Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan:Win32 New Topic [Solved]


  • This topic is locked This topic is locked

#16
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Hi. The following instructions are for SCOTT-PC - I will create a new post for PENNY-PC after this one.
 

! Piracy Warning !


It appears that you have pirated material on your computer.

You may or may not be aware but there is an unnofficial version of Adobe Acrobat on your computer,

If you wish our help to continue, please uninstall the following programs:

Adobe Acrobat Pro


Step 1

FRST Fix

If FRST.exe/FRST64.exe is not on your desktop, please download Farbar Recovery Scan Tool and save it to your desktop.

  • Download the attached Attached File  fixlist.txt   839bytes   23 downloads and save it to your desktop <<< very important - it must be in the same location as FRST.exe/FRST64.exe
  • Right click frst.png and run as administrator. When the tool opens click Yes to the disclaimer.
  • Press the Fix button.
  • It will produce a log called fixlog.txt on your Desktop.
  • Please copy and paste the contents of that log back here.

    NOTICE: This script was written specifically for this user, for use on that particular machine, at this point in time. Running this on another machine may cause damage to your operating system.

Step 2

jrt.pngJunkware Removal Tool
Please download Junkware Removal Tool to your desktop. << Important
Ensure that any security software is temporarily disabled for the duration of the scan. Don't forget to re-enable it afterwards.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by right-clicking jrt.png and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 3


adwcleaner.pngAdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • Vista/7/8 users: Right click the adwcleaner.pngAdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

    AdwScan.jpg?
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Items I need to see in your next post:

  • FRST Fixlog
  • JRT log
  • ADWcleaner Scan log

  • 0

Advertisements


#17
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Hi. The following instructions are for PENNY-PC

Step 1

FRST Fix

If FRST.exe/FRST64.exe is not on your desktop, please download Farbar Recovery Scan Tool and save it to your desktop.

  • Download the attached Attached File  fixlist.txt   2.03KB   32 downloads and save it to your desktop <<< very important - it must be in the same location as FRST.exe/FRST64.exe
  • Right click frst.png and run as administrator. When the tool opens click Yes to the disclaimer.
  • Press the Fix button.
  • It will produce a log called fixlog.txt on your Desktop.
  • Please copy and paste the contents of that log back here.

    NOTICE: This script was written specifically for this user, for use on that particular machine, at this point in time. Running this on another machine may cause damage to your operating system.

Step 2

 jrt.pngJunkware Removal Tool
Please download Junkware Removal Tool to your desktop. << Important
Ensure that any security software is temporarily disabled for the duration of the scan. Don't forget to re-enable it afterwards.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by right-clicking jrt.png and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 3


adwcleaner.pngAdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • Vista/7/8 users: Right click the adwcleaner.pngAdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

    AdwScan.jpg?
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Items I need to see in your next post:

  • FRST Fixlog
  • JRT log
  • ADWcleaner Scan log

  • 0

#18
scewter

scewter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts

Ruggie, actions completed on Scott-PC.

 

r.e. "...please uninstall the following programs:

Adobe Acrobat Pro
"

 

Thnx for the heads up. Software removed.

 

FRST Fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-01-2015
Ran by Scott at 2015-01-12 16:27:28 Run:1
Running from Y:\Scotty\Desktop
Loaded Profile: Scott (Available profiles: Scott & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
createrestorepoint:
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
C:\Program Files\Updater By SweetPacks
C:\Users\Scott\en_res.dll
C:\Users\Scott\es_res.dll
C:\Users\Scott\fr_res.dll
C:\Users\Scott\grm_res.dll
C:\Users\Scott\it_res.dll
C:\Users\Scott\jp_res.dll
C:\Users\Scott\mfc80u.dll
C:\Users\Scott\msvcr80.dll
C:\Users\Scott\PCPE Setup.exe
C:\Users\Scott\pt_res.dll
C:\Users\Scott\ResourceReader.dll
C:\Users\Scott\ru_res.dll
C:\Users\Scott\zh_res.dll
hosts:
emptytemp:
end
*****************

Error: (0) Failed to create a restore point.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.
HKLM\Software\Mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D} => value deleted successfully.
"C:\Program Files\Updater By SweetPacks" => File/Directory not found.
C:\Users\Scott\en_res.dll => Moved successfully.
C:\Users\Scott\es_res.dll => Moved successfully.
C:\Users\Scott\fr_res.dll => Moved successfully.
C:\Users\Scott\grm_res.dll => Moved successfully.
C:\Users\Scott\it_res.dll => Moved successfully.
C:\Users\Scott\jp_res.dll => Moved successfully.
C:\Users\Scott\mfc80u.dll => Moved successfully.
C:\Users\Scott\msvcr80.dll => Moved successfully.
C:\Users\Scott\PCPE Setup.exe => Moved successfully.
C:\Users\Scott\pt_res.dll => Moved successfully.
C:\Users\Scott\ResourceReader.dll => Moved successfully.
C:\Users\Scott\ru_res.dll => Moved successfully.
C:\Users\Scott\zh_res.dll => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 751.6 MB temporary data.

The system needed a reboot.

==== End of Fixlog 16:27:41 ====

 

JRT log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Scott on Mon 01/12/2015 at 16:33:48.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

Successfully deleted: [File] "C:\Users\Scott\appdata\locallow\skwconfig.bin"

 

~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Scott\appdata\local\{1266026E-95E1-4BCD-B2E6-85CDF94CF393}
Successfully deleted: [Empty Folder] C:\Users\Scott\appdata\local\{35E989D2-8058-4DE4-8E2A-A2BAB9A0299A}

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/12/2015 at 16:35:49.85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

ADWcleaner Scan log

 

# AdwCleaner v4.107 - Report created 12/01/2015 at 17:01:50
# Updated 07/01/2015 by Xplode
# Database : 2015-01-12.3 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Scott - SCOTT-PC
# Running from : Y:\Scotty\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Users\Guest\AppData\LocalLow\SkwConfig.bin

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\connect.delta.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\delta.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\nym1.ib.adnxs.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.delta.com
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\ImInstaller
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}
Key Found : [x64] HKLM\SOFTWARE\Updater By Sweetpacks

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

-\\ Mozilla Firefox v32.0.2 (x86 en-US)

*************************

AdwCleaner[R0].txt - [1343 octets] - [12/01/2015 17:01:50]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1403 octets] ##########

 


  • 0

#19
scewter

scewter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts

OK - here're the results of the scans from Penny-PC:

 

FRST Fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-01-2015
Ran by Penny at 2015-01-12 17:18:01 Run:1
Running from T:\Penns\Desktop
Loaded Profile: Penny (Available profiles: Penny)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
createrestorepoint:
HKU\S-1-5-21-4134255270-1962352870-800200895-1000\...\MountPoints2: {6d0b6bc9-f623-11e3-a601-08edb918fe60} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-4134255270-1962352870-800200895-1000\...\MountPoints2: {ad14f261-9550-11e3-9d3e-08edb918fe60} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-4134255270-1962352870-800200895-1000\...\MountPoints2: {cc79ac66-2d35-11e4-9835-08edb918fe60} - E:\LaunchU3.exe -a
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
C:\Users\Penny\en_res.dll
C:\Users\Penny\es_res.dll
C:\Users\Penny\fr_res.dll
C:\Users\Penny\grm_res.dll
C:\Users\Penny\it_res.dll
C:\Users\Penny\jp_res.dll
C:\Users\Penny\mfc80u.dll
C:\Users\Penny\msvcr80.dll
C:\Users\Penny\PCPE Setup.exe
C:\Users\Penny\pt_res.dll
C:\Users\Penny\ResourceReader.dll
C:\Users\Penny\ru_res.dll
C:\Users\Penny\zh_res.dll
Task: {2F646BF6-73C8-4A3E-94AB-5D91AAD9CC37} - System32\Tasks\Idle-Crawler Runner => %LOCALAPPDATA%\Idle-Crawler\Idle-Crawler.exe <==== ATTENTION
Task: {7138BF8F-EACE-4165-9687-2BDF710B7A62} - System32\Tasks\Microsoft\Windows\Maintenance\UP_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {8724F3E4-4751-4D42-A053-75EC6320ACB0} - System32\Tasks\Microsoft\Windows\Maintenance\Idle-Crawler Update => %LOCALAPPDATA%\Idle-Crawler\Idle-Crawler.exe <==== ATTENTION
Task: {ADEE35FE-42C6-4FA3-8184-943EFACCB976} - System32\Tasks\GC_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {AF30E9E1-DB80-4CE1-A1E2-FAFE17E7E642} - System32\Tasks\Windows Updater => C:\Users\Penny\AppData\Roaming\Oxy\Updater.exe <==== ATTENTION
Task: {D3D6EDC0-25EE-4A0E-A004-53A24853F66C} - System32\Tasks\RunAsStdUser Task => C:\Users\Penny\AppData\Local\Oxy\Application\oxy.exe <==== ATTENTION
Task: {DE83F062-BBEC-45C2-9C3D-51A98FC70B27} - \Oxy No Task File <==== ATTENTION
C:\Users\Penny\AppData\Local\Oxy
C:\Users\Penny\AppData\Roaming\Oxy
C:\Users\Penny\AppData\Local\Idle-Crawler
C:\Users\Penny\AppData\Local\GCC
emptytemp:
end
*****************

Restore point was successfully created.
"HKU\S-1-5-21-4134255270-1962352870-800200895-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d0b6bc9-f623-11e3-a601-08edb918fe60}" => Key deleted successfully.
HKCR\CLSID\{6d0b6bc9-f623-11e3-a601-08edb918fe60} => Key not found.
"HKU\S-1-5-21-4134255270-1962352870-800200895-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad14f261-9550-11e3-9d3e-08edb918fe60}" => Key deleted successfully.
HKCR\CLSID\{ad14f261-9550-11e3-9d3e-08edb918fe60} => Key not found.
"HKU\S-1-5-21-4134255270-1962352870-800200895-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc79ac66-2d35-11e4-9835-08edb918fe60}" => Key deleted successfully.
HKCR\CLSID\{cc79ac66-2d35-11e4-9835-08edb918fe60} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\Users\Penny\en_res.dll => Moved successfully.
C:\Users\Penny\es_res.dll => Moved successfully.
C:\Users\Penny\fr_res.dll => Moved successfully.
C:\Users\Penny\grm_res.dll => Moved successfully.
C:\Users\Penny\it_res.dll => Moved successfully.
C:\Users\Penny\jp_res.dll => Moved successfully.
C:\Users\Penny\mfc80u.dll => Moved successfully.
C:\Users\Penny\msvcr80.dll => Moved successfully.
C:\Users\Penny\PCPE Setup.exe => Moved successfully.
C:\Users\Penny\pt_res.dll => Moved successfully.
C:\Users\Penny\ResourceReader.dll => Moved successfully.
C:\Users\Penny\ru_res.dll => Moved successfully.
C:\Users\Penny\zh_res.dll => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2F646BF6-73C8-4A3E-94AB-5D91AAD9CC37}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F646BF6-73C8-4A3E-94AB-5D91AAD9CC37}" => Key deleted successfully.
C:\Windows\System32\Tasks\Idle-Crawler Runner => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Idle-Crawler Runner" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7138BF8F-EACE-4165-9687-2BDF710B7A62}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7138BF8F-EACE-4165-9687-2BDF710B7A62}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\UP_Scheduler => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\UP_Scheduler" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8724F3E4-4751-4D42-A053-75EC6320ACB0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8724F3E4-4751-4D42-A053-75EC6320ACB0}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\Idle-Crawler Update => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\Idle-Crawler Update" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ADEE35FE-42C6-4FA3-8184-943EFACCB976}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ADEE35FE-42C6-4FA3-8184-943EFACCB976}" => Key deleted successfully.
C:\Windows\System32\Tasks\GC_Scheduler => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GC_Scheduler" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF30E9E1-DB80-4CE1-A1E2-FAFE17E7E642}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF30E9E1-DB80-4CE1-A1E2-FAFE17E7E642}" => Key deleted successfully.
C:\Windows\System32\Tasks\Windows Updater => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Windows Updater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D3D6EDC0-25EE-4A0E-A004-53A24853F66C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3D6EDC0-25EE-4A0E-A004-53A24853F66C}" => Key deleted successfully.
C:\Windows\System32\Tasks\RunAsStdUser Task => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAsStdUser Task" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DE83F062-BBEC-45C2-9C3D-51A98FC70B27}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE83F062-BBEC-45C2-9C3D-51A98FC70B27}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Oxy" => Key deleted successfully.
"C:\Users\Penny\AppData\Local\Oxy" => File/Directory not found.
"C:\Users\Penny\AppData\Roaming\Oxy" => File/Directory not found.
"C:\Users\Penny\AppData\Local\Idle-Crawler" => File/Directory not found.
"C:\Users\Penny\AppData\Local\GCC" => File/Directory not found.
EmptyTemp: => Removed 2.8 GB temporary data.

The system needed a reboot.

==== End of Fixlog 17:18:20 ====

 

 

JRT log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Penny on Mon 01/12/2015 at 17:22:46.08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update greygray
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateGreyGray_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateGreyGray_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updateGreyGray_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updateGreyGray_RASMANCS

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\pcdr"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/12/2015 at 17:24:03.65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

ADWcleaner Scan log

 

# AdwCleaner v4.107 - Report created 12/01/2015 at 17:28:48
# Updated 07/01/2015 by Xplode
# Database : 2015-01-12.3 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Penny - PENNY-PC
# Running from : T:\Penns\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Re_Markit
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\connect.delta.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\delta.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\homes.trovit.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ib.adnxs.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\nym1.ib.adnxs.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\trovit.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.delta.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

-\\ Chromium v

*************************

AdwCleaner[R0].txt - [1602 octets] - [22/06/2014 11:38:12]
AdwCleaner[R1].txt - [4213 octets] - [12/01/2015 17:28:48]
AdwCleaner[S0].txt - [1605 octets] - [22/06/2014 11:39:18]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [4333 octets] ##########


  • 0

#20
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts


Hi - Not too bad on these two PC's so not a great deal to do :D

We can do the same instructions for both PC's here.

First...

adwcleaner.pngRe-run AdwCleaner

Close all open windows and browsers.
  • Right click the adwcleaner.pngAdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to complete.
  • When the Scan has finished the Scan button will be grayed out and the Clean button will be activated.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt
Next...

Install and Run Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here or Here
  • Double Click the downloaded mbam-setup-x.x.x.xxxx.exe to install the application. (x.x.x.xxxx represents the current version number).
  • During installation, make sure uncheck Enable free trial of Malwarebytes Anti-Malware Premium, then click Finish. You can always upgrade later ;) :
    MBAM1_zps65d773c0.png
  • If an update is found, it will download and install the latest updates automatically:
  • Now select the Settings tab, and check the box next to Scan for rootkits and ensure the PUP and PUM options are selected to treat as malware:
    mbam-select.png
  • Go back to the Dashboard tab, and click the Scan Now button:
    mbam-scan.png
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, it will show you the results. (This one is clean):
    MBAM65_zpsb0aa143c.png
  • Make sure that everything is checked, and click Quarantine All (or similar).
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note below) If the log doesn't open, select View detailed log in the Scan tab:
    MBAM7_zps782405f0.png
  • The log is automatically saved by MBAM and can be viewed by going to the History tab and clicking on Application Logs:
    MBAM9_zps1f87702b.png
  • Choose the latest Scan Log, and click on the View button:
    MBAM10_zps5a48f689.png
  • In the bottom of the Scanning History Log window that opens, you can click on Export > Save to Text file (*.txt). Save the report to your Desktop.
    MBAM8_zpsad402941.png
  • Copy & Paste the entire contents of the report log in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

*** In your next reply, I need you to Copy&Paste the contents of the MBAM log file.


Then...

Please run a free online scan with the ESET Online Scanner

<< Please disable any existing anti virus product before performing the following. >>
  • Click Run Eset Online Scanner
Runscan.png


Note: You will need to use Internet Explorer or Firefox (You will be prompted to install a helper program if you use firefox)for this scan.
Important: Please disable your existing AV software for the duration of the scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start[
  • Make sure that the option Enable detection of potentially unwanted applications is checked
  • Next click on Advanced Settings and select:
eset-selections.png
  • Make sure that the option Remove found threats is NOT checked
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
eset-selections.png
  • Click Start, the virus database will update, this may take a while depending on your internet connection.
  • Once updated, the online scan will begin. (This scan can take several hours, so please be patient)
  • Once the scan is completed, click Finish
  • Use Notepad to open the logfile located at C:\Program Files (x86)\ESET\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic
Items I need to see in your next post:
  • ADWCleaner Report
  • MBAM Log
  • ESET Log

  • 0

#21
scewter

scewter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts

Actions completed on Scott-PC, and the following logs are posted here for your review - see the note before the MBAM log:

 

ADWCleaner Report

 

# AdwCleaner v4.107 - Report created 13/01/2015 at 10:26:08
# Updated 07/01/2015 by Xplode
# Database : 2015-01-13.2 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Scott - SCOTT-PC
# Running from : Y:\Scotty\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

File Deleted : C:\Users\Guest\AppData\LocalLow\SkwConfig.bin

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\connect.delta.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\delta.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\nym1.ib.adnxs.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.delta.com

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

-\\ Mozilla Firefox v32.0.2 (x86 en-US)

*************************

AdwCleaner[R0].txt - [1499 octets] - [12/01/2015 17:01:50]
AdwCleaner[R1].txt - [1559 octets] - [13/01/2015 10:25:01]
AdwCleaner[S0].txt - [1409 octets] - [13/01/2015 10:26:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1469 octets] ##########

 

MBAM Log   (note - I'm using an older version of Malwarebytes Anti-Malware Pro I purchased back in 2012. The data base is up to date, and the scan actions were identical to what you had asked for. If you prefer, I will download and use the free version. Just let me know)

 

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2015.01.13.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17501
Scott :: SCOTT-PC [administrator]

1/13/2015 10:36:14 AM
mbam-log-2015-01-13 (10-36-14).txt

Scan type: Full scan (C:\|W:\|Y:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 558957
Time elapsed: 30 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

ESET Log

 

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
Y:\Downloads\BitZipper502TrialSetup-en-pl-techpro.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application
Y:\Downloads\ccsetup327.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
Y:\Downloads\ccsetup328.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
Y:\Downloads\ccsetup402(1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
Y:\Downloads\ccsetup402.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
Y:\Downloads\ccsetup403.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
Y:\Downloads\powersuite_1[1].5-nara.rar a variant of Win32/UbSpyEraser potentially unwanted application
Y:\Scotty\Desktop\cbsidlm-tr1_13-CrystalDiskInfo-SEO-10832082.exe Win32/DownloadAdmin.G potentially unwanted application
Y:\Scotty\Desktop\ccsetup414.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
Y:\Scotty\Downloads\ccsetup416.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
Y:\Scotty\Downloads\CrystalDiskInfo5_6_2-en.exe Win32/OpenCandy potentially unsafe application
 


Edited by scewter, 13 January 2015 - 11:08 AM.

  • 0

#22
scewter

scewter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts

OK - here're the results of the scans from Penny-PC ( same note regarding version used - Malwarebyte Anti-Malware Pro):

 

 

ADWCleaner Report

 

# AdwCleaner v4.107 - Report created 13/01/2015 at 10:37:57
# Updated 07/01/2015 by Xplode
# Database : 2015-01-13.2 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Penny - PENNY-PC
# Running from : T:\Penns\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}]
Key Deleted : HKCU\Software\AppDataLow\Software\Re_Markit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\connect.delta.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\delta.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\homes.trovit.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ib.adnxs.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\nym1.ib.adnxs.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\trovit.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.delta.com

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

-\\ Chromium v

*************************

AdwCleaner[R0].txt - [1602 octets] - [22/06/2014 11:38:12]
AdwCleaner[R1].txt - [4465 octets] - [12/01/2015 17:28:48]
AdwCleaner[R2].txt - [4525 octets] - [13/01/2015 10:37:10]
AdwCleaner[S0].txt - [1605 octets] - [22/06/2014 11:39:18]
AdwCleaner[S1].txt - [4458 octets] - [13/01/2015 10:37:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4518 octets] ##########

 

MBAM Log  (note - I'm using an older version of Malwarebytes Anti-Malware Pro I purchased back in 2012. The data base is up to date, and the scan actions were identical to what you had asked for. If you prefer, I will download and use the free version. Just let me know)

 

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2015.01.13.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17501
Penny :: PENNY-PC [administrator]

1/13/2015 10:40:15 AM
mbam-log-2015-01-13 (10-40-15).txt

Scan type: Full scan (C:\|P:\|S:\|T:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 768143
Time elapsed: 52 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

ESET Log

 

 

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Windows\Installer\3d5c57.msi Win32/AdWare.Adpeak.B application
T:\Penns\Desktop\ccsetup414.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
T:\Penns\Downloads\HD_Player__CD5MTCD12814_d712c5544c4ff1af7a2febfead4262cf (1).exe Win32/Toolbar.Montiera.B potentially unwanted application
T:\Penns\Downloads\HD_Player__CD5MTCD12814_d712c5544c4ff1af7a2febfead4262cf (2).exe Win32/Toolbar.Montiera.B potentially unwanted application
T:\Penns\Downloads\HD_Player__CD5MTCD12814_d712c5544c4ff1af7a2febfead4262cf (3).exe Win32/Toolbar.Montiera.B potentially unwanted application
T:\Penns\Downloads\HD_Player__CD5MTCD12814_d712c5544c4ff1af7a2febfead4262cf (4).exe Win32/Toolbar.Montiera.B potentially unwanted application
T:\Penns\Downloads\HD_Player__CD5MTCD12814_d712c5544c4ff1af7a2febfead4262cf (5).exe Win32/Toolbar.Montiera.B potentially unwanted application
T:\Penns\Downloads\HD_Player__CD5MTCD12814_d712c5544c4ff1af7a2febfead4262cf.exe Win32/Toolbar.Montiera.B potentially unwanted application
T:\Penns\Downloads\Player (1).exe Win32/OutBrowse.V potentially unwanted application
T:\Penns\Downloads\Player (2).exe Win32/OutBrowse.V potentially unwanted application
T:\Penns\Downloads\Player (3).exe Win32/OutBrowse.V potentially unwanted application
T:\Penns\Downloads\Player (4).exe Win32/OutBrowse.V potentially unwanted application
T:\Penns\Downloads\Player.exe Win32/OutBrowse.V potentially unwanted application
T:\Penns\Downloads\Unconfirmed 639393.crdownload a variant of Win32/TorchMedia potentially unwanted application
T:\Penns\Downloads\Unconfirmed 96749.crdownload Win32/OutBrowse.V potentially unwanted application
 


  • 0

#23
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Hi, mainly looking good on both PC's however SCOTT-PC does not have any system restore points and it also failed in the script we run. So we need to address this.

SCOTT-PC
Farbar Service Scanner


Please download Farbar]Farbar Service Scanner and save it to your Desktop.
  • RIght click FSS.exe and select Run As Administrator.
  • Make sure the following options are checked:
    • System Restore
    • Windows Update
  • Press "[b]Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

  • 0

#24
scewter

scewter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts

r.e. "...SCOTT-PC does not have any system restore points and it also failed in the script we run."

 

The reason for that is I turned off the System Restore function, which was done for several reasons:

  • I've got fairly limited space on the SSD that runs the OS and all software programs.
  • In setting that system up (installing a SSD and loading the OS and software on it) the recommendation I got from multiple sources was to disable the System Restore function PROVIDING you create and manage your own system back-ups..
  • I have been imaging my drives as a back-up solution in the event of failure.

I'm always open for different opinions on the best way to manage home computer systems, and look forward to your advice.

 

Would you still request I download and run Farbar Service Scanner?


Edited by scewter, 13 January 2015 - 03:56 PM.

  • 0

#25
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

In that case then we are all done. :spoton:
Just a matter of cleaning up like before.

Good news, it looks like your system is now clean. A good workman cleans up after himself so let's now attend to that :D

Tool Removal

We need to remove the tools we've used during cleaning your machine

  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Activate UAC
    • Create registry backup
    • Purge system restore
    • Reset System Settings
    delfix-select.png
  • Click Run
  • The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

    We need to uninstall a program
    Open Programs and Features by clicking the Start button, clicking Control Panel, clicking Programs, and then clicking Programs and Features.
    Select the following programs from the list below, one at a time and click Uninstall.
    • ESET Online Scanner
    Delete the following Files and Folders (If Present):
    C:\Program Files (x86)\ESET
    Delete any other .bat, .log, .reg, .txt, and any other files created during this process, and left on the desktop and empty the Recycle Bin.



    Keep your machine updated

    Due to the ever-present tide of malware, it is important to ensure your computer is kept up-to-date to minimize the risk of future infection. An important step is to ensure that automatic updates are enabled.


    To enable automatic updates:

    Windows 7
    To turn on Automatic Updates yourself, follow these steps:
    • Click Start, type Windows update in the search box, and then click Windows Update in the Programs list.
    • In the left pane, click Change settings.
    • Select the option that you want.
    • Under Recommended updates, select the Give me recommended updates the same way I receive important updates or Include recommended updates when downloading, installing, or notifying me about updates check box, and then click OK.
    It is recommended to install an anti-malware to help prevent reinfection.
    Below are some free ones that can help keep you clean.

    Malwarebytes AntiMalware

    As you have installed Malwarebytes, I recommend that you keep this program and use it to help you stay clean.

    The free version will scan your computer and fix the problems it finds but will not provide real-time protection. You must scan regularly to find any threats.
    Consider purchasing the full version for active monitoring of threats.

    JAVA Advice
    WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
    See this article and this article.
    I would recommend that you completely uninstall Java unless you need it to run an important software or need it to play games on-line.
    In that instance I would recommend that you only use Firefox or Chrome to visit those sites and do the following:
    • For Firefox, install the NoScript add-on.
    • For Chrome, install the ScriptSafe add-on.
      -->IMPORTANT<--: After installing the add-ons you will need to tell them that the site you are visiting is allowed to run Javascript. If you don't, the sites won't work properly. Or not at all. You can go to the NoScript home page here to learn how to use the add-on.
    • Disable Java in your browsers until you need it for that software and then enable it. (See How to disable Java in your web browser or How to unplug Java from the browser)
    If you still want to update your Java, follow the instructions below:

    A.
    Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older versions of Java components and update:
    • Download the latest version of the Java Runtime Environment (JRE) Version from Here and save it to your desktop.
    • Look for "Java Platform, Standard Edition". You will see the current Java version and update number under listed under the heading. Example: The newest update is Java SE 8u25
    • Click the "Download button under "JRE".
    • On the Java SE Runtime Environment page, click the button to "Accept License Agreement".
    • Under the Java SE Runtime Environment 8u25 heading:
      To install the version for your system:
      • For Windows 64bit systems, look for Windows x64 - 88.37MB, click the jre-8u25-windows-64.exe file and save it to your desktop. Do Not run it from the Java site.
    • Close any programs you may have running - especially your web browser.
    B.
    Uninstall all versions of Java
    • Click Start > Control Panel > Add/Remove Programs. The list of installed programs will populate.
    • Click the Start Orb, then Control Panel. Under the Programs or Programs and Features section click Uninstall a program. The list of installed programs will populate.
    • Remove all older versions of Java. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE or J2SE
      The versions I see on the computer are:
      • Java 7 Update
      • Java 8 (64-bit)
      • Java SE Development Kit 8
    • Right click each program and click Uninstall and follow the on screen instructions for the Java uninstaller.
    • Repeat as many times as necessary to remove each Java version.
    • Reboot your computer once all Java components are removed.
    C.
    Install the latest JAVA

    Back on your desktop:
    • Right click the jre-8u25-windows-x64.exe file, click Run as Administrator and OK the UAC prompt to install the newest version.
    • When the Java Setup - Welcome window opens, click the Install > button.
    • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
    [Note:] The Java Quick Starter (JQS.exe) adds a service to improve the initial start up time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > You will have to be in Classic View to see Java(It looks like a coffee cup). Double-click on Java click the Advanced Tab click Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.


    Update Adobe Flash Player

    NOTE: Depending on your settings, you may have to temporarily disable your antivirus software and firewall.
    • Please click here to go to the FlashPlayer Installation page.
    • In the first column, Adobe Flash Player, make sure the system version (64bit) and the browser are correct.
      • Note: If you use IE and other browsers you will need to install both Flash Player for IE and Flash Player for Other Browsers.
    • In the middle column, Optional offer:, UNCHECK the box next to Yes, install free McAfee Security Scan Plus
    • Click the Install now button. A download window for the install_flashplayer15x64_mssd_aaa_aih.exe file will open. Save it to the desktop.
    • Close the browser and all open windows.
    • Back on the desktop, right click the install_flashplayer15x64_mssd_aaa_aih.exe file and click Run as Administrator to install Flash Player.
    Cryptolocker Warning
    Go here for information about CryptoLocker Ransomeware.
    The main thing with this infection is ~ Backup.
    If you're using an external hard drive, keep it unplugged from the computer when you're not backing up files or using it. This will prevent the infection from getting to your backed up files if you ever do come across it.

    Recommended Programs
    Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing. By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.
    https://www.foolishit.com/vb6-projects/cryptoprevent/

is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system.
Web Of Trust is a browser add-on designed to alert the user before interacting with a potentially malicious website. It will highlight green if a site is known to be safe.

Adblock is a firefox browser add-on that blocks annoying banners, pop-ups and video ads.

General Advice

  • When browsing the internet, look closely at the links you click on. Some aren't always what they seem
  • Avoid Peer to Peer file sharing utilities, these are a minefield of malware infections.
  • Don't open email attachments unless you are expecting them. Even an email from your best friend can be infected, they might not have sent it.
  • Pay attention when installing a program to your computer, particularly to any check boxes that may appear during installation, it is common for unwanted software to be installed in this way.

  • 1

Advertisements


#26
scewter

scewter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts

Ruggie, here's the Delfix log:

 

# DelFix v10.8 - Logfile created 13/01/2015 at 17:38:03
# Updated 29/07/2014 by Xplode
# Username : Scott - SCOTT-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : Y:\Scotty\Desktop\Addition.txt
Deleted : Y:\Scotty\Desktop\AdwCleaner.exe
Deleted : Y:\Scotty\Desktop\AdwCleaner[R0].txt
Deleted : Y:\Scotty\Desktop\AdwCleaner[S0].txt
Deleted : Y:\Scotty\Desktop\Fixlog.txt
Deleted : Y:\Scotty\Desktop\FRST.txt
Deleted : Y:\Scotty\Desktop\FRST64.exe
Deleted : Y:\Scotty\Desktop\JRT Log.txt
Deleted : Y:\Scotty\Desktop\JRT.exe
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########


  • 0

#27
scewter

scewter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts

... and here:

 

 

# DelFix v10.8 - Logfile created 13/01/2015 at 17:48:23
# Updated 29/07/2014 by Xplode
# Username : Penny - PENNY-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : T:\Penns\Desktop\Addition.txt
Deleted : T:\Penns\Desktop\AdwCleaner.exe
Deleted : T:\Penns\Desktop\AdwCleaner[R1].txt
Deleted : T:\Penns\Desktop\AdwCleaner[S1].txt
Deleted : T:\Penns\Desktop\Extras.Txt
Deleted : T:\Penns\Desktop\Fixlog.txt
Deleted : T:\Penns\Desktop\FRST.txt
Deleted : T:\Penns\Desktop\FRST64.exe
Deleted : T:\Penns\Desktop\JRT Log.txt
Deleted : T:\Penns\Desktop\JRT.exe
Deleted : T:\Penns\Desktop\OTL.Txt
Deleted : T:\Penns\Desktop\OTL.Txt_21jun2014.txt
Deleted : T:\Penns\Desktop\OTL.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #83 [Windows Update | 12/07/2014 23:14:10]
Deleted : RP #84 [Windows Update | 12/10/2014 21:36:02]
Deleted : RP #85 [Windows Update | 12/12/2014 21:37:57]
Deleted : RP #86 [Windows Update | 12/16/2014 16:15:06]
Deleted : RP #87 [Windows Update | 12/18/2014 21:21:51]
Deleted : RP #88 [Windows Update | 01/01/2015 15:14:18]
Deleted : RP #89 [Windows Update | 01/05/2015 14:48:11]
Deleted : RP #90 [Windows Update | 01/12/2015 13:44:16]
Deleted : RP #91 [Removed Adobe Acrobat XI Pro. | 01/12/2015 22:14:45]
Deleted : RP #93 [Restore Point Created by FRST | 01/12/2015 22:18:01]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########


  • 0

#28
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Thanks.

 

Well that's it all done :D

 

Safe surfing


  • 1

#29
scewter

scewter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts

OK.

 

Many thnx for all your time and help.


  • 0

#30
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 1






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP