[newbie2015]

 Okay I have a Asus  laptop computer its windows 7 version I have not added any new programs  but I am having problems

 

First thing I noticed was I was reading my email on firefox browser and all of the sudden  blue screen popped  up  really quick all I could read was something was not equal .

 

I have vipre anti virus   so I scanned the computer  nothing was found I ran my cc cleaner and cleaned the caches and defragmented the registry

 

Tried again to go to the internet this time with internet explorer  and  poof blue screen again

 

okay am hooked up with geek squad so I went to the site like I had before and ask for help  they needed me to down load the program  and yep no can do will not let me down load  it ,so I tried to down load anything  and nope  says I am not connected to the internet  which of course I am  or I could not be on those pages .

 

So then I tried to use my printer  which is also a no go  says its offline I switch to say don't use off line  system says ready  and everything looks like its going to print then I check the status and it says error   so I cancel  but eventually it just says not connected .

 

My husband un installed the printer  then re installed it hooked it up  says it cannot find printer  but it is showing in my devices and printers

 

only option is to some how fix this or send it in to the geek squad  but who knows how long they will have it

 

Also  in safe mode which I did manage to get into everything is turned off in there so I cannot even down load there because it comes up server not found  also firewall anti virus  etc  all with a big red x on them

 

mostly wonder if my computer is safe to use still and what is wrong with it  thank you

 

[Advertisements]

Hi newbie2015,

Welcome to Geeks to Go. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:

• Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
• All of the assistants and staff at Geeks to Go are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date. That being said, please notice the following Geeks to Go rule:
• Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
• Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
• If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
• While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
• Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
• Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.

- Save ALL Tools to your Desktop-

 

All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

Quoted from and used by permission of BrianDrab. Thank you.

Let's get started....

First, go to the top of this thread and click on Follow this topic .  This way you will get notifications of replies to this thread.

 

Then, if you have a working computer and a USB stick handy, do the following:

Please download Farbar Recovery Scan Tool 32bit and save it to your Desktop USB stick.

Please download Farbar Recovery Scan Tool 64bit and save it to your Desktop USB stick.

 

Plug the USB stick into your problem system and copy the FRST programs to the desktop.  Try and run each program; only one will run on your system; you can delete the other FRST program.  When the scan is done, please copy the log files (FRST.txt and Addition.txt) ontot he USB stick and retrun to the internet connected system and post the logs here in a reply post.

• Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• If an update is available, the program will inform you and download the update. Allow it do this please.
• Once the tool shows "The tool is ready to use." message, please press the Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

[dbreeze]

Hi newbie2015,

Welcome to Geeks to Go. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:

• Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
• All of the assistants and staff at Geeks to Go are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date. That being said, please notice the following Geeks to Go rule:
• Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
• Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
• If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
• While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
• Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
• Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.

- Save ALL Tools to your Desktop-

 

All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

Quoted from and used by permission of BrianDrab. Thank you.

Let's get started....

First, go to the top of this thread and click on Follow this topic .  This way you will get notifications of replies to this thread.

 

Then, if you have a working computer and a USB stick handy, do the following:

Please download Farbar Recovery Scan Tool 32bit and save it to your Desktop USB stick.

Please download Farbar Recovery Scan Tool 64bit and save it to your Desktop USB stick.

 

Plug the USB stick into your problem system and copy the FRST programs to the desktop.  Try and run each program; only one will run on your system; you can delete the other FRST program.  When the scan is done, please copy the log files (FRST.txt and Addition.txt) ontot he USB stick and retrun to the internet connected system and post the logs here in a reply post.

• Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• If an update is available, the program will inform you and download the update. Allow it do this please.
• Once the tool shows "The tool is ready to use." message, please press the Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

[dbreeze]

Do you still need some help with this system?

[newbie2015]

Sorry  I  have not yet had a chance to try these things out .I decided to get on another computer so I could print out the info and then try it on the messed up one ,did not have a chance  yet I am going to try it probably tomorrow  hopefully I can figure this out as I am not really that techy .I am not sure what is wrong with it and if I can get it to do all the things you say to do .Thank you I will try and get back by tomorrow evening or sooner if it does not work .

[newbie2015]

ok here are the files you said to reply with

Attached Files

•  FRST.txt   35.94KB   234 downloads
•  Addition.txt   39.86KB   236 downloads

[dbreeze]

Thanks for the logs; you did everything properly. 

 

FIRST >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Coupon Printer for Windows
Digital Coupon Printer

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.  

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.


SECOND >>>>

Open notepad by pressing the Windows Key + R key, typing notepad in the Run box and pressing Enter.  Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt
 

Start
CreateRestorePoint:
CloseProcesses:
C:\Program Files (x86)\Coupons
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
HKU\S-1-5-21-3227488530-1666802016-3989171195-1001\...\MountPoints2: {b4f47fa1-c0b7-11e1-9f47-806e6f6e6963} - E:\autorun.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Homepage: hxxp://www.swagbucks.com/
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll [2012-08-29] (Catalina Marketing Corporation)
C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-09-18] (Coupons, Inc.)
C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [1413736 2015-09-18] (Coupons.com Inc.)
S4 Adobe Licensing Console; %SystemRoot%\SysWOW64\lnsecsl.exe [X] <==== ATTENTION
C:\Windows\SysWOW64\lnsecsl.exe
Task: {31F06778-5715-4A8D-80E1-158178D07FC7} - \RGames Updater -> No File <==== ATTENTION
Task: {4694A421-2AFF-46A5-AAF0-8751CD69BD15} - System32\Tasks\{4283809D-B8EA-446C-A2B1-D0363064B4EC} => pcalua.exe -a C:\Users\Lori\Downloads\winsdk_web.exe -d C:\Users\Lori\Downloads
Task: {4B603C5E-1951-4E99-82A7-5493A727B773} - \Apple\AppleSoftwareUpdate -> No File <==== ATTENTION
Task: {7F12BF8A-F3D3-45E8-959B-9FB86821E432} - \ASUS P4G -> No File <==== ATTENTION
Task: {88A39CD7-6E9B-4305-A7F4-9ED28AC40566} - \ASUS SmartLogon Console Sensor -> No File <==== ATTENTION
Task: {91755DCA-2A97-448D-BC6B-3B89DF6FD251} - \ASUS Live Update -> No File <==== ATTENTION
Task: {A5B09C30-519C-408D-9668-3855DE6FFE00} - \RunGadgetController -> No File <==== ATTENTION
Task: {C36BFB74-120C-4EF1-99DC-D5BA61726B41} - \ATKOSD2 -> No File <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end
 

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Start FRST that is on the desktop by right clicking on file and selecting "Run as Administrator..." and press the Fix button just once and wait.



If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


LAST >>>>

I know that this was done before the Fixlist script run but now we need to remove something that was hidden.

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Itibiti RTC

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.  

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.



Information to Reply with >>>>

• Any problems with the uninstalls?
• The Fixlog.txt log file text.
• How is your system running now?

 

 

[newbie2015]

Okay got as far as the farbar section I hit fix and a blue screen is back on what do I do now ?

[newbie2015]

okay updating after trying several times I got past the blue screen .

[newbie2015]

Here is the Fixlog

Attached Files

•  Fixlog.txt   10.84KB   180 downloads

[newbie2015]

Okay cannot connect to the internet ,blue screen about something not equal ,and still cannot print says printer is off line I change and it comes back error

[dbreeze]

Did the uninstalls go ok?

 

It looks like there were many different AntiVirus products on this system in the past.  There may be some residual files left behind that are causing the BSOD.  Please download and run the following utility to check on the system.

 

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

• Flush DNS
• Report IE Proxy Settings
• Report FF Proxy Settings
• List content of Hosts
• List IP configuration
• List Winsock Entries
• List last 10 Event Viewer log
• List Installed Programs
• List Devices [ Only Problems ]
• List Users, Partitions and Memory size.
• List Minidump Files
• List Restore Points

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Please post the Result.txt log file in your reply post.  Thanks.

 

[newbie2015]

Here is the result

Attached Files

•  MTB.txt   45.38KB   201 downloads

[newbie2015]

Oh and no problems with uninstalling any of the programs

[dbreeze]

Ok, Thank you for the MiniToolBox log; I will go over the errors listed and see what can be done.  Are you using Heimdal Pro or Free?

 

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

• Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  You will see the following console:
  
  
• Click the Scan button and wait for the scan to finish.
• After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Waiting for action. Please uncheck elements you don't want to remove.
• Click the Cleaning button.
• Everything checked will be deleted.
• When the program has finished cleaning a report appears.
• Once done it will ask to reboot, allow this
  
  
• On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.
 

 

[newbie2015]

Here are the results.

Attached Files

•  AdwCleanerC6.txt   1.64KB   188 downloads