NetBuse

The computer can be used again since the cleaning process is done, correct?

Okay I did the steps and the only restore point left is the one created by delfix (has the description End of Disinfection) and I used TFC. Now that this whole process is done the laptop can be given back and be used for work again?

Here are the log files. FRST: Fixlog.txt AdwCleaner: AdwCleanerR0.txt AdwCleanerS0.txt JRT: JRT.txt SecurityCheck: checkup.txt

ESET Scan results: C:\$Recycle.Bin\S-1-5-21-406499392-2183913844-3492909602-1001\$R0LNQ1K\upfst_us_107.exe a variant of Win32/Adware.EoRezo.AJ application C:\Users\Hilda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBWE3RMM\SpeedUpMyPC-standalone-setup[1].exe Win32/SpeedUpMyPC potentially unwanted application C:\Users\Hilda\AppData\Local\Temp\2441d679-ed41-4176-a595-72147ea19175\software\2040-2082_Re-markit.exe multiple threats C:\Users\Hilda\AppData\Local\Temp\2441d679-ed41-4176-a595-72147ea19175\software\speedupmypc.exe Win32/SpeedUpMyPC.A potentially unwanted application C:\Users\Hilda\AppData\Local\Temp\is-BIE3V.tmp\SpeedUpMyPC-standalone-setup.exe Win32/SpeedUpMyPC potentially unwanted application C:\Users\Hilda\Downloads\couponcomcouponprinter-setup(1).exe Win32/DownloadAdmin.G potentially unwanted application C:\Users\Hilda\Downloads\couponcomcouponprinter-setup.exe Win32/DownloadAdmin.G potentially unwanted application

Here is the: Fixlog.txt Here is the Malwarebytes scan info: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 1/27/2015 Scan Time: 12:32:38 PM Logfile: Administrator: Yes Version: 2.00.4.1028 Malware Database: v2015.01.27.07 Rootkit Database: v2015.01.14.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Hilda Scan Type: Custom Scan Result: Completed Objects Scanned: 597721 Time Elapsed: 4 hr, 0 min, 38 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Warn PUM: Warn Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)

Got to running FRST64.exe and clicked on FIx but it crashed during if I remember the text right " deleting the temp folder" or something around that style. It was in the process of deleting the temp folder of the main account, now that it is mentioned since there are two accounts (the admin and then Standard) would FRST64.exe delete the temp folder from both at once? Currently in the admin account, but since there are two accounts I think I have a valid concern that I mentioned. So do I rerun FRST64.exe with the fixlist or what? I do not know what to do since FRST64.exe crashed during the fixing process.

Ok I done both, but since quickscan was the default level of intensity for GMER (whch was used as per instructions) instead of an intensive scan of the whole C: drive, the results are still good enough for you correct? TDSS by default did not scan Modules but I left the settings alone as well, so is that ok too for the results? Just curious. GMER: ark.txt TDSS: TDSSKiller.3.0.0.44_23.01.2015_12.04.22_log.txt

I am using a HP laptop that was restored from an old and failing HD by copying the entire thing to a new hard drive. Afterwards I installed Malwarebytes using the Chameleon route and it removed over 1000 items; most were PUPs while some were malware. Afterwards the performance increased but I feel that there are some lingering issues as when I first ran Firefox again (after a scan that came up as clear) today it did something odd when it ran, so I closed it and ran another scan and suddenly PUP.Optional.V9.A was listed as the sole thing it found. The file responsible was quarentined but it appeared only after Firefox was run so I am worried about other PUPs or hidden malware being activated if specific programs are run.... it turns out that a PUP.Optional.WeatherAlerts.A was activated when I started FireFox again to do this post. What is hiding on this laptop that only appears when certain programs are run and please list if they are a threat or an annoyance. Another note, just as I was about to press post some text became garbled, but preview shows no garbled text. Before anyone asks why no new OS was installed the owner, a friend wanted the old OS back, despite being told there were likely to be issues since it was doing some odd thngs before. I am working with an OS that should be replaced but sentimentle value is causing blindness to what should have been done, but the stuation is what it is. FRST.txt Addition.txt Shortcut.txt

I was planning on asking for help from them but I was just asking in case you knew. Versions prior to the 2.0 version used the registry to store some key information, but go ahead and close the thread. Thank you for taking time to help me.

The issue of the icon not appearing. If there is no way to backtrack to an older version (via a reliable link), there is no way to backtrack. Besides why I came to this website has been dealt with and this icon not appearing thing could be viewed as nitpicking.

One final thought that came to me, is there any links to the old 1.75 version of Malwarebytes AntiMalware? If there is I would be willing to uninstall Malwarebytes version 2 and see if version 1.75 fixes the issue.

Did not help. I know it is active in the background via task manager but that is not really pressing. It is irritating but I do know it is running, task manager has the processes running, the Malwarbytes GUI says it is running, and the settings are enabled. It just will not show the quickaccess icon in the bottom right for some reason. Moving on from that annoyance, I ran another scan of Malwarebytes, all the options enabled and nothing came up. Since it has consistantly said no malware detected, I think we can say that the issue you helped me is gone. I appreciate you trying to help me about that icon not showing up, but I feel that helping me to try to get an icon to reappear would be a waste of your time. I keep checking if it is active and the processes are running, so I will figure out the issue later. The netbook is faster than it used to be and scans have come up clean repeatly. I think besides the icon thing that this issue can be closed. I know that without your help an the netbook would probably have to be rebuilt and my mother has data on it that she considers priceless (pictures of grandchildren and one of the last pictures of my brother while he was alive), and I appreciate you helping me though the cleaning process and answering the questions I asked.

First paragraph the end should be "a reboot was apparently needed", I was thinking ahead while typing sorry if I sounded weird.

Ok I reinstalled Malwarebytes (downloaded tool, ran, restarted, after restart used latest setup file) and entered the premium activation information. Curious thing occurred the dashboard says Malwarebytes AntiMalware Premium but to the right of real time protection it said available only in Premium, I restarted the netbook, clicked on Malwarebytes shortcut on desktop and that errorious message is gone (License is Premium and realtime protection says Malware and Malicious Website Protection enabled), no reboot was apparently needed. On the otherhand no icon on taskbar...well that is irritating. Checked Task Manager and mbam.exe, mbamscheduler.exe, and mbamservice.exe ARE running, but no icon on taskbar...in the past I encountered the same type of scenerio with other programs and it turned out to be registry related somehow. In any case I the netbook is running fine now, and Malwarebytes is running in the background but there is no quick access icon in the bottom right. So aside from Malwarebytes not showing an icon where it should for quickaccess, even after using the cleaning tool and reinstalling a fresh it without any lingering files, everything is fine. The icon has reappeared randomly in the past if the desktop GUI was hard refreshed (all icons and taskbars disappeared then reappeared) by a program, but that is not a reliable method to make the icon appear. Running a full scan with Malwarebytes now, and if it returns a clean result as the previous scans did I will consider the matter closed, even if there is no quickaccess icon, as it does run the protection modules even if there is no quick way (via icon) to verify it.

Aside from dealing with reinstalling Malwarebytes everything seems to be ok. So just to be clear you recommend running the mbam cleaning program in order to remove all traces of Malwarebytes settings? Do I have to be connected to the internet after deactivating Malwarebytes then run that program to preserve the slot assigned to the netbook (it is the premium edition, 3 slots (computers) for one license and so far the other two slots have not been used)?

