Oh and welcome back and again thanks for helping
Little Old Lady PC, Need Help Helping
#46
Posted 12 November 2014 - 08:17 PM
#47
Posted 12 November 2014 - 08:19 PM
Ok. The MBAM log looks good. The folder, C:\Users\All Users\RyMMiLto, is very strange, though I did find one instance online where one of my associates removed the file yet not a similarly strange folder, so I am not only going to remove only that file, yet reset the Windows Firewall with the following commands in the fix, then we will continue from there.
Please download the attached fixlist.txt file and save it to your Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
fixlist.txt 241bytes 140 downloads
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.
Run FRST and press the Fix button just once and wait.
The tool will create a log (Fixlog.txt) on the Desktop. Please post it in your reply.
#48
Posted 12 November 2014 - 08:22 PM
Oh and welcome back and again thanks for helping
Thanks! And you're very welcome!
Isn't this fun!?! I really do like helping others after a long days work. I find it personally rewarding to say the least!
#49
Posted 12 November 2014 - 08:33 PM
Oh when I popped back over, windows killed Malwarebytes again.
While I was running FRST fix windows firewall blocked an HP proggy grabbed a screen shot will post when machine reboots. along with new fix log.
FYI that malware scan log was from days ago before we started.
#50
Posted 12 November 2014 - 08:41 PM
Fixlog
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-11-2014
Ran by Chilson at 2014-11-12 19:27:39 Run:3
Running from C:\Users\Chilson\Desktop\AAA FRST3
Loaded Profile: Chilson (Available profiles: Chilson & avery)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Users\All Users\RyMMiLto\dat\rFBLfkuqsTj.dll
C:\Users\All Users\RyMMiLto\dat\yOefCIVAJW.dll
DeleteQuarantine:
Hosts:
Emptytemp:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
*****************
"C:\Users\All Users\RyMMiLto\dat\rFBLfkuqsTj.dll" => File/Directory not found.
"C:\Users\All Users\RyMMiLto\dat\yOefCIVAJW.dll" => File/Directory not found.
"C:\FRST\Quarantine" => Removed successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
========= netsh advfirewall reset =========
Ok.
========= End of CMD: =========
========= netsh advfirewall set allprofiles state on =========
Ok.
========= End of CMD: =========
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
EmptyTemp: => Removed 17.9 MB temporary data.
The system needed a reboot.
==== End of Fixlog ====
#51
Posted 12 November 2014 - 09:12 PM
I see that folder was not found by my FRST fix to be removed. I'll look into why. Could be nothing but I want to make sure.
Security Check did find some programs that are outdated. Let's get them updated.
Out of date Adobe Reader installed!
Your Adobe reader needs updating. You should ensure you use the latest Adobe Reader and install any security updates that are released. You can download the latest reader and updates from here, though be very careful to uncheck the option to install McAfee Security Scan Plus.
As a side note: I'd suggest uninstalling Adobe Reader and using FoxIt or Sumatra Reader. Adobe has become very vulnerable over the last couple of years and really uses up resources more than FoxIt or Sumatra Reader. The "footprints" for Foxit and Sumatra Reader are considerably smaller than Adobe's and consequently uses less resources (RAM as well as hard drive space). It's been said that there are a few things those readers cannot do compared to Adobe, but I haven't come across any users complaining.
If you choose to install Foxit Reader, please be advised that you may have to uncheck any pre-checked software. Choose custom install.
If you'd like, you can download Foxit Reader from here.
Or if you choose, you could install Sumatra from here, though make sure to uninstall Adobe Reader.
You might want to discuss this with the owners of the computer.
Next:
As for Adobe Flash Player, you can get the updated version from here, though as mentioned above with the Adobe Reader update, be very careful to uncheck the option to install McAfee Security Scan Plus.
Next:
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Now a days, your typical home computer user doesn't need Java installed, which at one time was desperately needed for websites to be displayed. That is no longer the case. I had uninstalled Java a few years ago and have since found no need for it, so the choice is yours if you would like to reinstall or not. If the need ever arises, you will be notified that Java is needed at which time you could install, or you could reinstall and just disable Java till the moment arises if it is needed.
You can read more about the need for Java and how to disable it here.
If you would like to reinstall, please do so from here.
Once your are done updating, go ahead and run Disk Cleanup if you haven't already. It will also flush out all restore points except for the last one created.
How is the system running now? I would like to remove all the tools used, though I will wait for your opinion before doing so.
#52
Posted 12 November 2014 - 09:33 PM
I am working it. FYI there is not installed JAVA, first thing I uninstalled when I got to the control panel.
#53
Posted 12 November 2014 - 09:37 PM
The machine is acting badly right now, it is not loading pages correctly 50% of the time, just goes out and doesn't come back, DEP (Data Execution Prevention) On Note pad, Malwarebytes and earlier Powershell
#54
Posted 12 November 2014 - 10:48 PM
Ok all cleaned up, system restore files deleted, loaded Foxit ran another Security Check, here is the log
#55
Posted 12 November 2014 - 10:49 PM
PS I loaded Chrome, got tired of dealing with ie. Updated it to current
Edited by The_Omni, 12 November 2014 - 10:52 PM.
#56
Posted 12 November 2014 - 10:53 PM
I would like to run another Malwarebytes Scan, but I won't until you give me permission.
#57
Posted 13 November 2014 - 12:19 AM
I went ahead and Defragged.
PS Here is the info on Puran, I like its features for a free app
http://www.majorgeek...ee_edition.html
#58
Posted 13 November 2014 - 06:38 AM
Those DEP issues are possibly related to recently installed programs. Not sure, but I wonder it that has anything to do with Windows being outdated to to the nature of the Windows programs that are being detected. The following link might shed some light on that:
Data Execution Prevention: frequently asked questions
Go ahead and run Malwarebytes if you like. Use the following instructions to ensure specific settings are configured:
Malwarebytes 2.0, please run a Threat Scan
- Click on the Dashboard tab and to the right of Database Version, click the Update Now >> link.
- After the updates complete, click on the Settings tab at the top then click on Detection and Protection.
- Under Detection Options, make sure all 3 options are checked.
- Just below that, under Non-Malware Protection, click on the drop down arrow under PUP (Potentially Unwanted Program) detections: and choose Treat detections as malware.
- Click on the Scan tab at the top, then click on the Scan Now >> button. (There is also a Scan Now >> button on the Dashboard you can click as well.
- If you are offered to update again, go ahead and click the Update Now >> button. Once complete, the Threat Scan will begin.
- When the scan is complete, if there have been any detections, click Apply Actions to allow MBAM to clean what was detected.
- In most cases, a restart will be required.
- Wait for the prompt to restart the computer to appear, then click on Yes.
- After the restart once you are back at your desktop, open MBAM once more.
- Click on the History tab > Application Logs
- Double click on the scan log which shows the Date and time of the scan just performed.
- Click 'Copy to Clipboard'
- Paste the contents of the clipboard into your reply.
Might be a good idea to do a System File Check as well:
SFC Scan
- Click on the Start button and in the search box, type cmd.exe
- When you see cmd in the list, right-click on it and select Run as administrator
- When command prompt opens, please type or copy/paste the following command into it, then press Enter
sfc /scannow
Wait for this to finish before you continue.
Once the scan completes, type or copy/paste the following into notepad
@echo off
findstr /c:"[SR]" %windir%\logs\cbs\cbs.log > sfcdetails.txt
del %0
Then run a Disk Check:
- Click on Start > Run and type in cmd
- Press Enter
- In the Command Prompt window type chkdsk c:/r (or copy and paste) and press Enter.
Please Note the space between k c:/r - The next dialog box will now show the following:
Chkdsk cannot run because the volume is in use by another
process. Would you like to schedule this volume to be
checked the next time the system restarts? <Y/N> - Type Y and reboot the computer.
- Checkdisk will start once the computer reboots. It can take up to an hour or more to complete as it goes through the stages. Allow it to run uninterrupted till complete.
Please download ListChkdskResult by SleepyDude to the desktop.
- Double click on the icon and click [b]Run
#59
Posted 13 November 2014 - 09:32 PM
MalwareBytes Scan Log
#60
Posted 13 November 2014 - 09:34 PM
Hope you had a good day. It locked up on me earlier so I had to hard start and did a chkdsk fix after restart
Clean on MWB scan doing System File Check now
Similar Topics
Also tagged with one or more of these keywords: Trojans, PUPS, POWERLIKS, ReDirects, Multiple Chrome Instances, Powerliks, Rogues, PUPs, Bogus Chrome Instances
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users