelper.exe.vir Win32/AdWare.Loadshop.H application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Web Protect\WDCertInstaller.dll.vir Win32/Adware.Loadshop.F application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Chilson\AppData\Local\Search Extensions\Client.exe.vir a variant of MSIL/Adware.iBryte.I application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Windows\system32\MyOSProtect.dll.vir Win32/Adware.Loadshop.C application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Windows\system32\roboot.exe.vir a variant of Win32/Systweak.A potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Program Files\Windows Optimizer\v7\optimizer.exe a variant of Win32/Agent.WMC trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files\Windows Optimizer\v7\powermgr.exe a variant of Win32/Agent.WMC trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files\Windows Optimizer\v7\vmnet.exe a variant of Win32/Agent.WMC trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\C\ProgramData\Optimizer\program\newver_95259_1.6.4.0.exe a variant of Win32/Agent.WMC trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\C\ProgramData\YaqapIhewa\YaqapIhewa.dat a variant of Win32/Kryptik.CPMR trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Chilson\AppData\Local\LogMeIn Rescue Applet\Yhkuaop(129).dll Win32/TrojanDownloader.Tracur.AM trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Chilson\AppData\Local\LogMeIn Rescue Applet\Yhkuaop.dll Win32/TrojanDownloader.Tracur.AM trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Chilson\Downloads\DownloadFileSetup_52HFn.exe.xBAD a variant of Win32/bmMedia.DY potentially unwanted application deleted - quarantined
C:\Program Files\Adware-Removal-Tool\ARTP3.exe MSIL/FakeTool.PS trojan cleaned by deleting - quarantined
C:\Program Files\HP\HP Software Update\jucheck.exe a variant of Win32/Kelihos.G trojan cleaned by deleting - quarantined
C:\Program Files\HP\HP Software Update\lucoms.exe a variant of Win32/Kelihos.G trojan cleaned by deleting - quarantined
C:\Program Files\YouTube Downloader Services\avasts.exe a variant of Win32/Agent.WMC trojan cleaned by deleting - quarantined
C:\Program Files\YouTube Downloader Services\powermgr.exe a variant of Win32/Agent.WMC trojan cleaned by deleting - quarantined
C:\Program Files\YouTube Downloader Services\vmnet.exe a variant of Win32/Agent.WMC trojan cleaned by deleting - quarantined
C:\Program Files\YouTube Downloader Services\youtubeserv.exe a variant of Win32/Agent.WMC trojan cleaned by deleting - quarantined
C:\ProgramData\RogueKiller\Quarantine\306D986739755FB3.reg Win32/Poweliks.C trojan cleaned by deleting - quarantined
C:\ProgramData\RogueKiller\Quarantine\38CFD41A325EEFAB.reg Win32/Poweliks.C trojan cleaned by deleting - quarantined
C:\ProgramData\RogueKiller\Quarantine\763A068E9E255E7A.reg Win32/Poweliks.C trojan cleaned by deleting - quarantined
C:\ProgramData\RogueKiller\Quarantine\879E5569F2B83875.vir a variant of Win32/Kryptik.CPAH trojan cleaned by deleting - quarantined
C:\ProgramData\RyMMiLto\dat\rFBLfkuqsTj.dll a variant of MSIL/Adware.PullUpdate.C application cleaned by deleting - quarantined
C:\ProgramData\RyMMiLto\dat\yOefCIVAJW.dll a variant of MSIL/Adware.PullUpdate.C application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\SearchProtect\Main\bin\CltMngSvc.exe.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\Qoobox\Quarantine\C\Users\Chilson\AppData\Local\nsi9EAA.tmp.vir Win32/AnyProtect.F potentially unwanted application deleted - quarantined
C:\Qoobox\Quarantine\C\Users\Chilson\AppData\Local\nsjFB89.tmp.vir Win32/AnyProtect.F potentially unwanted application deleted - quarantined
C:\TDSSKiller_Quarantine\06.11.2014_03.44.19\susp0000\svc0000\tsk0000.dta a variant of Win32/AdWare.Adpeak.J application cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.11.2014_03.44.19\susp0001\svc0000\tsk0000.dta Win32/Adware.Loadshop.D application cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.11.2014_03.44.19\susp0002\svc0000\tsk0000.dta Win32/AdWare.Loadshop.E application cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.11.2014_03.44.19\susp0004\file0000\tsk0000.dta Win32/AdWare.FUPM.A application deleted - quarantined
C:\TDSSKiller_Quarantine\06.11.2014_03.44.19\susp0005\file0000\tsk0000.dta Win32/AdWare.FUPM.A application deleted - quarantined
C:\TDSSKiller_Quarantine\06.11.2014_03.44.19\susp0006\svc0000\tsk0000.dta a variant of Win32/AdWare.Adpeak.J application cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.11.2014_03.44.19\susp0007\svc0000\tsk0000.dta Win32/Adware.Loadshop.D application cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.11.2014_03.44.19\susp0008\svc0000\tsk0000.dta Win32/AdWare.Loadshop.E application cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.11.2014_03.44.19\susp0010\file0000\tsk0000.dta Win32/AdWare.FUPM.A application deleted - quarantined
C:\TDSSKiller_Quarantine\06.11.2014_03.44.19\susp0011\file0000\tsk0000.dta Win32/AdWare.FUPM.A application deleted - quarantined
C:\TDSSKiller_Quarantine\06.11.2014_03.44.19\uds0000\file0000\tsk0000.dta Win32/Kovter.A trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.11.2014_03.44.19\uds0001\file0000\tsk0000.dta Win32/Kovter.A trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.11.2014_03.59.01\susp0000\svc0000\tsk0000.dta a variant of Win32/AdWare.Adpeak.J application cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.11.2014_03.59.01\susp0002\svc0000\tsk0000.dta Win32/Adware.Loadshop.D application cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.11.2014_03.59.01\susp0004\svc0000\tsk0000.dta Win32/AdWare.Loadshop.E application cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.11.2014_03.59.01\susp0010\file0000\tsk0000.dta Win32/AdWare.FUPM.A application deleted - quarantined
C:\TDSSKiller_Quarantine\06.11.2014_03.59.01\susp0011\file0000\tsk0000.dta Win32/AdWare.FUPM.A application deleted - quarantined
C:\TDSSKiller_Quarantine\06.11.2014_03.59.01\susp0014\file0000\tsk0000.dta Win32/Kovter.A trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\07.11.2014_00.50.36\susp0002\svc0000\tsk0000.dta Win32/Adware.Loadshop.D application cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\07.11.2014_00.50.36\susp0003\svc0000\tsk0000.dta Win32/AdWare.Loadshop.E application cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\07.11.2014_01.09.33\susp0002\svc0000\tsk0000.dta Win32/Adware.Loadshop.D application cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\07.11.2014_01.09.33\susp0003\svc0000\tsk0000.dta Win32/AdWare.Loadshop.E application cleaned by deleting - quarantined
C:\Users\Chilson\AppData\Roaming\Opera Software\Opera Stable\Extensions\ljefoakgfhcoeobgicjgejglnpfpemgb\1.26.45_0\extensionData\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
#37
Posted 12 November 2014 - 06:50 PM
The_Omni
- Topic Starter
-
- Member
-
- 43 posts
Member
Here are the two I show not cleaned
C:\Users\All Users\RyMMiLto\dat\rFBLfkuqsTj.dll a variant of MSIL/Adware.PullUpdate.C application
C:\Users\All Users\RyMMiLto\dat\yOefCIVAJW.dll a variant of MSIL/Adware.PullUpdate.C application
Hope you don't mind but I am going to try adwcleaner (updated this time) to see if I can get them before I make the restore point and do security check
#38
Posted 12 November 2014 - 07:30 PM
DonnaB
-
- GeekU Moderator
-
- 8,529 posts
Miss Congeniality
Hi John,
Hang on a moment. I can create an FRST fix to remove those, though I want to learn more about the RyMMiLto folder. I have no idea where that came from and have asked a fellow associate to have a look. I want to make sure it is safe to remove that folder in our next fix.
Hang on a moment. I can create an FRST fix to remove those, though I want to learn more about the RyMMiLto folder. I have no idea where that came from and have asked a fellow associate to have a look. I want to make sure it is safe to remove that folder in our next fix.
#39
Posted 12 November 2014 - 07:33 PM
The_Omni
- Topic Starter
-
- Member
-
- 43 posts
Member
Ok Security Check Log
Results of screen317's Security Check version 0.99.89
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
windows defender MpCmdRun.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast ng ngtool.exe
AVAST Software Avast avastUi.exe
AVAST Software Avast ng vbox\AvastVBoxSVC.exe
AVAST Software Avast ng ngtool.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
#40
Posted 12 November 2014 - 07:45 PM
The_Omni
- Topic Starter
-
- Member
-
- 43 posts
Member
The computer is defintely better but it appears we still have work to do. Note the bottom of this log.
Malwarebytes Anti-Malware
www.malwarebytes.org
Protection, 11/12/2014 12:01:43 AM, SYSTEM, CHILSON-PC, Protection, Malware Protection, Starting,
Protection, 11/12/2014 12:01:43 AM, SYSTEM, CHILSON-PC, Protection, Malware Protection, Started,
Protection, 11/12/2014 12:01:43 AM, SYSTEM, CHILSON-PC, Protection, Malicious Website Protection, Starting,
Update, 11/12/2014 12:01:45 AM, SYSTEM, CHILSON-PC, Manual, Rootkit Database, 2014.11.8.1, 2014.11.11.1,
Protection, 11/12/2014 12:01:46 AM, SYSTEM, CHILSON-PC, Protection, Malicious Website Protection, Started,
Update, 11/12/2014 12:01:48 AM, SYSTEM, CHILSON-PC, Manual, Malware Database, 2014.11.9.1, 2014.11.12.5,
Protection, 11/12/2014 12:01:48 AM, SYSTEM, CHILSON-PC, Protection, Refresh, Starting,
Protection, 11/12/2014 12:01:48 AM, SYSTEM, CHILSON-PC, Protection, Malicious Website Protection, Stopping,
Protection, 11/12/2014 12:01:49 AM, SYSTEM, CHILSON-PC, Protection, Malicious Website Protection, Stopped,
Protection, 11/12/2014 12:01:59 AM, SYSTEM, CHILSON-PC, Protection, Refresh, Success,
Protection, 11/12/2014 12:01:59 AM, SYSTEM, CHILSON-PC, Protection, Malicious Website Protection, Starting,
Protection, 11/12/2014 12:01:59 AM, SYSTEM, CHILSON-PC, Protection, Malicious Website Protection, Started,
Protection, 11/12/2014 11:36:30 AM, SYSTEM, CHILSON-PC, Protection, Malware Protection, Starting,
Protection, 11/12/2014 11:36:30 AM, SYSTEM, CHILSON-PC, Protection, Malware Protection, Started,
Protection, 11/12/2014 11:36:30 AM, SYSTEM, CHILSON-PC, Protection, Malicious Website Protection, Starting,
Protection, 11/12/2014 11:36:51 AM, SYSTEM, CHILSON-PC, Protection, Malicious Website Protection, Started,
Protection, 11/12/2014 11:44:19 AM, SYSTEM, CHILSON-PC, Protection, Malicious Website Protection, Stopping,
Protection, 11/12/2014 11:44:19 AM, SYSTEM, CHILSON-PC, Protection, Malicious Website Protection, Stopped,
Protection, 11/12/2014 11:44:19 AM, SYSTEM, CHILSON-PC, Protection, Malware Protection, Stopping,
Protection, 11/12/2014 11:44:20 AM, SYSTEM, CHILSON-PC, Protection, Malware Protection, Stopped,
Protection, 11/12/2014 12:08:07 PM, SYSTEM, CHILSON-PC, Protection, Malware Protection, Starting,
Protection, 11/12/2014 12:08:08 PM, SYSTEM, CHILSON-PC, Protection, Malware Protection, Started,
Protection, 11/12/2014 12:08:08 PM, SYSTEM, CHILSON-PC, Protection, Malicious Website Protection, Starting,
Protection, 11/12/2014 12:08:12 PM, SYSTEM, CHILSON-PC, Protection, Malicious Website Protection, Started,
Protection, 11/12/2014 12:31:55 PM, SYSTEM, CHILSON-PC, Protection, Malicious Website Protection, Stopping,
Protection, 11/12/2014 12:31:56 PM, SYSTEM, CHILSON-PC, Protection, Malicious Website Protection, Stopped,
Protection, 11/12/2014 12:31:56 PM, SYSTEM, CHILSON-PC, Protection, Malware Protection, Stopping,
Protection, 11/12/2014 12:33:14 PM, SYSTEM, CHILSON-PC, Protection, Malware Protection, Stopped,
Protection, 11/12/2014 5:53:11 PM, SYSTEM, CHILSON-PC, Protection, Malware Protection, Starting,
Protection, 11/12/2014 5:53:11 PM, SYSTEM, CHILSON-PC, Protection, Malware Protection, Started,
Protection, 11/12/2014 5:53:11 PM, SYSTEM, CHILSON-PC, Protection, Malicious Website Protection, Starting,
Protection, 11/12/2014 5:53:15 PM, SYSTEM, CHILSON-PC, Protection, Malicious Website Protection, Started,
Protection, 11/12/2014 5:59:54 PM, SYSTEM, CHILSON-PC, Protection, Malware Protection, Starting,
Protection, 11/12/2014 5:59:54 PM, SYSTEM, CHILSON-PC, Protection, Malware Protection, Started,
Protection, 11/12/2014 5:59:55 PM, SYSTEM, CHILSON-PC, Protection, Malicious Website Protection, Starting,
Protection, 11/12/2014 6:00:10 PM, SYSTEM, CHILSON-PC, Protection, Malicious Website Protection, Started,
Detection, 11/12/2014 6:26:43 PM, SYSTEM, CHILSON-PC, Protection, Malicious Website Protection, IP, 68.71.58.34, kickass.to, 0, Outbound,
Detection, 11/12/2014 6:26:44 PM, SYSTEM, CHILSON-PC, Protection, Malicious Website Protection, IP, 119.145.147.181, mama.cn, 0, Outbound,
Detection, 11/12/2014 6:26:44 PM, SYSTEM, CHILSON-PC, Protection, Malicious Website Protection, IP, 5.150.195.167, 0427d7.se, 0, Outbound,
(end)
I watched Malwarebytes protect against three outboud attemps, I was not doing anything particular at that time, only had IE open to geekstogo at the time.
I created the Restore Point, Loaded Avast, and ran the Security Check.
Awaiting further instructions on whether you want to do something before I run cleanup.
#41
Posted 12 November 2014 - 07:57 PM
DonnaB
-
- GeekU Moderator
-
- 8,529 posts
Miss Congeniality
Yes. Hold on a minute please.
#42
Posted 12 November 2014 - 08:06 PM
DonnaB
-
- GeekU Moderator
-
- 8,529 posts
Miss Congeniality
John,
Open Malwarebytes and go to History tab > Application Logs and double click on the scan log. Please post that log, not the protection log.
Open Malwarebytes and go to History tab > Application Logs and double click on the scan log. Please post that log, not the protection log.
#44
Posted 12 November 2014 - 08:09 PM
The_Omni
- Topic Starter
-
- Member
-
- 43 posts
Member
Ok popped back over to the PC we are cleaning to see Malwarebytes being closed by windows. Data Error Prevention
#45
Posted 12 November 2014 - 08:12 PM
The_Omni
- Topic Starter
-
- Member
-
- 43 posts
Member
OK last scan log is from the 9th
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 11/9/2014
Scan Time: 9:24:36 PM
Logfile: Malwarebytes scan log 11-9.txt
Administrator: Yes
Version: 2.00.3.1025
Malware Database: v2014.11.09.01
Rootkit Database: v2014.11.08.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Chilson
Scan Type: Threat Scan
Result: Cancelled
Objects Scanned: 45010
Time Elapsed: 8 min, 36 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
Similar Topics
Also tagged with one or more of these keywords: Trojans, PUPS, POWERLIKS, ReDirects, Multiple Chrome Instances, Powerliks, Rogues, PUPs, Bogus Chrome Instances
![FireFox blocking constant redirects [Solved] - last post by Essexboy](http://www.geekstogo.com/forum/uploads/profile/photo-177837.gif?_r=1396965007)
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
