Jump to content

Slimcleanerplus and legacy


Recommended Posts

Hello ClarenceC and welcome to Malwarebytes,

Can you post the website block log from Malwarebytes:

Open Malwarebytes, select > Reports > then checkmark (tick) most recent "Website Block" entry > then select "View Report" > "Export" > Text File (*.txt) name and save that file to Desktop or somewhere of your choice, attach to your reply...

Next,

Run FRST one more time:

Type or copy/paste the following into the edit box after "Search:".

SlimWare Utilities Inc

Click Search Registry button and post the log (Search.txt) it makes to your reply.

Thank you,

Kevin...

 

Link to post
Share on other sites

Thanks for those logs, continue:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Your browser Chome also appears to be exploited, make fresh install..

If your Chrome Bookmarks are important do this first:

Go to this link: http://www.wikihow.com/Export-Bookmarks-from-Chrome follow the instructions and Export your Bookmarks from Chrome, save to your Desktop or similar. Note the instructions can also be used to Import the bookmarks.....

Continue for a clean install:

Download Chrome installer and save to install later: https://www.google.com/intl/en_uk/chrome/browser/desktop/index.html https://www.google.com/intl/en_usa/chrome/browser/desktop/index.html

Next,

Open Chrome and sign into your account, open a new tab and type or copy paste chrome://settings/syncSetup hit enter...

In the new window that opens "Sync everthing" will probably be selected, scroll down to and select "Managed sync data on Google Dashboard"

A new window will open, scroll down to and select "Reset Sync" that will clear synced data from Google Server...

Continue to next step to completely Uninstall Chrome....

Next.

Uninstall Chrome: https://support.google.com/chrome/answer/95319?hl=en-GB follow those instructions, ensure the option to "Also delete your browsing data" is selected. <<--- Very important!!

Navigate to C:\Users\Your user name\Appdata\Local from that folder delete the folder named Google (you will need to show hidden files/folders to see the folder Appdata)

For XP that will be My Computer > C:\ Documents and Settings\Your User Name\Application Data\Roaming

How to show hidden files and folders for windows: http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Next,

Install Google Chrome :

Next,

Import your Bookmarks... (instructions in the first step)

Next,

Install uBlock Origin for Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm?hl=en
 
Post log from FRST, also let me know if there are any remaining issues or concerns...
 
Thank you,
 
Kevin.....

 

fixlist.txt

Link to post
Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

fixlist.txt

Link to post
Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Download RogueKiller and save it on your desktop, ensure to download correct version..

RogueKiller (X86)

RogueKiller (x64)
 
  • Exit all running applications.
  • Double-click on RogueKiller.exe to launch the tool. On its first execution, RogueKiller will disply the software license (EULA), click on "Accept" to continue.
  • If RogueKiller is unable to load, do not hesitate to try launching it several times or rename it winlogon.
  • Click "Start Scan" to begin the analysis. This may take some time.
  • Once the scan is complete, click the "Open TXT" button to display the scan report.
  • Copy/Paste it's content in your next reply.

Do not use the Remove Selected option until i`ve had a look at the log..

 

Post those two logs...

fixlist.txt

Link to post
Share on other sites

RogueKiller V12.11.31.0 (x64) [Jan  2 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Conar [Administrator]
Started from : C:\Users\Conar\Desktop\RogueKiller_portable64.exe
Mode : Scan -- Date : 01/07/2018 11:47:15 (Duration : 00:20:05)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 8 ¤¤¤
[PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SWDUMon (system32\DRIVERS\SWDUMon.sys) -> Found
[PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SWDUMon (system32\DRIVERS\SWDUMon.sys) -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2410885999-3710028964-3354476726-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://lenovo13.msn.com/?pc=LCTE  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2410885999-3710028964-3354476726-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://lenovo13.msn.com/?pc=LCTE  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2410885999-3710028964-3354476726-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo13.msn.com/?pc=LCTE  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2410885999-3710028964-3354476726-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo13.msn.com/?pc=LCTE  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2410885999-3710028964-3354476726-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2410885999-3710028964-3354476726-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST500LM0 21-1KJ152 SCSI Disk Device +++++
--- User ---
[MBR] bf4625427dd5ac0ab8ecd71f08d0eeee
[BSP] 4bf0ad9c0438886ee9eb86ae42a43b37 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 100 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 206848 | Size: 128 MB
2 - Basic data partition | Offset (sectors): 468992 | Size: 462462 MB
3 - Basic data partition | Offset (sectors): 947591168 | Size: 14249 MB
User = LL1 ... OK
User = LL2 ... OK

Link to post
Share on other sites

Run RogueKiller again....
 
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Checkmark the following found entries:

    PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SWDUMon (system32\DRIVERS\SWDUMon.sys) -> Found
    PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SWDUMon (system32\DRIVERS\SWDUMon.sys) -> Found

     
  • Leave all other "Found" entries UNChecked
  • click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply....

Any improvement...?

Link to post
Share on other sites

RogueKiller V12.11.31.0 (x64) [Jan  2 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Conar [Administrator]
Started from : C:\Users\Conar\Desktop\RogueKiller_portable64.exe
Mode : Delete -- Date : 01/07/2018 13:06:08 (Duration : 00:19:53)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 8 ¤¤¤
[PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SWDUMon (system32\DRIVERS\SWDUMon.sys) -> Deleted
[PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SWDUMon (system32\DRIVERS\SWDUMon.sys) -> Deleted
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2410885999-3710028964-3354476726-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://lenovo13.msn.com/?pc=LCTE  -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2410885999-3710028964-3354476726-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://lenovo13.msn.com/?pc=LCTE  -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2410885999-3710028964-3354476726-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo13.msn.com/?pc=LCTE  -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2410885999-3710028964-3354476726-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo13.msn.com/?pc=LCTE  -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2410885999-3710028964-3354476726-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2410885999-3710028964-3354476726-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST500LM0 21-1KJ152 SCSI Disk Device +++++
--- User ---
[MBR] bf4625427dd5ac0ab8ecd71f08d0eeee
[BSP] 4bf0ad9c0438886ee9eb86ae42a43b37 : Empty MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 100 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 206848 | Size: 128 MB
2 - Basic data partition | Offset (sectors): 468992 | Size: 462462 MB
3 - Basic data partition | Offset (sectors): 947591168 | Size: 14249 MB
User = LL1 ... OK
User = LL2 ... OK

Link to post
Share on other sites

Thanks for the update, unless this nuisance returns run the following to clean up..

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools <----- this will remove tools we may have used.
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.