rbuskirk Posted October 18, 2014 ID:891964 Share Posted October 18, 2014 I am seeing the same thing and it just started today. Results of screen317's Security Check version 0.99.89 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 Out of date!``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update.`````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 15.0.0.152 Adobe Reader XI Mozilla Firefox 31.0 Firefox out of Date! Google Chrome 38.0.2125.101 Google Chrome 38.0.2125.104 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0%````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
rbuskirk Posted October 18, 2014 Author ID:891965 Share Posted October 18, 2014 Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 10/18/2014Scan Time: 10:41:18 AMLogfile:Administrator: YesVersion: 2.00.3.1025Malware Database: v2014.10.18.05Rootkit Database: v2014.10.17.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: RickScan Type: Threat ScanResult: CompletedObjects Scanned: 323182Time Elapsed: 7 min, 7 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 0(No malicious items detected)Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 0(No malicious items detected)Files: 0(No malicious items detected)Physical Sectors: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 18, 2014 ID:892002 Share Posted October 18, 2014 Hello RBUSKIRK, Read and follow the directions here Attach the FRST reports into a reply to this topic.Once you do that, we can move forward. Link to post Share on other sites More sharing options...
rbuskirk Posted October 18, 2014 Author ID:892011 Share Posted October 18, 2014 I have been with you guys for years and this is the first time I have had this issue.I do applogize I have attached the requested docuements. I did a netstat and i noticed like no less than 300 established connections from my PC outbound and That is not normal for my PC.IF you can help me I would be so very thankful. FRST.txtShortcut.txtAddition.txt Link to post Share on other sites More sharing options...
rbuskirk Posted October 18, 2014 Author ID:892039 Share Posted October 18, 2014 I have followed directions on Antoher post for the exact same problem happening today.Forhttps://forums.malwarebytes.org/index.php?/topic/159074-shako/page-2 I have the latest version of MB, IT and Anti Root kit came up Nothing.How ever when I followed the step last suggested . Use the ESET it found something.The scann is still running but i can tell you it found this. A variant of Win32/Systweak.H potentially unwanted application JS/Kryptik.ARD trojanA variant of Win32/OpenInstall potentially unwanted applicationA variant of Win32/FreeNew.A potentially unwanted application The scan is still ongoing I will update when It is completed with the full text file attached. Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 19, 2014 ID:892099 Share Posted October 19, 2014 These steps are for member Rbuskirk only. If you are a casual viewer, do NOT try this on your system!If you are not and have a similar problem, do NOT post here; start your own topicThe fix here is specific to this system only ! Later on, attach the whole log from ESET. What you posted is not all of it. Save the attached file Fixlist.txt to the same location where you have FRST.exe ---- thats important for the Fix to work.It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite an existing one please allow)Run FRST again but this time press the "Fix" button just once and wait.When finished, it will make a log ( fixlog.txt ) next to FRST.Please attach the Fixlog.txt into a reply.Fixlist.txt Link to post Share on other sites More sharing options...
rbuskirk Posted October 19, 2014 Author ID:892102 Share Posted October 19, 2014 Well That was not it.Just files laying around in older folders is all it found not something running. ESET.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 19, 2014 ID:892109 Share Posted October 19, 2014 Go ahead and run the FRST FIX run. Link to post Share on other sites More sharing options...
rbuskirk Posted October 19, 2014 Author ID:892360 Share Posted October 19, 2014 When my computer rebooted it came up with thie error.Windows cannot find 'UpdateTool.exe'. Make sure you typed the name correctly, and then try again. Fixlog.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 19, 2014 ID:892366 Share Posted October 19, 2014 ok. In that event, we can do a search using the FRST64 tool.Start FRST64.exewhen it shows its main screen, look at the box marked Searchtype inUpdateTool.exepress the Search Registry button.Have lots of patience. Attach the log Search.txt after the run has finished.Search.txt log is saved on the same location where FRST.exe is located.The issue you see is some sort of leftover and we'll locate then remove. Link to post Share on other sites More sharing options...
rbuskirk Posted October 19, 2014 Author ID:892375 Share Posted October 19, 2014 Not finding it. Farbar Recovery Scan Tool (x64) Version: 18-10-2014 01Ran by Rick at 2014-10-19 11:26:10Running deom O:\Boot Mode: Normal ======================= Search Registry "UpdateTool.exe " ======================= =============== End of Searh ==================== Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 19, 2014 ID:892396 Share Posted October 19, 2014 ok. Lets do some more research using other report tools. Download OTL by OldTimer to your desktop:http://oldtimer.geekstogo.com/OTL.exeClose all open windows on the Task Bar. Then run OTL(for Vista, or Windows 7 or 8 Right click the icon and Run as Administrator) to start the program.In the lower right corner, checkmark "LOP Check" and checkmark Purity Check".Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes or so. In any event, have lots of infinite patience.It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!Exit OTL by clicking the X at top right.Download Security Check by screen317 and save it to your Desktop: http://screen317.spywareinfoforum.org/SecurityCheck.exeRun Security CheckFollow the onscreen instructions inside of the command window.A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!Then attach the following into your postOTL.txtExtras.txtcheckup.txt Link to post Share on other sites More sharing options...
rbuskirk Posted October 19, 2014 Author ID:892410 Share Posted October 19, 2014 Step 1 files attachedOTL.TxtExtras.Txt Link to post Share on other sites More sharing options...
rbuskirk Posted October 19, 2014 Author ID:892411 Share Posted October 19, 2014 Step 2 AtcchedSearch.txt Link to post Share on other sites More sharing options...
rbuskirk Posted October 19, 2014 Author ID:892413 Share Posted October 19, 2014 Sorry it would not let me attach another document.Here is the contents of checkup.txt Results of screen317's Security Check version 0.99.89 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 Out of date!``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Bitdefender Antivirus Free Edition Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 15.0.0.152 Adobe Reader XI Mozilla Firefox 31.0 Firefox out of Date! Google Chrome 38.0.2125.101 Google Chrome 38.0.2125.104 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Bitdefender Antivirus Free Edition gzserv.exe Bitdefender Antivirus Free Edition gziface.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0%````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 19, 2014 ID:892458 Share Posted October 19, 2014 Question for you. Except for what is on this topic --- did you run any other tool on your own, today or recently? My guess is the "update" not found thing has something to do with a Nvidia update entry in the Windows startup in the registry. I would like to know, IF you followed some other user's thread and ran some tool on your own? Also,Start FRST64.exewhen it shows its main screen, look at the box marked Searchtype inNvtmrupress the Search Registry button.Have lots of patience. Attach the log Search.txt after the run has finished.Search.txt log is saved on the same location where FRST.exe is located. Link to post Share on other sites More sharing options...
rbuskirk Posted October 19, 2014 Author ID:892468 Share Posted October 19, 2014 I had followed only one step prior and attached the files you suggested.It seemed like the most logical choice, since you had asked me to do that next anyway. I had installed the Bit Defender because I really did not have a Virus tool. I have only used you guys as my full protection.Nothing was ever found in the scan. I am attaching the requested file. I am talking on a different PC on this chat because that computer is unplugged from the network.I will state sometime inthe night it stopped screaming out the blocked IP's but I have done no extra step here. Search.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 19, 2014 ID:892478 Share Posted October 19, 2014 Glad to know that the blocked IPs have ceased. But in any event, the program did protect you by blocking those IPs which came from a Powelink pest.Any traces of the pest is all gone, starting after the Fix of today at 10:38 that you ran. As to the Nvidia update --- I am sending a registry fix by attching a ZIP file. Named Rick.zip.Save it to your system. Then unzip the content.You will see a Delnv.reg Do a right click on Delnv.reg and select "MERGE" and allow it to proceed forth. With that done, we will take a long breather. Watch your system over the next 1, 2, or 3 days and let me know how it goes. Rick.zip Link to post Share on other sites More sharing options...
rbuskirk Posted October 19, 2014 Author ID:892486 Share Posted October 19, 2014 Thank you very much.I have ran the suggested Nvidia fix. It is scarey not knowing what was doing that. I had nto installed anything recently that i could remember.I will be sure to let you know how things have gone. The Netstat during the even was a bit alamring because there where some connections established from my PC outbound.It was like my PC was being used for something. Not sure what it was but glad its not happening now. Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 19, 2014 ID:892488 Share Posted October 19, 2014 OK.From what you just said about Netstat, then I would recommend, just in case, that you watch closely your bank account and credit cards & Paypal, etc if you do any banking, online buying.And change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups. See this article on creating strong passwords http://www.microsoft.com/security/online-privacy/passwords-create.aspx* Take any other steps you think appropriate for an attempted identity theft. Consumers – Identity Theft http://www.ftc.gov/b...mers/index.html Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 5, 2014 ID:902708 Share Posted November 5, 2014 We can wrap up this case.The following procedures will implement some cleanup procedures to remove the tools I had you use.Download Delfix from here and save it to your desktop.Ensure Remove disinfection tools is checked. Click the Run button. RebootAny other programs or logs that are still remaining, you can manually delete. Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 5, 2014 ID:902709 Share Posted November 5, 2014 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts