Jump to content

Bad infection


Recommended Posts

I usually have zero problem finding a solution on my own, etc.  This time I just cant.  Been at it for a week. I even spoke with a Microsoft tech support (desk help) thing, and they said they could fix it, for a fee. I've run multiple things, such as Sophos, TDSSKiller, Malware bytes, and the anti rootkit, spybot, combofix (sorry, I know its a no no).  All I did was run combofix I didn't do the combofix /uninstall or apply anything unless it does it automatically. I will say after combofix I'm running a lot faster, but I know their are still problems.  It could be related to drivers not getting along.  I think I may not have properly uninstalled my previous graphics drivers before installing NVidia drivers.  But the Microsoft tech guy said I was deeply infected so I'm sure there is some kind of problem. 

 

Thanks in advanced,

 

Sean

dds.txt

attach.txt

Link to post
Share on other sites

  • Replies 57
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Posted Images

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Can you post the log from Combofix, will be here C:\Combofix.txt

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin....

Link to post
Share on other sites

I strongly advise that you UNinstall any installed program related to 1OBit, it really is bad news... Use RevoUninstaller if required..

 

Please download and install Revo Uninstaller Free

 

 

  •  

     

  • Double click Revo Uninstaller to run it.

     

     

  • From the list of programs double click on The Program to remove

     

     

  • When prompted if you want to uninstall click Yes.

     

     

  • Be sure the Moderate option is selected then click Next.

     

     

  • The program will run, If prompted again click Yes

     

     

  • When the built-in uninstaller is finished click on Next.

     

     

  • Once the program has searched for leftovers click Next.

     

     

  • Check/tick the bolded items only on the list then click Delete

     

     

  • When prompted click on Yes and then on next.

     

     

  • Put a check on any folders that are found and select delete

     

     

  • When prompted select yes then on next

     

     

  • Once done click Finish.

     

     

 

 

Next,

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.


The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced logs in next reply, also give update on remaining issues/concerns....

 

One other point, I do not see a resident Anti-virus program installed. If that is true d/l and install Microsoft Security Essentials from following link:

 

http://www.microsoft.com/en-gb/download/details.aspx?id=5201

 

Thank you,

 

Kevin

 

fixlist.txt

Link to post
Share on other sites

I'm just going to type it all as its not much and I've nothing to do while Malware-Bytes scans.  As regard to no Antivirus on, I had removed MSE for use of combofix.  The error combofix gave me was quite frightening and without professional supervision I just decided to do what I could to make that go away.

 

 

# Username : Akillease - AKREIA

# Running from : C:\Users\Akillease\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

File Deleted : C:\Windows\System32\Tasks\NCH Software

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16428

 

-\\ Mozilla Firefox v

 

[ File : C:\Users\Akillease\AppData\Roaming\Mozilla\Firefox\Profiles\zb163295.default-1388668378884\prefs.js ]

 

 

-\\ Google Chrome v31.0.1650.63

 

[ File : C:\Users\Akillease\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [7893 octets] - [01/01/2014 19:54:48]

AdwCleaner[R1].txt - [1101 octets] - [01/01/2014 22:12:11]

AdwCleaner[R2].txt - [1221 octets] - [01/01/2014 22:17:11]

AdwCleaner[R3].txt - [426 octets] - [02/01/2014 00:12:36]

AdwCleaner[R4].txt - [1754 octets] - [02/01/2014 06:51:01]

AdwCleaner[R5].txt - [1982 octets] - [02/01/2014 06:55:07]

AdwCleaner[R6].txt - [1505 octets] - [06/01/2014 06:24:38]

AdwCleaner[s0].txt - [7761 octets] - [01/01/2014 19:59:13]

AdwCleaner[s1].txt - [1165 octets] - [01/01/2014 22:13:32]

AdwCleaner[s2].txt - [1681 octets] - [02/01/2014 06:51:31]

AdwCleaner[s3].txt - [1428 octets] - [06/01/2014 06:26:56]

 

########## EOF - C:\AdwCleaner[s3].txt - [1488 octets] ##########

Link to post
Share on other sites

# AdwCleaner v3.016 - Report created 06/01/2014 at 06:26:56

# Updated 23/12/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Akillease - AKREIA

# Running from : C:\Users\Akillease\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

File Deleted : C:\Windows\System32\Tasks\NCH Software

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16428

 

 

-\\ Mozilla Firefox v

 

[ File : C:\Users\Akillease\AppData\Roaming\Mozilla\Firefox\Profiles\zb163295.default-1388668378884\prefs.js ]

 

 

-\\ Google Chrome v31.0.1650.63

 

[ File : C:\Users\Akillease\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [7893 octets] - [01/01/2014 19:54:48]

AdwCleaner[R1].txt - [1101 octets] - [01/01/2014 22:12:11]

AdwCleaner[R2].txt - [1221 octets] - [01/01/2014 22:17:11]

AdwCleaner[R3].txt - [426 octets] - [02/01/2014 00:12:36]

AdwCleaner[R4].txt - [1754 octets] - [02/01/2014 06:51:01]

AdwCleaner[R5].txt - [1982 octets] - [02/01/2014 06:55:07]

AdwCleaner[R6].txt - [1505 octets] - [06/01/2014 06:24:38]

AdwCleaner[s0].txt - [7761 octets] - [01/01/2014 19:56:13]

AdwCleaner[s1].txt - [1165 octets] - [01/01/2014 22:13:32]

AdwCleaner[s2].txt - [1681 octets] - [02/01/2014 06:51:41]

AdwCleaner[s3].txt - [1428 octets] - [06/01/2014 06:26:56]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s3].txt - [1488 octets] ##########

 

 

 

Yay google chrome let me paste this

 

Link to post
Share on other sites

No problem for the updates, I'm hoping it helps us resolve this as fast as possible.  I shall add I greatly appreciate your attentive responses.  If this all works out, i'll owe ya big and will definitely donate.  Just gotta make a PayPal and figure that mess out.  

 

Fixlog from FRST

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-01-2014
Ran by Akillease at 2014-01-06 06:20:44 Run:1
Running from C:\Users\Akillease\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
R0 20181068; C:\Windows\System32\DRIVERS\20181068.sys [460888 2013-12-31] (Kaspersky Lab ZAO)
C:\Windows\System32\DRIVERS\20181068.sys
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [x]
S1 uwexmnqm; \??\C:\Windows\system32\drivers\uwexmnqm.sys [x]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [x]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [x]
C:\kleaner.tmp
C:\Users\Akillease\jagex_cl_loginapplet_LIVE.dat
C:\Users\Akillease\jagex_cl_oldschool_LIVE.dat
C:\Users\Akillease\jagex_cl_runescape_LIVE.dat
C:\Users\Akillease\jagex_cl_runescape_LIVE1.dat
C:\Users\Akillease\jagex_cl_runescape_LIVE2.dat
C:\Users\Akillease\jagex_cl_speccollect_LIVE.dat
C:\Users\Akillease\random.dat
C:\ProgramData\inirlb.reg
Task: {0C381DBC-A5C2-451A-B0BD-F46228E071B5} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2013-12-20] (IObit)
Task: C:\Windows\Tasks\Driver Booster Update.job => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
AlternateDataStreams: C:\Windows\system32\Drivers\euvjcuba.sys:changelist
End
 
 
 
*****************
 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Firefox homepage deleted successfully.
20181068 => Service deleted successfully.
C:\Windows\System32\DRIVERS\20181068.sys => Moved successfully.
cleanhlp => Service deleted successfully.
uwexmnqm => Service deleted successfully.
X6va015 => Service deleted successfully.
X6va016 => Service deleted successfully.
C:\kleaner.tmp => Moved successfully.
C:\Users\Akillease\jagex_cl_loginapplet_LIVE.dat => Moved successfully.
C:\Users\Akillease\jagex_cl_oldschool_LIVE.dat => Moved successfully.
C:\Users\Akillease\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Users\Akillease\jagex_cl_runescape_LIVE1.dat => Moved successfully.
C:\Users\Akillease\jagex_cl_runescape_LIVE2.dat => Moved successfully.
C:\Users\Akillease\jagex_cl_speccollect_LIVE.dat => Moved successfully.
C:\Users\Akillease\random.dat => Moved successfully.
C:\ProgramData\inirlb.reg => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0C381DBC-A5C2-451A-B0BD-F46228E071B5} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C381DBC-A5C2-451A-B0BD-F46228E071B5} => Key deleted successfully.
C:\Windows\System32\Tasks\Driver Booster Update => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Update => Key deleted successfully.
C:\Windows\Tasks\Driver Booster Update.job => Moved successfully.
C:\Windows\system32\Drivers\euvjcuba.sys => ":changelist" ADS removed successfully.
 
 
The system needs a manual reboot. 
 
==== End of Fixlog ====
 
 
Mbam Log:
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.03.02
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Akillease :: AKREIA [administrator]
 
1/6/2014 6:30:03 AM
mbam-log-2014-01-06 (06-30-03).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 535663
Time elapsed: 1 hour(s), 23 minute(s), 55 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
Link to post
Share on other sites

Anyway, I'm running the scan again in the meantime.  As far as other issues/concerns, I have a windows update that tries to repeatedly update itself, despite being installed already.  This is the reason i sought out professional help from the Microsoft Tech associate.  I've looked up some of the bluescreens I've had and some are memory related.  Most, really.  PAGE_FAULT_IN_NONPAGED_AREA I think is the one that was most recent one. Corrupted Checksum  has happened on start up multiple times over the week as well. Aside from that cannot think of any more issues i need addressed for the time being as there has been many, unfortunately.  I will say I am quite certain all of this started from search.conduit.  I obtained that from getting GPU Temp or CPU temp or Fraps from an untrustworthy site.  I got these programs to monitor my newly added graphics card.  I do not think my graphics card is causing the blue screens as my computer was running perfectly fine for about half of a day until i got these programs.  It may have been because if an improper way i installed the graphics card.  I didn't uninstall my previous Radeon until after I installed these NVidia drivers.  Though it seems as if my machine is purring like a kitten compared to how it was before your help. 

Link to post
Share on other sites

We still need to run an online AV scan to ensure there are no remnants of any infection left on your system that we may have missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 

 

  •  

     

  • Turn off the real time scanner of any existing antivirus program while performing the online scan

     

     

  • click on the Run ESET Online Scanner button

     

     

  • Tick the box next to YES, I accept the Terms of Use.

     

    Click Start

     

  • When asked, allow the add/on to be installed

     

    Click Start

     

  • Make sure that the option Remove found threats is unticked

     

     

  • Click on Advanced Settings, ensure the options

     

     

  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.

     

    Click Scan

     

  • wait for the virus definitions to be downloaded

     

     

  • Wait for the scan to finish

     

     

 

 

When the scan is complete

 

 

  •  

     

  • If no threats were found

     

     

  • put a checkmark in "Uninstall application on close"

     

     

  • close program

     

     

  • report to me that nothing was found

     

     

 

 

If threats were found

 

 

  •  

     

  • click on "list of threats found"

     

     

  • click on "export to text file" and save it as ESET SCAN and save to the desktop

     

     

  • Click on back

     

     

  • put a checkmark in "Uninstall application on close"

     

     

  • click on finish

     

     

 

 

close program

 

copy and paste the report in next reply

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Next,

 

Also tell me the update that is causing issues..... I`ve got to go out so will be offline for 2 to 3 hours, ESET scan will take at least that long or maybe even longer, will catch up later.

 

As well as the logs and update reference let me know if any other issues or concerns..

 

Cheers,

 

Kevin....

Link to post
Share on other sites

Here is an elaborate description as to what just happened.  Mid scan, which was going rather fast. it was at about 35% of stage 3, 4 objects found and my computer crashed. The bluescreen was MEMORY_MANAGEMENT.   Upon restarting, after selecting start windows normally, I would see the "Loading system files" bar run through as if I had selected launch start up repair.  the bar would go through as if files were loaded and then reset.  This happened a few times.  There were multiple crashes on start-up.  Then I got the following

 

 

 

Windows Boot data configuration (BCD) store file contains some invalid information.

 

Object GUID: {57625633-6862-11e1-eda8945651dc}

 

Status: 0xc0000034

 

Info: The configuration for an element within the object is invalid in the boot configuration data store.

 

I pressed any key to continue.  The system went HAM for about 3 seconds, restarted and windows loaded.

 

Continuing with instruction and will attempt to run ESET.  I noticed Scan Archives is a selectable option which was not mentioned in your post so I left it unchecked. I hope this is correct

Link to post
Share on other sites

The scans have finished.

 

The Windows update that wants to continuously install is KB982670.