As I am getting Java, Flash, and Firefox reinstalled, what do you recommend as a good Internet Security Software? AVG Internet Security sometimes fails to update and a reboot is neccessary to get it to work right. I personally use McAfee Internet Security on my laptop and desktop due to nearly flawless performance for me, but a 1.6 Ghz netbook with 1 GB Ram limits what I could get as a replacement for AVG. Webroot SecureAnywhere Internet Security from what I researched is designed to work along sides Malwarebytes AntiMalware, unlike Norton and McAfee. Is there another highly effective one that works alongside Malwarebytes AntiMalware besides Webroot? I asking you since while I do know somethings about how to make WIndows more secure, I never encountered a rootkit before that required asking for help to remove it. I also never heard of many of the programs I looked up and used, and while I find it amazing what some people are able to create to deal with these situations, the danger and damage these programs can do in the hands of people with no clue how to use them (me) is scary. As part of cleanup I also force removed Coupon Printer for Windows with Geek.exe as a key component was taken out during one of the cleaning runs with combofix or jrt, do not know which, but I force removed the leftovers of it. Should I uninstall Microsoft Silverlight as well, I do not know what it is for, but I do know it is something of a speciality program that somethings use like some download managers for On demand streaming (VUDU, Time Warner Cable, UltraViolet) require for one thing or another, as the reason why varies, be it for online viewing or downloading a movie you brought directly to the hard drive, but the netbook is not used for those reasons. I could uninstall it, but I do not know if there are any programs that are dependent on it installed.

The current status is this: 1. Cbl.dll is now Cbl.old. Cbl.dll from dllcache folder has been copied into System32 folder. What do I do with cbl.old? Do I upload it somewhere, if so where? What was the purpose behind copying Cbl.dll from dllcache folder into System32 folder? 2. Malwarebytes AntiMalware still not showing an icon in the bottom right where it used to. So I will uninstall and reinstall it later to see if that fixes the icon issue as the mbam IS running according to Task Manager in the background. 3. ComboFix is gone, 4. DelFix was ran when you told me to but it is gone now. 5. I have uninstalled java 6, 7, and FX using GEEK.EXE. Have not reinstalled Java yet as waiting for the all clear from you. 6. Uninstalled Adobe Flash ActiveX and Plugin as on Nov 14 and 18, respectfully they were updated according to GEEK.EXE (under the Installed on column). I did not know that so I removed them, they will be reinstalled later 7. Waiting on being told what to do about the Cbl.old file before continuing. 8. FireFox will be uninstalled after this whole affair and reinstalled to try to fix what is going on about downloads and freezing. 9. Noticing the netbook is running faster but have to deal with reinstalling various software (Flash, Java, FireFox, Malwarebytes AntiMalware) after I am told the netbook is clear. 10 Making this status report as you requested.

Wait a minute I looked over the folder options and discovered I missed unchecking hide system files and folder option. Now it appeared. Been using Windows 7 for myself too long if I am forgotting what I used to know about XP. Copied the file over now. I am using my computer to type this as it is easier to do so at times. Now what?

So to be clear you want me to rename in system32 clb.dll to clb.old, then goto dllcache and copy and paste the clb.dll to system32? Then what? What is the purpose of renaming one file and copying to the duplicate to where the renamed one is? What about what the Avira, Symantic, SuperAntiSpyware found? Do I do something with the the now named clb.old file? The old file said created Monday, April 27 2009 but then says modified April 14 2008, before I changed its name and no error message appeared (it was not in use therefore I could change its name). There is a problem in there is no Dllcache folder (hidden files and folders appear option is enabled) and no duplicate clb.dll. Regarding what you posted about FireFox download location it was after ComboFix ran the first time the freezing issue appeared. I reset Firefox but that only worked once, all other times freezing up. I changed the download setting back and forth but only when there is a fixed destination does downloads work. As for uploading files they must be on the desktop or firefox freezes.

Well the formatting disappeared from what I was seeing when I copied and pasted, but SuperAntispyware, Avira, and Symantec analysis seemed to have found something.

Oh also forgot to add I had to use Internet Explorer to do what you asked as Firefox freezes when I tried to go deeper than My Computer when uploading that file. Firefox also hates me choosing download locations as well, but if I designate a folder as an automatic location (i.e. Downloads folder) there is no issue. Something is going on with FireFox.

The top box: SHA256: 2347c29099d0ed834b57a23ea4870317ff19b145496e1c19830a634d6b05e372 File name: clb.dll Detection ratio: 3 / 53 Analysis date: 2014-11-24 01:41:04 UTC ( 0 minutes ago ) The Analysis Tab: SUPERAntiSpyware Trojan.Agent/Gen-Nullo[short] 20141123 Avira TR/Trash.Gen 20141123 Symantec Bloodhound.MalPE 20141124 nProtect 20141121 Zoner 20141120 Zillya 20141122 ViRobot 20141123 VIPRE 20141124 VBA32 20141121 TrendMicro-HouseCall 20141124 TrendMicro 20141124 TotalDefense 20141123 TheHacker 20141121 Tencent 20141124 Rising 20141123 Qihoo-360 20141124 Panda 20141123 Norman 20141123 NANO-Antivirus 20141124 Microsoft 20141123 McAfee-GW-Edition 20141123 McAfee 20141124 Malwarebytes 20141124 Kingsoft 20141124 Kaspersky 20141124 K7GW 20141121 K7AntiVirus 20141121 Jiangmin 20141123 Ikarus 20141123 GData 20141124 Fortinet 20141124 F-Secure 20141123 F-Prot 20141124 Emsisoft 20141124 ESET-NOD32 20141124 DrWeb 20141124 Cyren 20141124 Comodo 20141123 ClamAV 20141124 CMC 20141121 CAT-QuickHeal 20141122 ByteHero 20141124 Bkav 20141120 BitDefender 20141124 Baidu-International 20141123 Avast 20141124 Antiy-AVL 20141123 AhnLab-V3 20141123 Agnitum 20141123 AegisLab 20141124 Ad-Aware 20141124 AVware 20141121 AVG 20141123 (This is me adding that the blank middle spots were green checkmarks, which meant file not detected when I hovered over them) Additional Information tab: File identificationMD5 536f409649b68cba9366dae315779b20SHA1 bfea6b50e00f1465e7e1e40094583d3138641e23SHA256 2347c29099d0ed834b57a23ea4870317ff19b145496e1c19830a634d6b05e372ssdeep192:jPg+r+yr/MPAC4AgtS0Ay5UVc4ZSAjdTCGhWUeW:/SyrkPifS0AmUe4/dTnhWUeWFile size 10.5 KB ( 10752 bytes )File type unknownMagic literaldata TrID Autodesk FLIC Image File (extensions: flc, fli, cel) (100.0%) VirusTotal metadataFirst submission 2014-11-24 01:41:04 UTC ( 8 minutes ago )Last submission 2014-11-24 01:41:04 UTC ( 8 minutes ago ) File names clb.dll ExifTool file metadataFileAccessDate2014:11:24 02:41:14+01:00FileCreateDate2014:11:24 02:41:14+01:00 Ok what does this mean?

I did not run it again, that log is from the only time jrt.exe ran.

I think I need to roll back as windows Data execution prevent GenericHost32 from doing something when I just turned the netbook back on. Do I use a system restore point to return to before JRT.EXE was run or Last Known Good Configuration option when the netbook starts up? Before JRT.EXE was run the netbook was fine but now, JRT.EXE seems to have done something bad when it ran. The log it created after it ran is here: JRT.txt I am confused about what to do now.

At this point I know that it is just cleanup and making sure the system is running correctly so the new FRST scans being posted were just me making sure that provided you look at them everything has been taken care of. I have OCD issues about security and while malwarebytes has now done 3 scans with all scanning options enabled, with nothing being found, I have seen that FRST can pick up hidden details, therefore I posted those three files in my last reply as making sure everything has been taken care of. I know that it has become lengthy but my mother wants the netbook to really be clean when she resumes using it. I do not want to fail her so that is part of the reason this whole process has dragged on for days, the other part is my OCD acting up. So if there is nothing left but cleanup and optimizing the netbook I would appreciate the answer.