Jump to content

Sent by Ron Lewis Root Admin


Recommended Posts

  • Replies 61
  • Created
  • Last Reply

Top Posters In This Topic

Hello and welcome to Malwarebytes,

Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....
 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.


Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...
 

 

What exactly do you believe to be wrong with your system, FRST logs do not show obvious malware or infection... Lets look further:

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…



Next,

 

Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,
 
thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.



Next,

 

ESETOnline.png Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.

Click there Run ESET Online Scanner.

If using Internet Explorer:

  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.

If using Mozilla Firefox or Google Chrome:
  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.


To perform the scan:

  • Make sure that Remove found threats is unchecked.
  • Scan archives is checked.
  • In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
  • Under “Enable Stealth Technology select “Change” select any extra drives in that window.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.



Please include this logfile in your next reply.

Don't forget to re-enable protection software!

 

Post those logs, also let me know if there are any remaining issues or concerns...

 

Thank you,

 

Kevin
 

Fixlist.txt

Link to post
Share on other sites

Kevin:

 

Pasted/Attached are the various report logs that you requested.

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/20/2016
Scan Time: 6:05 AM
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.01.20.02
Rootkit Database: v2016.01.09.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Lewis
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 345016
Time Elapsed: 28 min, 28 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

 

Thank you,

 

Fixlog.txt

AdwCleanerC4.txt

JRT.txt

log eset.txt

Link to post
Share on other sites

Your logs are clean, I see no malware or infection. I notice you have run Combofix and TDSSKiller, plus other tools, were those used to deal with infection?

 

If no other issues or concerns run the following to clean up......

 

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 

  •    
  • Remove disinfection tools
       
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
       
  • Reset system settings


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…
 

 

Next,

 

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin...  busy.gif
 

Link to post
Share on other sites

Thanks Kevin

I'm going to continue on here to assist the user with removing some auto start items to reduce resource usage and get ready for a Windows 10 upgrade.

@Purrington

Please restart your computer. Then run FRST again and make sure you place a check mark in the Additions check box and attach both new logs on your next reply.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply as well.
Thanks
Link to post
Share on other sites

Ron:

 

I just tried to download FRST from Bleeping and for the first time and for reasons unknown to me my Avast Anti-Virus is blocking the download claiming [i believe falsely] that it is infected.

 

Attached is a screen shot of what is popping up.

 

Thank you.

post-62460-0-85760200-1453459437_thumb.j

Link to post
Share on other sites

Please run the following. Let's remove all Java.

Please go into Control Panel, Add/Remove and uninstall ALL versions of Java and then run the following.

Please download JavaRa-1.16 and save it to your computer.

  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.

Next:

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

Then it looks like there is something possibly wrong with your System Restore that we'll need to look at fixing.

Error: (01/20/2016 02:49:42 PM) (Source: VSS) (EventID: 22) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and Name Software Provider is [0x80040154, Class not registered
].

 

 

You also appear to be having some network protocol that is not working.

 

Error: (01/22/2016 04:21:28 AM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "4C80937BCB36" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.
 

So run the other tool, then we'll look and see if we can track down and fix some other errors.

 

Link to post
Share on other sites

Attached you will find Java Ra log.

 

Here is what OTL said:

 

User: Lewis

->Temp folder emptied: 39085627 bytes

->Temporary Internet Files folder emptied: 5159068 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 103634748 bytes

->Flash cache emptied: 18351368 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes

%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 666 bytes

 

Emptying RecycleBin. Do not interrupt.

 

RecycleBin emptied: 607000 bytes

Process complete!

 

Total Files Cleaned = 159.00 mb

 

Thank you

JavaRa.log

Link to post
Share on other sites

I'll review the FRST and Additions logs but go ahead and run the following for Autoruns so we can compare and match.

 

I may not be able to get back to you until sometime tomorrow as I will be out of town a bit later today.

 

 

Create an Autoruns Log:

  • Install and start Autoruns.exe by right click and choose "Run as administrator"
  • Once it starts, please press the Esc key on your keyboard.
  • Now that scanning is stopped, click on the Options button at the top of the program and select Verify Code Signatures
  • Once that's done press the F5 key on your keyboard, this will start the scan again, this time let it finish.
  • When it's finished, please click on the File button at the top of the program and select Save and save the Autoruns.arn file to your desktop and close Autoruns.
  • Right click on the Autoruns.arn file on your desktop and hover your mouse over Send To and select Compressed (zipped) Folder
  • Attach the Autoruns.zip folder you just created to your next reply

 

 

Link to post
Share on other sites

PING!!!

 

Just a gentle reminder that I have not heard back from you for a few days.

 

If you are otherwise busy on other projects that is fine as my issue is not urgent.

 

I just wanted to remind you in the event this matter had fallen between the proverbial crack in the wall.

 

Thank you.

Link to post
Share on other sites

I'm sorry. My fault - got tied up with some other issues and lost track. I downloaded your AutoRuns zip file but that is only a zip of the shortcut to the program and not the .ARN file it created. Please read the method provided and try again to create and then zip the file for attachment.

 

Thank you and again sorry for the delay.

 

Ron

Link to post
Share on other sites

I am sorry but I must be doing something fundamentally wrong.

 

When I click on "Options" I just do not see "extensions of files."

 

Attached is a Screen Shot of what I see when I click on "Options."

 

Sorry for the inconvenience.

 

~Lewis

post-62460-0-99050800-1454359706_thumb.j

Link to post
Share on other sites

I'm sorry, not in Autoruns. For the computer itself.
 
 
Please review the article below
 

 

Example of how to create the zip file

 

http://windows.microsoft.com/en-us/windows/compress-uncompress-files-zip-files#1TC=windows-7

 

Video on Youtube on creating zip files

 

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.