 

Here is the ESET SCAN:

 

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\IObit Apps Toolbar\FF\components\iobitappsToolbarFF.dll.vir a variant of Win32/Toolbar.Widgi application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\IObit Apps Toolbar\IE\7.4\iobitappsToolbarIE.dll.vir a variant of Win32/Toolbar.Widgi application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Vuze\.install4j\i4j_extf_27_5p83tu.dll.vir a variant of Win32/Bunndle application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Vuze\.install4j\user\BunndleOfferManager.dll.vir a variant of Win32/Bunndle application
C:\Program Files (x86)\Cheat Engine 6.1\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB application
C:\Program Files (x86)\eMu3Ds\eMu3Ds.exe a variant of MSIL/Hoax.Agent.NAG application
C:\ProgramData\InstallMate\{353D4BE8-9585-48D4-AE18-3CB19D75D7CA}\Custom.dll Win32/InstalleRex.L application
C:\ProgramData\Spybot - Search & Destroy\Recovery\WebCakeBHO13.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\WebCakeBHO3.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\WebCakeBHO8.zip Win32/Bagle.gen.zip worm
C:\Users\Akillease\Desktop\Stuff\Desktop Stuff\eMu3Ds_Setup.exe multiple threats
C:\Users\Akillease\Desktop\Stuff\Desktop Stuff\Project64_2.0.exe Win32/Adware.Lollipop.D application
C:\Users\Akillease\Documents\ApnStub.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Akillease\Downloads\avc-free.exe Win32/OpenCandy application
C:\Users\Akillease\Downloads\Brothersoft_downloader_For_iPod_PC_Transfer.exe a variant of Win32/BSDownloader application
C:\Users\Akillease\Downloads\cbsidlm-cbsi109-IObit_Malware_Fighter-BP-10967594.exe a variant of Win32/CNETInstaller.B application
C:\Users\Akillease\Downloads\cbsidlm-cbsi5_0_0_78-4Media_iPod_to_PC_Transfer-SEO-10786607.exe a variant of Win32/CNETInstaller.B application
C:\Users\Akillease\Downloads\cbsidlm-tr1_7-Any_Media_to_MP3_Converter-SEO-10666659.exe Win32/DownloadAdmin.D application
C:\Users\Akillease\Downloads\cbsidlm-tr1_8-Auto_Typer-SEO2-10971732.exe Win32/DownloadAdmin.E application
C:\Users\Akillease\Downloads\cbsidlm-tr1_9-Virtual_CloneDrive-SEO2-173879 (1).exe multiple threats
C:\Users\Akillease\Downloads\cbsidlm-tr1_9-Virtual_CloneDrive-SEO2-173879.exe multiple threats
C:\Users\Akillease\Downloads\ccsetup409pro.exe Win32/Bundled.Toolbar.Google.D application
C:\Users\Akillease\Downloads\CheatEngine61.exe multiple threats
C:\Users\Akillease\Downloads\FreemakeAudioConverterSetup.exe Win32/OpenCandy application
C:\Users\Akillease\Downloads\frostwire-5.4.0.windows.exe a variant of Win32/Bundled.Toolbar.Ask.D application
C:\Users\Akillease\Downloads\mediawidgettrialtype30setup.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Akillease\Downloads\mediawidgettrialtype40setup.exe multiple threats
C:\Users\Akillease\Downloads\WinZip165.exe a variant of Win32/OpenInstall application
C:\Users\Akillease\Downloads\WinZip170.exe a variant of Win32/OpenInstall application
C:\Users\All Users\InstallMate\{353D4BE8-9585-48D4-AE18-3CB19D75D7CA}\Custom.dll Win32/InstalleRex.L application
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WebCakeBHO13.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WebCakeBHO3.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WebCakeBHO8.zip Win32/Bagle.gen.zip worm
 
 
And then the checkup:
 
 Results of screen317's Security Check version 0.99.78  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Wise Registry Cleaner 7.83  
 Adobe Flash Player 11.8.800.94  
 Adobe Reader 9 Adobe Reader out of Date! 
 Google Chrome 31.0.1650.63  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
 
