Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Little Old Lady PC, Need Help Helping

Trojans PUPS POWERLIKS ReDirects Multiple Chrome Instances Powerliks Rogues PUPs Bogus Chrome Instances

  • Please log in to reply

#46
The_Omni

The_Omni

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

Oh and welcome back and again thanks for helping


  • 0

Advertisements


#47
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,500 posts
I see that you installed Avast. Nice... :spoton:

Ok. The MBAM log looks good. The folder, C:\Users\All Users\RyMMiLto, is very strange, though I did find one instance online where one of my associates removed the file yet not a similarly strange folder, so I am not only going to remove only that file, yet reset the Windows Firewall with the following commands in the fix, then we will continue from there.

Please download the attached fixlist.txt file and save it to your Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Attached File  fixlist.txt   241bytes   44 downloads

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Run FRST and press the Fix button just once and wait.
The tool will create a log (Fixlog.txt) on the Desktop. Please post it in your reply.
  • 0

#48
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,500 posts

Oh and welcome back and again thanks for helping

:D  Thanks! And you're very welcome!

Isn't this fun!?! :prop:  I really do like helping others after a long days work. I find it personally rewarding to say the least! :geek:

 


  • 0

#49
The_Omni

The_Omni

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

Oh when I popped back over, windows killed Malwarebytes again.

 

While I was running FRST fix windows firewall blocked an HP proggy grabbed a screen shot will post when machine reboots. along with new fix log.

 

FYI that malware scan log was from days ago before we started.


  • 0

#50
The_Omni

The_Omni

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

Fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-11-2014
Ran by Chilson at 2014-11-12 19:27:39 Run:3
Running from C:\Users\Chilson\Desktop\AAA FRST3
Loaded Profile: Chilson (Available profiles: Chilson & avery)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\Users\All Users\RyMMiLto\dat\rFBLfkuqsTj.dll
C:\Users\All Users\RyMMiLto\dat\yOefCIVAJW.dll
DeleteQuarantine:
Hosts:
Emptytemp:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
*****************

"C:\Users\All Users\RyMMiLto\dat\rFBLfkuqsTj.dll" => File/Directory not found.
"C:\Users\All Users\RyMMiLto\dat\yOefCIVAJW.dll" => File/Directory not found.
"C:\FRST\Quarantine" => Removed successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

=========  netsh advfirewall reset =========

Ok.

========= End of CMD: =========

=========  netsh advfirewall set allprofiles state on =========

Ok.

========= End of CMD: =========

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 17.9 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====

Attached Thumbnails

  • blocked.jpg

  • 0

#51
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,500 posts
Photosmart is an HP program and since it is in the HP folder, I wouldn't worry about it. It appears that since I reset the firewall, the program might have tried to access the HP network to get an update to the software. You can click on the unblock button if you like.

I see that folder was not found by my FRST fix to be removed. I'll look into why. Could be nothing but I want to make sure.

Security Check did find some programs that are outdated. Let's get them updated.

Out of date Adobe Reader installed!
Your Adobe reader needs updating. You should ensure you use the latest Adobe Reader and install any security updates that are released. You can download the latest reader and updates from here, though be very careful to uncheck the option to install McAfee Security Scan Plus.
 
As a side note: I'd suggest uninstalling Adobe Reader and using FoxIt or Sumatra Reader. Adobe has become very vulnerable over the last couple of years and really uses up resources more than FoxIt or Sumatra Reader. The "footprints" for Foxit and Sumatra Reader are considerably smaller than Adobe's and consequently uses less resources (RAM as well as hard drive space). It's been said that there are a few things those readers cannot do compared to Adobe, but I haven't come across any users complaining.
 
If you choose to install Foxit Reader, please be advised that you may have to uncheck any pre-checked software. Choose custom install.
 
If you'd like, you can download Foxit Reader from here.
Or if you choose, you could install Sumatra from here, though make sure to uninstall Adobe Reader.
 
You might want to discuss this with the owners of the computer.

Next:

As for Adobe Flash Player, you can get the updated version from here, though as mentioned above with the Adobe Reader update, be very careful to uncheck the option to install McAfee Security Scan Plus.

Next:

javaicon.gif Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Now a days, your typical home computer user doesn't need Java installed, which at one time was desperately needed for websites to be displayed. That is no longer the case. I had uninstalled Java a few years ago and have since found no need for it, so the choice is yours if you would like to reinstall or not. If the need ever arises, you will be notified that Java is needed at which time you could install, or you could reinstall and just disable Java till the moment arises if it is needed.

You can read more about the need for Java and how to disable it here.

If you would like to reinstall, please do so from here.

Once your are done updating, go ahead and run Disk Cleanup if you haven't already. It will also flush out all restore points except for the last one created.

How is the system running now? I would like to remove all the tools used, though I will wait for your opinion before doing so.
  • 0

#52
The_Omni

The_Omni

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

I am working it.  FYI there is not installed JAVA, first thing I uninstalled when I got to the control panel.


  • 0

#53
The_Omni

The_Omni

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

The machine is acting badly right now, it is not loading pages correctly 50% of the time, just goes out and doesn't come back, DEP (Data Execution Prevention) On Note pad, Malwarebytes and earlier Powershell


  • 0

#54
The_Omni

The_Omni

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

Ok all cleaned up, system restore files deleted, loaded Foxit  ran another Security Check, here is the log

 

 Results of screen317's Security Check version 0.99.89  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 CCleaner     
 Google Chrome 34.0.1847.116  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
 AVAST Software Avast ng vbox\AvastVBoxSVC.exe 
 AVAST Software Avast ng ngtool.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 3 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 

  • 0

#55
The_Omni

The_Omni

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

PS I loaded Chrome, got tired of dealing with ie.  Updated it to current


Edited by The_Omni, 12 November 2014 - 10:52 PM.

  • 0

Advertisements


#56
The_Omni

The_Omni

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

I would like to run another Malwarebytes Scan, but I won't until you give me permission.


  • 0

#57
The_Omni

The_Omni

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

I went ahead and Defragged.

 

PS Here is the info on Puran, I like its features for a free app

 

http://www.majorgeek...ee_edition.html


  • 0

#58
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,500 posts
Good morning, John!

Those DEP issues are possibly related to recently installed programs. Not sure, but I wonder it that has anything to do with Windows being outdated to to the nature of the Windows programs that are being detected. The following link might shed some light on that:

Data Execution Prevention: frequently asked questions

Go ahead and run Malwarebytes if you like. Use the following instructions to ensure specific settings are configured:

Malwarebytes 2.0, please run a Threat Scan
  • Click on the Dashboard tab and to the right of Database Version, click the Update Now >> link.
  • After the updates complete, click on the Settings tab at the top then click on Detection and Protection.
  • Under Detection Options, make sure all 3 options are checked.
  • Just below that, under Non-Malware Protection, click on the drop down arrow under PUP (Potentially Unwanted Program) detections: and choose Treat detections as malware.
  • Click on the Scan tab at the top, then click on the Scan Now >> button. (There is also a Scan Now >> button on the Dashboard you can click as well.
  • If you are offered to update again, go ahead and click the Update Now >> button. Once complete, the Threat Scan will begin.
  • When the scan is complete, if there have been any detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
Post log:
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.
Next:

Might be a good idea to do a System File Check as well:

SFC Scan
  • Click on the Start Start%20Orb.jpg button and in the search box, type cmd.exe
  • When you see cmd in the list, right-click on it and select Run as administrator
  • When command prompt opens, please type or copy/paste the following command into it, then press Enter

    sfc /scannow

    Wait for this to finish before you continue.

    Once the scan completes, type or copy/paste the following into notepad

    @echo off
    findstr /c:"[SR]" %windir%\logs\cbs\cbs.log > sfcdetails.txt
    del %0
  • Click on File > Save As... and type sfc.bat then click Save
  • Double click on the batch file.
  • This will create the file, sfcdetail.txt on your Desktop and the .bat file icon will self delete. Please attach this to your next post.
  • Next:

    Then run a Disk Check:
    • Click on Start > Run and type in cmd
    • Press Enter
    • In the Command Prompt window type chkdsk c:/r (or copy and paste) and press Enter.
      Please Note the space between k c:/r
    • The next dialog box will now show the following:

      Chkdsk cannot run because the volume is in use by another
      process. Would you like to schedule this volume to be
      checked the next time the system restarts? <Y/N>
    • Type Y and reboot the computer.
    • Checkdisk will start once the computer reboots. It can take up to an hour or more to complete as it goes through the stages. Allow it to run uninterrupted till complete.
    To find the log that is produced please do the following:

    Please download ListChkdskResult by SleepyDude to the desktop.
    • Double click on the icon and click [b]Run
    • The log will appear on your desktop as a .txt file and the notepad will open.
    Please copy and paste the results in your next reply.


  • 0

#59
The_Omni

The_Omni

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

MalwareBytes Scan Log

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 11/13/2014
Scan Time: 7:42:33 PM
Logfile: MWB 11-13.txt
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.11.14.01
Rootkit Database: v2014.11.12.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled
 
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Chilson
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 349169
Time Elapsed: 24 min, 20 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#60
The_Omni

The_Omni

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

Hope you had a good day.  It locked up on me earlier so I had to hard start and did a chkdsk fix after restart

 

Clean on MWB scan doing System File Check now


  • 0






Similar Topics


Also tagged with one or more of these keywords: Trojans, PUPS, POWERLIKS, ReDirects, Multiple Chrome Instances, Powerliks, Rogues, PUPs, Bogus Chrome Instances

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP