Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Malware or Virus?

Started by flowerchild552008 , Apr 17 2015 08:46 PM

This topic is locked

#1
flowerchild552008

Posted 17 April 2015 - 08:46 PM

Member

Member
123 posts

The past couple of days I noticed two error messages stating that I was low on memory. Although I haven't had this system very long I just chalked it up to it being time to add memory. Then yesterday I attempted to click on a website and a page opened with a smaller box in the middle stating that my computer had been infected and I needed to call the number given so that they could scan and remove the problem. Neither box would close by clicking on the “X” in the upper right hand corners so I used the Ctl, Alt, Del and logged out. Immediately I scanned with Windows Defender and found nothing. Since everything seemed ok I thought that maybe I had a close encounter and nothing had happened. Well, the same thing has happened today so there must be something that is in my system. I have a Dell Inspiron 3647wth 4 GB RAM, 64 bit OS and using Windows 8.1.

I have attempted several times to copy and paste the Farbar scan results but keep getting an error that it has exceeded 30 seconds. Please advise.

Thank you in advance for all the wonderful work all you volunteers do to help us. .

#2
zep516

Posted 17 April 2015 - 09:07 PM

Trusted Helper

Malware Removal
8,093 posts

Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

Try attaching the log files FRST.txt and Additions.txt, windows 8 has a problem with this area at times.

How to attach a file:

Below the Reply to this topic box, click on More Reply Options button.
Scroll down and click on Browse button.
Click on Desktop (or wherever the file is located that you want to attach).
Scroll to find the image saved to Desktop (or wherever it may be located) and click on the image/file.
Click the Open button.
Click the Attach This File button.
Click Add Reply button once you have completed your post and are ready to submit.

#3
flowerchild552008

Posted 17 April 2015 - 09:14 PM

Member

Topic Starter
Member
123 posts

Thanks so much for your quick reply. I hope this will forward the files.

FRST.txt 453.74KB 130 downloads

Addition.txt 20.76KB 172 downloads

#4
zep516

Posted 17 April 2015 - 09:36 PM

Trusted Helper

Malware Removal
8,093 posts

Thanks,

I have the logs now.

I need a bit of time to look over the log reports, while I do that could you remove this program--> "PackageTracer Internet Explorer Toolbar" from your installed programs list.

To do that:
1. Go to the Start menu > Control Panel. (Windows 8 users: Learn how to access the Control Panel)
2.Click Programs and Features. From the list please remove;
"PackageTracer Internet Explorer Toolbar"

I'll get back to you...

Joe

#5
flowerchild552008

Posted 17 April 2015 - 09:46 PM

Member

Topic Starter
Member
123 posts

Thanks, Joe. Package Tracer gone.

#6
zep516

Posted 17 April 2015 - 10:13 PM

Trusted Helper

Malware Removal
8,093 posts

A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
CreateRestorePoint:
C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbarsvc.exe
C:\Program Files (x86)\PackageTracer_69\bar\1.bin\69barsvc.exe
C:\Program Files (x86)\InboxAce_1g\bar\1.bin\APPINTEGRATOR.EXE
C:\Program Files (x86)\InboxAce_1g\bar\1.bin\AppIntegrator64.exe
C:\Program Files (x86)\PackageTracer_69\bar\1.bin\APPINTEGRATOR.EXE
C:\Program Files (x86)\PackageTracer_69\bar\1.bin\AppIntegrator64.exe
HKLM-x32\...\Run: [InboxAce EPM Support] => C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gmedint.exe [12872 2014-10-09] (Mindspark)
HKLM-x32\...\Run: [InboxAce AppIntegrator 32-bit] => C:\Program Files (x86)\InboxAce_1g\bar\1.bin\AppIntegrator.exe [225864 2014-10-09] (Mindspark)
HKLM-x32\...\Run: [InboxAce AppIntegrator 64-bit] => C:\Program Files (x86)\InboxAce_1g\bar\1.bin\AppIntegrator64.exe [258632 2014-10-09] (Mindspark)
HKLM-x32\...\Run: [PackageTracer EPM Support] => C:\Program Files (x86)\PackageTracer_69\bar\1.bin\69medint.exe [12872 2015-03-31] (Mindspark)
HKLM-x32\...\Run: [PackageTracer AppIntegrator 32-bit] => C:\Program Files (x86)\PackageTracer_69\bar\1.bin\AppIntegrator.exe [230472 2015-03-31] (Mindspark)
HKLM-x32\...\Run: [PackageTracer AppIntegrator 64-bit] => C:\Program Files (x86)\PackageTracer_69\bar\1.bin\AppIntegrator64.exe [265800 2015-03-31] (Mindspark)
URLSearchHook: HKU\S-1-5-21-1298665756-2822785880-394653188-1001 - (No Name) - {5fdb0cd8-5760-44d1-8d13-a78bf558c3c7} - No File
URLSearchHook: HKU\S-1-5-21-1298665756-2822785880-394653188-1001 - (No Name) - {97ef77e6-97be-4204-a890-2485903c5624} - C:\Program Files (x86)\PackageTracer_69\bar\1.bin\69SrcAs.dll (Mindspark)
SearchScopes: HKLM-x32 -> {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^Z7^xdm825^S10645^us&si=slot97309&ptb=68D4D890-4952-4709-96D6-3255EC4DA6FE&psa=&ind=2014092011&st=sb&n=780c9aeb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-1298665756-2822785880-394653188-1001 -> {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^Z7^xdm825^S10645^us&si=slot97309&ptb=68D4D890-4952-4709-96D6-3255EC4DA6FE&psa=&ind=2014092011&st=sb&n=780c9aeb&searchfor={searchTerms}
BHO-x32: Toolbar BHO -> {87011c4e-fcde-4476-9348-ecf16134fc1f} -> C:\Program Files (x86)\PackageTracer_69\bar\1.bin\69bar.dll [2015-03-31] (Mindspark)
BHO-x32: Search Assistant BHO -> {87eab57c-d0b7-4ca9-8e26-191bfc989e26} -> C:\Program Files (x86)\PackageTracer_69\bar\1.bin\69SrcAs.dll [2015-03-31] (Mindspark)
Toolbar: HKLM-x32 - PackageTracer - {ff343558-d5a5-454a-bdd8-c5c81e179fed} - C:\Program Files (x86)\PackageTracer_69\bar\1.bin\69bar.dll [2015-03-31] (Mindspark)
Toolbar: HKU\S-1-5-21-1298665756-2822785880-394653188-1001 -> PackageTracer - {FF343558-D5A5-454A-BDD8-C5C81E179FED} - C:\Program Files (x86)\PackageTracer_69\bar\1.bin\69bar.dll [2015-03-31] (Mindspark)
C:\Users\Debra\AppData\Local\Temp\ICReinstall_OpenofficeSetup.exe
C:\Users\Debra\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Debra\AppData\Local\Temp\uninstall.exe
AlternateDataStreams: C:\ProgramData\Temp:B623B5B8
AlternateDataStreams: C:\Users\Debra\OneDrive:ms-properties
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
hosts:
Emptytemp:

Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

#7
flowerchild552008

Posted 17 April 2015 - 10:24 PM

Member

Topic Starter
Member
123 posts

Joe,

How do I run FRST/FRST64? I am still new to Windows 8.1.

Thanks

#8
zep516

Posted 17 April 2015 - 10:33 PM

Trusted Helper

Malware Removal
8,093 posts

How do I run FRST/FRST64?

Easy !

On your desktop right click on FRST/FRST64 icon "Run as administrator"

Then when FRST opens;

Press Fix button, FRST will run after it's done a log file will be found on the desktop called (Fixlog.txt).

Paste it in or attach it to your next reply.

Thanks
Joe

#9
flowerchild552008

Posted 17 April 2015 - 10:37 PM

Member

Topic Starter
Member
123 posts

Joe,

You said ask questions! I do this on the initial program that I downloaded and ran to produce the reports, right?

Thanks,

Deb

#10
zep516

Posted 17 April 2015 - 10:43 PM

Trusted Helper

Malware Removal
8,093 posts

That's correct and to clarify. The initial program we downloaded is called FRST/FRST64 or Farber Recovery Scan tool.

You're welcome !

Joe

#11
flowerchild552008

Posted 17 April 2015 - 10:48 PM

Member

Topic Starter
Member
123 posts

_{Ok...here it is}

_{Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-04-2015 04

Ran by Debra at 2015-04-18 00:38:46 Run:1

Running from C:\Users\Debra\Desktop

Loaded Profiles: Debra (Available profiles: Debra)

Boot Mode: Normal

==============================================}

_{Content of fixlist:

*****************

start

CloseProcesses:

CreateRestorePoint:

C:\Program Files

(x86)\InboxAce_1g\bar\1.bin\1gbarsvc.exe

C:\Program Files (x86)\PackageTracer_69\bar\1.bin\69barsvc.exe

C:\Program Files (x86)\InboxAce_1g\bar\1.bin\APPINTEGRATOR.EXE

C:\Program Files (x86)\InboxAce_1g\bar\1.bin\AppIntegrator64.exe

C:\Program Files (x86)\PackageTracer_69\bar\1.bin\APPINTEGRATOR.EXE

C:\Program Files (x86)\PackageTracer_69\bar\1.bin\AppIntegrator64.exe

HKLM-x32\...\Run: [InboxAce EPM Support] => C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gmedint.exe [12872 2014-10-09] (Mindspark)

HKLM-x32\...\Run: [InboxAce AppIntegrator 32-bit] => C:\Program Files (x86)\InboxAce_1g\bar\1.bin\AppIntegrator.exe [225864 2014-10-09] (Mindspark)

HKLM-x32\...\Run: [InboxAce AppIntegrator 64-bit] => C:\Program Files (x86)\InboxAce_1g\bar\1.bin\AppIntegrator64.exe [258632 2014-10-09] (Mindspark)

HKLM-x32\...\Run: [PackageTracer EPM Support] => C:\Program Files (x86)\PackageTracer_69\bar\1.bin\69medint.exe [12872 2015-03-31] (Mindspark)

HKLM-x32\...\Run: [PackageTracer

AppIntegrator 32-bit] => C:\Program Files (x86)\PackageTracer_69\bar\1.bin\AppIntegrator.exe [230472 2015-03-31] (Mindspark)

HKLM-x32\...\Run: [PackageTracer AppIntegrator 64-bit] => C:\Program Files (x86)\PackageTracer_69\bar\1.bin\AppIntegrator64.exe [265800 2015-03-31] (Mindspark)

URLSearchHook: HKU\S-1-5-21-1298665756-2822785880-394653188-1001 - (No Name) - {5fdb0cd8-5760-44d1-8d13-a78bf558c3c7} - No File

URLSearchHook: HKU\S-1-5-21-1298665756-2822785880-394653188-1001 - (No Name) - {97ef77e6-97be-4204-a890-2485903c5624} - C:\Program Files (x86)\PackageTracer_69\bar\1.bin\69SrcAs.dll (Mindspark)

SearchScopes: HKLM-x32 -> {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} URL = http://search.tb.ask...or={searchTerms}

SearchScopes: HKU\S-1-5-21-1298665756-2822785880-394653188-1001 ->

{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} URL = http://search.tb.ask...or={searchTerms}

BHO-x32: Toolbar BHO -> {87011c4e-fcde-4476-9348-ecf16134fc1f} -> C:\Program Files (x86)\PackageTracer_69\bar\1.bin\69bar.dll [2015-03-31] (Mindspark)

BHO-x32: Search Assistant BHO -> {87eab57c-d0b7-4ca9-8e26-191bfc989e26} -> C:\Program Files (x86)\PackageTracer_69\bar\1.bin\69SrcAs.dll [2015-03-31] (Mindspark)

Toolbar: HKLM-x32 - PackageTracer - {ff343558-d5a5-454a-bdd8-c5c81e179fed} - C:\Program Files (x86)\PackageTracer_69\bar\1.bin\69bar.dll [2015-03-31] (Mindspark)

Toolbar: HKU\S-1-5-21-1298665756-2822785880-394653188-1001 -> PackageTracer - {FF343558-D5A5-454A-BDD8-C5C81E179FED} - C:\Program Files (x86)\PackageTracer_69\bar\1.bin\69bar.dll [2015-03-31]

(Mindspark)

C:\Users\Debra\AppData\Local\Temp\ICReinstall_OpenofficeSetup.exe

C:\Users\Debra\AppData\Local\Temp\MSETUP4.EXE

C:\Users\Debra\AppData\Local\Temp\uninstall.exe

AlternateDataStreams: C:\ProgramData\Temp:B623B5B8

AlternateDataStreams: C:\Users\Debra\OneDrive:ms-properties

CMD: bitsadmin /reset /allusers

CMD: netsh winsock reset catalog

CMD: ipconfig /flushdns

hosts:

Emptytemp:}

_{*****************}

_{Processes closed successfully.

Error: (0) Failed to create a restore point.

"C:\Program Files" => Warning: FRST is scripted not to move this directory.

(x86)\InboxAce_1g\bar\1.bin\1gbarsvc.exe => Error: No automatic fix found for this entry.

"C:\Program Files (x86)\PackageTracer_69\bar\1.bin\69barsvc.exe" => File/Directory not found.

C:\Program Files (x86)\InboxAce_1g\bar\1.bin\APPINTEGRATOR.EXE => Moved successfully.

C:\Program Files (x86)\InboxAce_1g\bar\1.bin\AppIntegrator64.exe => Moved successfully.

"C:\Program Files (x86)\PackageTracer_69\bar\1.bin\APPINTEGRATOR.EXE" => File/Directory not found.

"C:\Program Files (x86)\PackageTracer_69\bar\1.bin\AppIntegrator64.exe" => File/Directory not found.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\InboxAce EPM Support => value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\InboxAce AppIntegrator 32-bit => value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\InboxAce AppIntegrator 64-bit => value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\PackageTracer EPM Support => Value not found.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\HKLM-x32\...\Run: [PackageTracer => Value not found.

AppIntegrator 32-bit] => C:\Program Files (x86)\PackageTracer_69\bar\1.bin\AppIntegrator.exe [230472 2015-03-31] (Mindspark) => Error: No automatic fix found for this entry.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\PackageTracer AppIntegrator 64-bit => Value not found.

HKU\S-1-5-21-1298665756-2822785880-394653188-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{5fdb0cd8-5760-44d1-8d13-a78bf558c3c7} => value deleted successfully.

HKU\S-1-5-21-1298665756-2822785880-394653188-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{97ef77e6-97be-4204-a890-2485903c5624} => Value not found.

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}" => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} => Key not found.

HKU\SearchScopes: HKU\S-1-5-21-1298665756-2822785880-394653188-1001 ->\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SearchScopes: HKU\S-1-5-21-1298665756-2822785880-394653188-1001 -> => Value not found.

{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} URL = http://search.tb.ask...or={searchTerms} => Error: No automatic fix found for this entry.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87011c4e-fcde-4476-9348-ecf16134fc1f} => Key not found.

HKCR\Wow6432Node\CLSID\{87011c4e-fcde-4476-9348-ecf16134fc1f} => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87eab57c-d0b7-4ca9-8e26-191bfc989e26} => Key not found.

HKCR\Wow6432Node\CLSID\{87eab57c-d0b7-4ca9-8e26-191bfc989e26} => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ff343558-d5a5-454a-bdd8-c5c81e179fed} => Value not found.

HKCR\Wow6432Node\CLSID\{ff343558-d5a5-454a-bdd8-c5c81e179fed} => Key not found.

HKU\S-1-5-21-1298665756-2822785880-394653188-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FF343558-D5A5-454A-BDD8-C5C81E179FED} => Value not found.

HKCR\CLSID\{FF343558-D5A5-454A-BDD8-C5C81E179FED} => Key not found.

(Mindspark) => Error: No automatic fix found for this entry.

C:\Users\Debra\AppData\Local\Temp\ICReinstall_OpenofficeSetup.exe => Moved successfully.

C:\Users\Debra\AppData\Local\Temp\MSETUP4.EXE => Moved successfully.

C:\Users\Debra\AppData\Local\Temp\uninstall.exe => Moved successfully.

C:\ProgramData\Temp => ":B623B5B8" ADS removed successfully.

C:\Users\Debra\OneDrive => ":ms-properties" ADS removed successfully.}

_{========= bitsadmin /reset /allusers =========}

_{BITSADMIN version 3.0 [ 7.7.9600 ]

BITS administration utility.

© Copyright 2000-2006 Microsoft Corp.}

_{BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.}

_{0 out of 0 jobs canceled.}

_{========= End of CMD: =========}

_{========= netsh winsock reset catalog =========}

_{Sucessfully reset the Winsock Catalog.

You must restart the computer in order to complete the reset.}

_{========= End of CMD: =========}

_{========= ipconfig /flushdns =========}

_{Windows IP Configuration}

_{Successfully flushed the DNS Resolver Cache.}

_{========= End of CMD: =========}

_{"C:\Windows\System32\Drivers\etc\hosts" => Could not move.

Could not reset Hosts.

EmptyTemp: => Removed 1.4 GB temporary data.}

_{The system needed a reboot.}

_{==== End of Fixlog 00:41:13 ====}

#12
zep516

Posted 17 April 2015 - 10:52 PM

Trusted Helper

Malware Removal
8,093 posts

Very good you're a star....

Next

Please download Malwarebytes Anti-Malware to your desktop.
Double-click mbam-setup-version.exe and follow the prompts to install the program.
At the end, be sure a check-mark is placed next to the following:
Enable free trial of Malwarebytes Anti-Malware Premium
Launch Malwarebytes Anti-Malware
Then click Finish.
If an update is found, you will be prompted to download and install the latest version.
Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
Reboot your computer if prompted.

Posting the Malwarebytes log.
After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.
Thanks
Joe

#13
flowerchild552008

Posted 17 April 2015 - 11:11 PM

Member

Topic Starter
Member
123 posts

Joe,

It doesn't seem to be downloading. Is it something with 8.1?

Deb

#14
zep516

Posted 17 April 2015 - 11:14 PM

Trusted Helper

Malware Removal
8,093 posts

No it should download on Win8.1. See if you can download these scanners, skip Malwarebytes for now.

Next

Please download AdwCleaner by Xplode onto your Desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click the Scan button and wait for the process to complete.
Click the logfile button and the log will open in Notepad.
NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
Click on the Clean button follow the prompts.
A log file will automatically open after the scan has finished and the PC has rebooted.
Please post the content of that log file with your next answer.
You can find the log file at C:\AdwCleaner
Next

Please download Junkware Removal Tool to your Desktop.

Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.

In your next reply post;
- The AdwCleaner [SO].txt Log
- The JRT.txt Log
Thanks
Joe