[pystryker]

Let's run a sweep for remnants, and check for out of date programs on your machine.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits



Go back to the Dashboard and select Scan Now



If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.





On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list.

Click View, then click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->

• Select the option YES, I accept the Terms of Use then click on Start
• When prompted allow the Add-On/Active X to install.
• Make sure that the option Remove found threats is NOT checked.
• Make sure that the option Scan archives is checked.
• Now click on Advanced Settings and select the following:
• Scan for potentially unwanted applications
• Scan for potentially unsafe applications
• Enable Anti-Stealth Technology
• Now click on Start
• The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically. The scan may take several hours.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• Now click on Finish
• Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic.

Step 3: SecurityCheck Scan


Download Security Check by screen317 from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Things I need to see in your next post:

• ESET Scan Log
• MBAM Log
• SecurityCheck Log

[Advertisements]

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 1/12/2014

Scan Time: 1:22:20

Logfile: mbam.txt

Administrator: Yes

 

Version: 2.00.3.1025

Malware Database: v2014.11.30.11

Rootkit Database: v2014.11.30.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: AdminPc

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 453157

Time Elapsed: 22 min, 47 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

[HaraMo]

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 1/12/2014

Scan Time: 1:22:20

Logfile: mbam.txt

Administrator: Yes

 

Version: 2.00.3.1025

Malware Database: v2014.11.30.11

Rootkit Database: v2014.11.30.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: AdminPc

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 453157

Time Elapsed: 22 min, 47 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

[HaraMo]

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# product=EOS

# version=8

# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=4815cfd32904fa4d9b12201a0a2fecdb

# engine=21335

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2014-12-01 02:26:00

# local_time=2014-12-01 03:26:00 (+0100, West-Europa (standaardtijd))

# country="Belgium"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1='AVG AntiVirus Free Edition 2014'

# compatibility_mode=1051 16777213 100 100 69551 104534744 0 0

# compatibility_mode_1=''

# compatibility_mode=5893 16776574 66 85 30533688 169030610 0 0

# scanned=196786

# found=17

# cleaned=0

# scan_time=5466

sh=DF7577D846C56BF42C03EEECB91D87DCE679C5F0 ft=1 fh=a34ae33b84fa901e vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\EliteUnzip\Verify.dll.vir"

sh=231C38F6B46AE28D5F7432376599B8AA87F7C6C5 ft=0 fh=0000000000000000 vn="a variant of Win32/Speedchecker.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bryan77\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\application.xap.vir"

sh=2DAAB83B0439BC76845E58F3F7DDB84EE8E210C4 ft=1 fh=855a37aa5dbeb36f vn="Win32/InstallCore.PC potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bryan77\AppData\Roaming\0V1L2Z2Z1T1I1L1T\The Simpsons Tapped Out Packages\uninstaller.exe.vir"

sh=C5AA96F17ED2B68CA4C839EA7394F4534B4F5C3F ft=1 fh=57a85fb4fd4bc01c vn="a variant of Win64/Systweak.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"

sh=EE2D8A0C16CB4F60E07AD30BC8F4AF2D25E4FF62 ft=1 fh=c2a60ef126908cf5 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe"

sh=24A108C48173FDD9962F7CC3D4DB4B852D864838 ft=1 fh=0501d0dc4c9a869f vn="a variant of Win32/Systweak.N potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll"

sh=915239C2678EFCE5C2E45012595BEA0C050864B4 ft=1 fh=9ca6c4d86ffea4d8 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe"

sh=67A75BAA7A5BBB2EEEBB99D490F00F82D0BB1E09 ft=1 fh=5d5a0ac2ab2c0a85 vn="a variant of Win32/Systweak potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe"

sh=2C09414F7BCF16F3C9A358B5CCD4492EF7EEF08E ft=1 fh=5545a1a02bc092d6 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe"

sh=322DCE4CCA5EB266FFEDD900C6D628769AD18300 ft=1 fh=b3d66e50f9e4f6b1 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe"

sh=060D08163EF7FA4BB739ADA226BD1DD4222A2102 ft=1 fh=24e20994b5c9d9b1 vn="a variant of Win32/InstallCore.QW potentially unwanted application" ac=I fn="C:\Users\Bryan\Downloads\winzip18-lan_nl.exe"

sh=CFF66AA454F00BA683590438F755AB818FDFB457 ft=1 fh=24e209944bded4b6 vn="a variant of Win32/InstallCore.QW potentially unwanted application" ac=I fn="C:\Users\Bryan\Downloads\winzip185-mediafire.exe"

sh=10C99F45BD2B08BD98969D98CA75C56F9FBAC19F ft=1 fh=e40f4eda1f82b3f5 vn="a variant of Win32/Speedchecker.B potentially unwanted application" ac=I fn="C:\Users\bryan77\Documents\PCSUUpdate.exe"

sh=737B836BD63E509C7EEF18E597D4A149F26B0454 ft=1 fh=24e209944f4197cb vn="a variant of Win32/InstallCore.QW potentially unwanted application" ac=I fn="C:\Users\bryan77\Downloads\winzip18-dl.exe"

sh=F2347B3D9D24C1DAE41A07DB7DF9CE1001B9CBCE ft=0 fh=0000000000000000 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Windows\Installer\175435.msi"

sh=487EF3DFD45A597836AE823E3C4CB392B39B26C5 ft=1 fh=f0be2c9301a62e94 vn="a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application" ac=I fn="C:\_OTL\MovedFiles\11272014_223209\C_Program Files (x86)\AskPartnerNetwork\Toolbar\APNSetup.exe"

sh=4D0DAAE804F1187A43E930D19BDDE27925091CD4 ft=1 fh=5a43722cb340125e vn="a variant of Win32/Speedchecker.B potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\11272014_223209\C_Program Files (x86)\PC Speed Up\PCSUSD.exe"

[HaraMo]

 Results of screen317's Security Check version 0.99.91  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

AVG AntiVirus Free Edition 2014   

 Antivirus up to date!  (On Access scanning disabled!) 

`````````Anti-malware/Other Utilities Check:````````` 

 Java 7 Update 67  

 Java version 32-bit out of Date! 

 Adobe Flash Player 10 Flash Player out of Date! 

 Google Chrome (39.0.2171.65) 

 Google Chrome (39.0.2171.71) 

````````Process Check: objlist.exe by Laurent````````  

 AVG avgwdsvc.exe 

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 0% 

````````````````````End of Log`````````````````````` 

[pystryker]

Very good, let's get rid of the files that ESET has found.

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Fix with FRST

• Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
• Right-click in the open notepad and select Paste).
• Save it on the desktop as fixlist.txt

Start
C:\Users\Bryan\Downloads\winzip18-lan_nl.exe
C:\Users\Bryan\Downloads\winzip185-mediafire.exe
C:\Users\bryan77\Documents\PCSUUpdate.exe
C:\Users\bryan77\Downloads\winzip18-dl.exe
C:\Windows\Installer\175435.msi
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Things I need to see in your next post:

Fixlog.txt Log

[HaraMo]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-12-2014

Ran by AdminPc at 2014-12-02 08:50:57 Run:2

Running from C:\Users\AdminPc\Desktop

Loaded Profile: AdminPc (Available profiles: bryan77 & Bryan & Barbara & AdminPc)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Start

C:\Users\Bryan\Downloads\winzip18-lan_nl.exe

C:\Users\Bryan\Downloads\winzip185-mediafire.exe

C:\Users\bryan77\Documents\PCSUUpdate.exe

C:\Users\bryan77\Downloads\winzip18-dl.exe

C:\Windows\Installer\175435.msi

End

*****************

 

C:\Users\Bryan\Downloads\winzip18-lan_nl.exe => Moved successfully.

C:\Users\Bryan\Downloads\winzip185-mediafire.exe => Moved successfully.

C:\Users\bryan77\Documents\PCSUUpdate.exe => Moved successfully.

C:\Users\bryan77\Downloads\winzip18-dl.exe => Moved successfully.

C:\Windows\Installer\175435.msi => Moved successfully.

 

==== End of Fixlog ====

[pystryker]

Great news, your logs are CLEAN! but we still have a few things we need to address namely:

• I need to remove the tools we installed on your machine.
• We also have some programs on your machine that need updating to help protect you in the future.

Step 1: Tool Removal with Delfix and Creation of a clean restore point

• Download Delfix from here
• Ensure Remove disinfection tools is ticked
  Also tick:
  • Create registry backup
  • Purge system restore
  
• Click Run

The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can uninstall ESET Online Scanner at this time.

I recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week. If it finds things such as PUP's (Potentially Unwanted Programs) you can delete those with no worries. However, if it finds something like a trojan, come see us.


Step 2: Program Updates


A word about Java

Java has become the #1 program exploited by thieves and hackers as of today. It's gotten so bad, the Department of Homeland Security recently recommended that users disable Java on their machines.

For more information regarding this, see the two articles below:

Forbes: US Department of Homeland Security Calls on user do disable Java

US warns on Java software

Unless you have software on your machine that absolutely requires Java, I highly recommend you completely remove it from your system.

If you do have software that requires it, then disable it until such time as it's needed by those programs.

Please click the link below for instructions to disable Java.

How to Disable Java in your Web Browser


If you wish to continue to use Java on your machine, please be sure to keep it updated by following the instructions below.

• Click on this link Java Website and click Do I Have Java?
• Then click the Verify Java Version button. It will scan your current version and show you if you have the most current version.

You can find instructions for manually removing older versions for Windows XP, Vista, and 7 by clicking the link below:

Instructions for manually removing old versions of Java

Updating Adobe Flash

• Malware will exploit any vulnerabilities it can find in outdated software. Your current version of Adobe Flash Player is out of date.
• Click here to update it to the latest version.
• Please remember to uncheck the option to install McAfee's Security Suite.

Step 3: Tips, Information and Optional Installation of Unchecky


Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.

Install and keep only one anti-virus on your machine. Update it and scan your machine with it at least once a week.

Be careful of the websites you visit.

When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take you time and read each screen as you go.

To help protect yourself while on the web, I recommend you read How did I get infected in the first place?

Installation of Unchecky

This is a very good little program that will automatically uncheck any boxes during a software installation. This helps prevent the software from installing any malware that is by default checked while the program is being installed.

Click here to be taken to Unchecky.com

Click the very large Download button.

Click Save

Once downloaded, double click the program (Vista, Win 7, and 8, right click and Run as Administrator)

Once open, click the Install button.





Then click Finish




Unchecky is now installed and will help you keep unwanted check boxes unchecked.


Are there any further issues I can assist you with?

Things I need to see in your next post

Delfix Log

[HaraMo]

^{# DelFix v10.8 - Logfile created 02/12/2014 at 23:25:02
# Updated 29/07/2014 by Xplode
# Username : AdminPc - BRYAN77-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)}

^{~ Removing disinfection tools ...}

^{Deleted : C:\_OTL
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\AdminPc\Desktop\FRST-OlderVersion
Deleted : C:\Users\AdminPc\Desktop\Fixlog.txt
Deleted : C:\Users\AdminPc\Desktop\FRST64.exe
Deleted : C:\Users\AdminPc\Desktop\SecurityCheck.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner}

^{~ Creating registry backup ... OK}

^{~ Cleaning system restore ...}

^{Deleted : RP #96 [Windows Update | 11/18/2014 20:00:11]
Deleted : RP #97 [Gepland controlepunt | 11/25/2014 23:00:01]
Deleted : RP #98 [OTL Restore Point - 27/11/2014 22:32:21 | 11/27/2014 21:32:23]}

^{New restore point created !}

^{########## - EOF - ##########}

[HaraMo]

About updating flashplayer

 

If I go to http://www.adobe.com...re/flash/about/ it says I have the latest version of flash player.15,0,0,239.

 

 

why does the security check says I have flashplayer 10?

[pystryker]

About updating flashplayer
 
If I go to http://www.adobe.com...re/flash/about/ it says I have the latest version of flash player.15,0,0,239.
 
 
why does the security check says I have flashplayer 10?

Hmm..that's a good question. That might be something I need to bring to the developers attention.

[pystryker]

Hello

Are there any remaining issues with your machine?

[HaraMo]

Dear

 

In general, laptop is fast, very fast :-) so that slow problem is solved.

 

One of the users (limited account) is saying that it goes so fast that when she put the white arrow (mouse cursor) on an icon, the programm starts without double click on it.. hmm

 

me myself did not had this problem.

 

 

another account (also limited account)  stll has the black color in toop of google chrome. Also a problem that existed before: Word starter 2010 , if an image is added in the word file, no image is showed, but in another limited account the picture is showed. Also in admin account it works ok.

 

when I play with the image options , then I can see the image, but it should appear in all options (see picture which options I mean)

 

 

Edited by HaraMo, 04 December 2014 - 08:39 AM.

[pystryker]

In general, laptop is fast, very fast :-) so that slow problem is solved.

 

 

  Very glad to hear that!

 

Unfortunately, the other issues are outside my particular area of expertise.  However, if you will click the link below, it will take you to the Web Browsers and Email Forum and they should be able to help with the Chrome problem.

Web Browsers and Email Forum

Also, the link below will send you to our Office Forum for help with the image issue.

Office Forum

[pystryker]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.