Link to post
Share on other sites

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Files

    :FilesC:\Users\Akillease\Documents\ApnStub.exeC:\Users\Akillease\Downloads\avc-free.exeC:\Users\Akillease\Downloads\Brothersoft_downloader_For_iPod_PC_Transfer.exeC:\Users\Akillease\Downloads\cbsidlm-cbsi109-IObit_Malware_Fighter-BP-10967594.exeC:\Users\Akillease\Downloads\cbsidlm-cbsi5_0_0_78-4Media_iPod_to_PC_Transfer-SEO-10786607.exeC:\Users\Akillease\Downloads\cbsidlm-tr1_7-Any_Media_to_MP3_Converter-SEO-10666659.exeC:\Users\Akillease\Downloads\cbsidlm-tr1_8-Auto_Typer-SEO2-10971732.exeC:\Users\Akillease\Downloads\cbsidlm-tr1_9-Virtual_CloneDrive-SEO2-173879 (1).exeC:\Users\Akillease\Downloads\cbsidlm-tr1_9-Virtual_CloneDrive-SEO2-173879.exeC:\Users\Akillease\Downloads\ccsetup409pro.exeC:\Users\Akillease\Downloads\FreemakeAudioConverterSetup.exeC:\Users\Akillease\Downloads\frostwire-5.4.0.windows.exeC:\Users\Akillease\Downloads\mediawidgettrialtype30setup.exeC:\Users\Akillease\Downloads\mediawidgettrialtype40setup.exe:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

 

Next,

 

Adobe Reader is outdated...

Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader

 

Step 1 - Select your Operating System.

Step 2 - Select your Langauge.

Step 3 - Select latest version.

 

Untick the option for any security scanner or toolbar if offered.

 

Download and install.

 

Having the latest updates ensures there are no security vulnerabilities in your system.

 

Next,

 

Go here: http://download.microsoft.com/download/2/0/e/20e90413-712f-438c-988e-fdaa79a8ac3d/dotnetfx35.exe  download and run the clean up tool. See if that clears the issue with the windows update....

 

Next,

 

Navigate here C:\Windows\Minidump If there are any files within the Minidump folder zip up the most recent two and attach to your reply....

 

Let me know how the system is responding, also what issues/concerns remain...

 

Kevin

Link to post
Share on other sites

The Minidump folder is empty.

 

The infinite update is fixed, I think.  I ran the clean up tool, installed the infinite update again, then went back and updated to see if there were more updates after that, it gave me that one again... I installed it again, then in the list of updates there was version 4.5.1 installed that and now its gone.

 

An optional update was MSE, i figured it would choose the right version for me, it is quick scanning now.

 

Here is the log you requested.

 

All processes killed
========== FILES ==========
C:\Users\Akillease\Documents\ApnStub.exe moved successfully.
C:\Users\Akillease\Downloads\avc-free.exe moved successfully.
C:\Users\Akillease\Downloads\Brothersoft_downloader_For_iPod_PC_Transfer.exe moved successfully.
C:\Users\Akillease\Downloads\cbsidlm-cbsi109-IObit_Malware_Fighter-BP-10967594.exe moved successfully.
C:\Users\Akillease\Downloads\cbsidlm-cbsi5_0_0_78-4Media_iPod_to_PC_Transfer-SEO-10786607.exe moved successfully.
C:\Users\Akillease\Downloads\cbsidlm-tr1_7-Any_Media_to_MP3_Converter-SEO-10666659.exe moved successfully.
C:\Users\Akillease\Downloads\cbsidlm-tr1_8-Auto_Typer-SEO2-10971732.exe moved successfully.
C:\Users\Akillease\Downloads\cbsidlm-tr1_9-Virtual_CloneDrive-SEO2-173879 (1).exe moved successfully.
C:\Users\Akillease\Downloads\cbsidlm-tr1_9-Virtual_CloneDrive-SEO2-173879.exe moved successfully.
C:\Users\Akillease\Downloads\ccsetup409pro.exe moved successfully.
C:\Users\Akillease\Downloads\FreemakeAudioConverterSetup.exe moved successfully.
C:\Users\Akillease\Downloads\frostwire-5.4.0.windows.exe moved successfully.
C:\Users\Akillease\Downloads\mediawidgettrialtype30setup.exe moved successfully.
C:\Users\Akillease\Downloads\mediawidgettrialtype40setup.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Akillease
->Temp folder emptied: 68598457 bytes
->Temporary Internet Files folder emptied: 367287 bytes
->FireFox cache emptied: 2033817 bytes
->Google Chrome cache emptied: 19647359 bytes
->Flash cache emptied: 607 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 134 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 134 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 401408 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 28871680 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11191289 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42126 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67624 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 47276931 bytes
 
Total Files Cleaned = 170.00 mb
 
 
OTM by OldTimer - Version 3.1.21.0 log created on 01062014_120556
 
Files moved on Reboot...
C:\Users\Akillease\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Akillease\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\SysNative\SETC68C.tmp scheduled to be moved on reboot.
 
Registry entries deleted on Reboot...
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.