Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Huge Bandwidth Usage [Closed]


  • This topic is locked This topic is locked

#16
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Looking good, how is the machine running? Let's run some scans for remnants and orphans. :thumbsup:



Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

mbam21-console_zpslhr5hawa.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list.

Click View, then click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 3: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

  • 0

Advertisements


#17
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#18
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
User returned.
  • 0

#19
Acousticcountry

Acousticcountry

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/30/2015
Scan Time: 12:54:37 AM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.01.4.1018
Malware Database: v2015.03.30.03
Rootkit Database: v2015.03.26.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Chris

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 437302
Time Elapsed: 24 min, 8 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 3
PUP.Optional.ConsumerInput.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}, Quarantined, [dfcc9dae890158de53bef33f4eb5827e],
PUP.Optional.uTorrentBar.A, HKLM\SOFTWARE\WOW6432NODE\uTorrentBar, Quarantined, [b9f20942e5a5dc5aa13fb0259073dd23],
PUP.Optional.uTorrentBar.A, HKU\S-1-5-21-346444361-470292555-3986792257-1000\SOFTWARE\APPDATALOW\SOFTWARE\uTorrentBar, Quarantined, [2388f9523d4d023449993f96ab5859a7],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 5
PUP.Optional.Information.A, C:\Program Files (x86)\Information, Quarantined, [3675e863701a1521cdd430cc9f648d73],
PUP.Optional.InstallX.A, C:\Users\Chris\AppData\Roaming\InstallX Search Protect for Yahoo, Quarantined, [9912f05b1a7050e652864b3416ed38c8],
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-9.3, Quarantined, [56556edd4c3e06300b92552b4bb8eb15],
PUP.Optional.HQVid.A, C:\Program Files (x86)\HQvidPv1.12, Quarantined, [d9d24308fc8e9b9bafc4691c27dcbb45],
PUP.Optional.ChromeEnhancer.A, C:\Program Files\ChromeEnhancer, Quarantined, [0c9f72d9e6a444f2e3258b2a867df20e],

Files: 20
PUP.Optional.AdPeak.A, C:\temp\t.msi, Quarantined, [e5c6e76439510a2cadcfb00f41c4c937],
PUP.Optional.Proxy.A, C:\Users\Chris\AppData\Local\proxy.log, Quarantined, [c3e8cc7f96f4e2545f09b8268b789f61],
PUP.Optional.Information.A, C:\Program Files (x86)\Information\background.html, Quarantined, [3675e863701a1521cdd430cc9f648d73],
PUP.Optional.Information.A, C:\Program Files (x86)\Information\50368.crx, Quarantined, [3675e863701a1521cdd430cc9f648d73],
PUP.Optional.Information.A, C:\Program Files (x86)\Information\50368.xpi, Quarantined, [3675e863701a1521cdd430cc9f648d73],
PUP.Optional.Information.A, C:\Program Files (x86)\Information\Installer.log, Quarantined, [3675e863701a1521cdd430cc9f648d73],
PUP.Optional.InstallX.A, C:\Users\Chris\AppData\Roaming\InstallX Search Protect for Yahoo\config.xml, Quarantined, [9912f05b1a7050e652864b3416ed38c8],
PUP.Optional.InstallX.A, C:\Users\Chris\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.zip, Quarantined, [9912f05b1a7050e652864b3416ed38c8],
PUP.Optional.InstallX.A, C:\Users\Chris\AppData\Roaming\InstallX Search Protect for Yahoo\SearchProtectorMonitor.log, Quarantined, [9912f05b1a7050e652864b3416ed38c8],
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-9.3\360-53098.crx, Quarantined, [56556edd4c3e06300b92552b4bb8eb15],
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-9.3\53098.crx, Quarantined, [56556edd4c3e06300b92552b4bb8eb15],
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-9.3\53098.xpi, Quarantined, [56556edd4c3e06300b92552b4bb8eb15],
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-9.3\background.html, Quarantined, [56556edd4c3e06300b92552b4bb8eb15],
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-9.3\bgNova.html, Quarantined, [56556edd4c3e06300b92552b4bb8eb15],
PUP.Optional.HQVid.A, C:\Program Files (x86)\HQvidPv1.12\53098.crx, Quarantined, [d9d24308fc8e9b9bafc4691c27dcbb45],
PUP.Optional.HQVid.A, C:\Program Files (x86)\HQvidPv1.12\53098.xpi, Quarantined, [d9d24308fc8e9b9bafc4691c27dcbb45],
PUP.Optional.HQVid.A, C:\Program Files (x86)\HQvidPv1.12\background.html, Quarantined, [d9d24308fc8e9b9bafc4691c27dcbb45],
PUP.Optional.ChromeEnhancer.A, C:\Program Files\ChromeEnhancer\bhelper.dll, Quarantined, [0c9f72d9e6a444f2e3258b2a867df20e],
PUP.Optional.ChromeEnhancer.A, C:\Program Files\ChromeEnhancer\bhelper64.dll, Quarantined, [0c9f72d9e6a444f2e3258b2a867df20e],
PUP.Optional.ChromeEnhancer.A, C:\Program Files\ChromeEnhancer\ChromeEnhancerMonitor64.exe, Quarantined, [0c9f72d9e6a444f2e3258b2a867df20e],

Physical Sectors: 0
(No malicious items detected)

(end)


  • 0

#20
Acousticcountry

Acousticcountry

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

I left the ESET scan going, and when I came back it appeared that my computer had restarted.  I checked and there was a log, however it is very short, so I am not sure if the scan completed.  Here is what I have.

 

[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
 


  • 0

#21
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

I left the ESET scan going, and when I came back it appeared that my computer had restarted. I checked and there was a log, however it is very short, so I am not sure if the scan completed. Here is what I have.


Ok, let's run it again and see if the same result occurs. The MBAM log quarantined everything it found, but I'd like to make sure with the ESET log. If it does the same thing again, we'll proceed. Also, please don't forget to run the SecurityCheck program and post the log. If you'd like, you can run it before running ESET and post the log. :thumbsup:
  • 0

#22
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP