Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Erase C in Hiberfil.sys

Worst infected machine ever

  • This topic is locked This topic is locked

#31
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
Ok,

Take a rest, good time to take the dog out or cat. I need time to look things over.

Joe
  • 1

Advertisements


#32
d.brack

d.brack

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

The dog is his, but I do need to feed my cat, LOL  TTYS   Thank you. :geek:


  • 0

#33
d.brack

d.brack

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Joe, are you coming back?


  • 0

#34
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
Yes,

Very busy weekend be with you momentarily.

How is the computer ?
  • 0

#35
d.brack

d.brack

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

It's slow.


  • 0

#36
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
OK,

That computer may never be fast, but we will continue to work on things

First it's important we remove combofix!
Go to start > run and copy and paste the next command in the runbox.
ComboFix /uninstall

Next
Programs to remove:
  • Citrix online plug-in--> unless you installed it other wise I would uninstall it.
  • Java™ 6 Update 20--Old version of Java are infection risk.
  • Toshiba Laptop Checkup->If you do not use this program you might consider remvoing it as it often consumes system resources, even if not actively being run, adversely affecting system responsiveness. I'd get rid of it. We call it Toshiba bloatware.
  • Next
    Open hijackthis, this time do a system scan only wait for scan to finish, place a check mark in the following entries:
    O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
    • Click fixed check
    • close hijackthis.
    • Reboot.
    Let me know when that is completed.

  • 1

#37
d.brack

d.brack

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Ok. All done...


  • 0

#38
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
Very good.

Did you run an ESET Scan before you got here?

The log file would be located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt).

Do you have that by chance, it's just a double check of things..
  • 1

#39
d.brack

d.brack

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

As a matter of fact I do:

 

C:\Users\All Users\Browser\prompt.exe a variant of MSIL/Adware.PullUpdate.L.gen application 
C:\Users\All Users\{05ef0d6c-1f36-5967-05ef-f0d6c1f335b0}\1AB24RN6.exe Win32/Adware.SpeedingUpMyPC.Y application 
C:\Users\All Users\{4007dc82-6f9d-7ab4-4007-7dc826f97209}\1AB24RN6.exe Win32/Adware.SpeedingUpMyPC.Y application 
C:\Windows\SysWOW64\LavasoftTcpService.dll a variant of Win32/Komodia.A potentially unsafe application 
C:\Program Files (x86)\Optimizer Pro 3.56\OptProSmartScan.exe a variant of Win32/Adware.SpeedingUpMyPC.Z application cleaned by deleting - quarantined
C:\ProgramData\Browser\prompt.exe a variant of MSIL/Adware.PullUpdate.L.gen application cleaned by deleting - quarantined
C:\ProgramData\{05ef0d6c-1f36-5967-05ef-f0d6c1f335b0}\1AB24RN6.exe Win32/Adware.SpeedingUpMyPC.Y application cleaned by deleting - quarantined
C:\ProgramData\{4007dc82-6f9d-7ab4-4007-7dc826f97209}\1AB24RN6.exe Win32/Adware.SpeedingUpMyPC.Y application cleaned by deleting - quarantined
C:\Users\RoseCake\AppData\Local\C0918958-1426336956-E011-B5A7-00266CC682D8\onsv8E6F.tmp a variant of Win32/Adware.ConvertAd.CQ application cleaned by deleting - quarantined
C:\Users\RoseCake\AppData\Local\C0918958-1426336956-E011-B5A7-00266CC682D8\snsg8E5E.tmp a variant of Win32/Adware.AdService.BF application cleaned by deleting - quarantined
C:\Users\RoseCake\AppData\Local\SmartWeb\SmartWebApp.exe a variant of Win32/PriceGong.C potentially unwanted application deleted - quarantined
C:\Users\RoseCake\AppData\Local\SmartWeb\SmartWebHelper.exe a variant of Win32/PriceGong.C potentially unwanted application deleted - quarantined
C:\Users\RoseCake\AppData\Local\SmartWeb\swhk.dll a variant of Win32/PriceGong.C potentially unwanted application deleted - quarantined
C:\Users\RoseCake\AppData\Roaming\systweak\ssd\SSDPTstub.exe Win32/Systweak.G potentially unwanted application deleted - quarantined
C:\Users\RoseCake\Downloads\ccsetup416 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\RoseCake\Downloads\ccsetup416 (2).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\RoseCake\Downloads\ccsetup416.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Windows\System32\LavasoftTcpService.dll a variant of Win32/Komodia.A potentially unsafe application deleted - quarantined
 


  • 0

#40
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
OK,

C:\Users\All Users\Browser\prompt.exe a variant of MSIL/Adware.PullUpdate.L.gen application
C:\Users\All Users\{05ef0d6c-1f36-5967-05ef-f0d6c1f335b0}\1AB24RN6.exe Win32/Adware.SpeedingUpMyPC.Y application
C:\Users\All Users\{4007dc82-6f9d-7ab4-4007-7dc826f97209}\1AB24RN6.exe Win32/Adware.SpeedingUpMyPC.Y application
C:\Windows\SysWOW64\LavasoftTcpService.dll a variant of Win32/Komodia.A potentially unsafe application

Those above don't seem to be quarantined like the rest are, it's possible we got them before the scan not sure, so lets go through the deletion exercise with those 4 above..

There are some minor things in your online scan that should be removed.

delete files
  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    rd /s /q "C:\Users\All Users\Browser\prompt.exe"
    rd /s /q "C:\Users\All Users\{05ef0d6c-1f36-5967-05ef-f0d6c1f335b0}\1AB24RN6.exe "
    rd /s /q "C:\Users\All Users\{4007dc82-6f9d-7ab4-4007-7dc826f97209}\1AB24RN6.exe"
    rd /s /q "C:\Windows\SysWOW64\LavasoftTcpService.dll "
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: vista_bat_icon.png
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.
Let me know when completed and then we should be Malware free
  • 1

Advertisements


#41
d.brack

d.brack

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

OK. Everything worked just like you said it would. Thanks so much.


  • 0

#42
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
If there are no more pop ups or redirects your machine is clean :)

We need to remove all the tools I had you download,& reset system restore cause bad things can stay there, this will also create a new restore point.

Then I'll talk a bit about adding ram (Memory) to your computer.

Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report.
    Paste it for my review.

  • 0

#43
d.brack

d.brack

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Boy, I'm so glad we are almost done.  I managed to get sick over the weekend. Needless to say, my weekend wasn't busy, unless you count the coughing, LOL.

 

# DelFix v10.9 - Logfile created 23/03/2015 at 21:07:32
# Updated 27/02/2015 by Xplode
# Username : RoseCake - ROSECAKE-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\ComboFix.txt
Deleted : C:\TDSSKiller.3.0.0.44_19.03.2015_19.41.35_log.txt
Deleted : C:\TDSSKiller.3.0.0.44_19.03.2015_19.45.09_log.txt
Deleted : C:\TDSSKiller.3.0.0.44_20.03.2015_10.14.51_log.txt
Deleted : C:\TDSSKiller.3.0.0.44_20.03.2015_10.18.39_log.txt
Deleted : C:\Users\RoseCake\Desktop\Addition.txt
Deleted : C:\Users\RoseCake\Desktop\AdwCleaner[R0].txt
Deleted : C:\Users\RoseCake\Desktop\adwcleaner_4.112.exe
Deleted : C:\Users\RoseCake\Desktop\Fixlog.txt
Deleted : C:\Users\RoseCake\Desktop\FRST.txt
Deleted : C:\Users\RoseCake\Desktop\FRST64.exe
Deleted : C:\Users\RoseCake\Desktop\JRT.exe
Deleted : C:\Users\RoseCake\Desktop\JRT.txt
Deleted : C:\Users\RoseCake\Desktop\HijackThis.exe
Deleted : C:\Users\RoseCake\Desktop\hijackthis.log
Deleted : C:\Users\RoseCake\Desktop\SecurityCheck.exe
Deleted : C:\Users\RoseCake\Desktop\tdsskiller.exe
Deleted : C:\Users\RoseCake\Desktop\tdsskiller.txt
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

~ Cleaning system restore ...

Deleted : RP #494 [ComboFix created restore point | 03/23/2015 23:57:08]
Deleted : RP #495 [Removed Java™ 6 Update 20 | 03/23/2015 23:57:09]
Deleted : RP #496 [Removed Java™ 6 Update 20 | 03/23/2015 23:59:37]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########


  • 0

#44
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
Don't give it to the cat :)

My cat sleeps on top of the TV right next to me as I work here at the desk her name is Gypsy doodle......

Next

Windows 7 64 Bit runs best on 8Gigs of ram, you don't have half that amount installed.

(RAM) is one of the quickest, most efficient and most cost-effective ways to boost performance.

Scan for ram Here

Maybe you could get someone to add ram for you, that scan above should tell what kind you need.

We are done,

It was nice working with you :)
  • 0

#45
d.brack

d.brack

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Thank you so much, Joe. It's a pleasure on my side as well. Maybe we will work again someday. Thanks again!!!


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP