Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Stage Remote / Trovi virus

slow Internet start Internet box closes

  • Please log in to reply

#16
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
ShortcutTarget: B868.lnk -> C:\ProgramData\{ba6e9f37-fb0d-a673-ba6e-e9f37fb07cdf}\B868.exe (No File)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: NoNoizzeBrowse -> {513b54fa-e135-41bf-aa30-d97a36984f36} -> C:\Program Files (x86)\NoNoizzeBrowse\VDrQ9aJurCzYSW.x64.dll No File
C:\Users\Andrew\AppData\Local\Temp\Quarantine.exe
C:\Users\Andrew\AppData\Local\Temp\sqlite3.dll
Task: {7D4AF4F6-31C3-40B2-A803-BC8511160EEC} - \PCDoctorBackgroundMonitorTask No Task File <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
hosts:
Emptytemp:
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

Post the fixlog.txt found on the desktop.

How is the computer ? I still see an issue with Chrome. Is Chrome acting up?
  • 0

Advertisements


#17
Krueg9651

Krueg9651

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts

Well, I did uninstall Google Chrome, but do not have it on the computer because I have not reinstalled it.  Should I do so?  I have a Google Drive on the desktop.  Is that a problem?

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-04-2015
Ran by Andrew at 2015-05-03 11:28:42 Run:2
Running from C:\Users\Andrew\Desktop
Loaded Profiles: Andrew &  (Available profiles: Andrew)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
ShortcutTarget: B868.lnk -> C:\ProgramData\{ba6e9f37-fb0d-a673-ba6e-e9f37fb07cdf}\B868.exe (No File)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: NoNoizzeBrowse -> {513b54fa-e135-41bf-aa30-d97a36984f36} -> C:\Program Files (x86)\NoNoizzeBrowse\VDrQ9aJurCzYSW.x64.dll No File
C:\Users\Andrew\AppData\Local\Temp\Quarantine.exe
C:\Users\Andrew\AppData\Local\Temp\sqlite3.dll
Task: {7D4AF4F6-31C3-40B2-A803-BC8511160EEC} - \PCDoctorBackgroundMonitorTask No Task File <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
hosts:
Emptytemp:
*****************

Processes closed successfully.
C:\ProgramData\{ba6e9f37-fb0d-a673-ba6e-e9f37fb07cdf}\B868.exe not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{513b54fa-e135-41bf-aa30-d97a36984f36}" => Key deleted successfully.
"HKCR\CLSID\{513b54fa-e135-41bf-aa30-d97a36984f36}" => Key deleted successfully.
C:\Users\Andrew\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Andrew\AppData\Local\Temp\sqlite3.dll => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7D4AF4F6-31C3-40B2-A803-BC8511160EEC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D4AF4F6-31C3-40B2-A803-BC8511160EEC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDoctorBackgroundMonitorTask" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\MCODS" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\MCODS" => Key deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 174.4 MB temporary data.

The system needed a reboot.

==== End of Fixlog 11:29:03 ====


  • 0

#18
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts

Well, I did uninstall Google Chrome, but do not have it on the computer because I have not reinstalled it. Should I do so? I have a Google Drive on the desktop. Is that a problem?


If you want Google Chrome you can reinstall it now. Google drive is ok to have.

How is the computer now ?

Joe
  • 0

#19
Krueg9651

Krueg9651

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts

I waited a couple of days to respond and not speak too soon, but so far, so good!

 

I cannot thank you enough Joe, and other volunteers on this site for what you do.  Thanks again!  You guys are truly doing good service in this world.


  • 0

#20
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
You're welcome.

Download Security Check by screen317 from Here or Here
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • 0

#21
Krueg9651

Krueg9651

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts

 Results of screen317's Security Check version 1.001 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
McAfee Anti-Virus and Anti-Spyware  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player 17.0.0.169 
 Adobe Reader 10.1.14 Adobe Reader out of Date! 
 Mozilla Firefox 32.0.2 Firefox out of Date! 
 Google Chrome (42.0.2311.135)
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 


  • 0

#22
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
Hello,

1st
Out of date Adobe Reader installed!

Your Adobe reader needs updating. You should ensure you use the latest Adobe Acrobat Reader and install any security updates that are released. You can download the latest reader and updates from here.
Note Important: Please uncheck any optional offers before downloading.

Next
Up-Date Firefox;
Here's how
https://support.mozi...-latest-version

Next

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt).
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)
Please post the ESET scan resluts in your next reply to me.

Thanks
Joe :)
  • 0

#23
Krueg9651

Krueg9651

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Andrew\AppData\Local\Conduit\APISupport\APISupport.dll.vir a variant of Win32/Conduit.SearchProtect.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Andrew\AppData\Local\Conduit\APISupport\APISupport.old.vir a variant of Win32/Conduit.SearchProtect.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Andrew\AppData\Local\Conduit\APISupport\APISupport_2.0.4.3\ApiSupport.dll.vir a variant of Win32/Conduit.SearchProtect.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Andrew\AppData\Local\Conduit\APISupport\APISupport_2.0.5.9\ApiSupport.dll.vir a variant of Win32/Conduit.SearchProtect.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Andrew\AppData\Local\Conduit\APISupport\MiniSP_1.0.2.76\MiniSP.dll.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Andrew\AppData\Local\Conduit\APISupport\MiniSP_1.0.2.93\MiniSP.dll.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ccoomPareItApplic\sndmlGnZSe2y0x.dll a variant of Win32/Adware.MultiPlug.FL application
C:\FRST\Quarantine\C\Program Files (x86)\ccoomPareItApplic\sndmlGnZSe2y0x.x64.dll a variant of Win64/Adware.MultiPlug.G application
C:\FRST\Quarantine\C\Program Files (x86)\NoNoizzeBrowse\VDrQ9aJurCzYSW.dll a variant of Win32/Adware.MultiPlug.FL application
C:\FRST\Quarantine\C\Program Files (x86)\NoNoizzeBrowse\VDrQ9aJurCzYSW.x64.dll Win64/Adware.MultiPlug.G application
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Users\Andrew\Desktop\tsMuxeR_1106zip.exe a variant of Win32/OpenInstall potentially unwanted application
C:\Users\Andrew\Downloads\ADLSoft_UnCompressor_v2_3.exe a variant of Win32/InstallCore.AG potentially unwanted application
 


  • 0

#24
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
Hello,

Looks good if there are no further issues lets clean up our tools by doing the following exercise below:

Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report.
    Paste it for my review.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP