27 replies to this topic

[Ally]

Hi Adam, I have installed the new version of mbytes on top of the old one..... I have clicked settings but can't find a scan for rootkits option.

 

 

I have now found the option and followed your instructions my apologies.

Edited by Ally, 21 May 2014 - 04:28 PM.

[Ally]

Hi Adam,I have done step one and here is the log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 21/05/2014
Scan Time: 23:27:10
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.05.21.10
Rootkit Database: v2014.03.27.01
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Allybongo

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 333232
Time Elapsed: 8 min, 4 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

[Ally]

Hi Adam,I have just finished my eset scan and here are the logs: 

 

 

C:\ProgramData\IObit\ASCDownloader\ASCSetup.exe    a variant of Win32/Toolbar.Widgi.B potentially unwanted application
C:\Users\All Users\IObit\ASCDownloader\ASCSetup.exe    a variant of Win32/Toolbar.Widgi.B potentially unwanted application
 

[LiquidTension]

Hello Ally, 
 

I accidentaly posted a farbar log instead of a mbytes  protection log and now that the new version is installed I don't know where to find the protection log.

No problem, don't worry about it.   Old protection logs are no longer accessible, but it isn't a big deal. 
 
The IP blocks by Malwarebytes are likely caused by P2P usage (uTorrent, Skype, etc), embedded images hosted on blacklisted domains, ads, etc. This simply indicates Malwarebytes is doing it's job. As long as the blocks do not occur whilst no programmes are open, there should not be any need to worry. Most users that use Malwarebytes Malicious Website Protection will experience IP blocks from time to time. 
 

when I right click on the Allybongo folder it does not come up properties but I noticed it has a create shortcut in the menu.

Feel free to delete the folder. 
 

Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

Your Malwarebytes log indicates several modules are disabled.

• Click Settings, followed by Detection and Protection. Click Enabled under Malware Protection and Malicious Website Protection.
• In Settings, click Advanced Settings and place a checkmark next to Enable self-protection module.
   

C:\ProgramData\IObit\ASCDownloader\ASCSetup.exe    a variant of Win32/Toolbar.Widgi.B potentially unwanted application
C:\Users\All Users\IObit\ASCDownloader\ASCSetup.exe    a variant of Win32/Toolbar.Widgi.B potentially unwanted application

These items are nothing to be concerned with. ASCSetup.exe is the setup file for a piece of software installed on your computer. It can be ignored. 
 

Spoiler

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\startupreg: Amazon Cloud Player => c:\users\allybongo\appdata\local\amazon cloud player\amazon music helper.exe
MSCONFIG\startupreg: DFX => c:\program files (x86)\dfx\dfx.exe -startup
MSCONFIG\startupreg: Digit Skinnable Clock V2 => C:\Program Files (x86)\Horizon5\Digit\DIGITV2_1.exe
MSCONFIG\startupreg: DivXUpdate => "c:\program files (x86)\divx\divx update\divxupdate.exe" /checknow
MSCONFIG\startupreg: HotKeysCmds => c:\windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => c:\windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => c:\program files (x86)\itunes\ituneshelper.exe
MSCONFIG\startupreg: Windows Defender => %programfiles%\windows defender\msascui.exe -hide

 Your logs indicate you have been using MSCONFIG as a startup manager. MSCONFIG is not a startup manager; it is a diagnostic tool. If you are using it as a startup manager you cannot use it as a diagnostic tool.  There is also a known issue where some settings once changed cannot be restored using MSCONFIG. I would suggest reversing the changes made in MSCONFIG. 
 
 
Lets deal with your startup programmes more appropriately. We will also take a look at the folders on your C drive - to confirm, you were referring to folders in the root folder (C:\)? 
 
 
STEP 1
 StartupLite

• Please download StartupLite and save the file to your desktop.
• Double-click the icon to run the programme.
• The programme will enumerate any unnecessary startup programmes.
• Disable the programmes you do not wish to run at startup.
• Follow the prompts and reboot if necessary.
   

STEP 2
 Batch File

• Press the Windows Key  + r on your keyboard at the same time. Type Notepad and click OK.
• Copy the entire contents of the codebox below and paste into the Notepad document.
  

  @ECHO OFF
  CD\
  dir > %userprofile%\desktop\rootfolderlist.txt
  exit

• Click Format. Ensure Wordwrap is unchecked. 
• Click File, Save As and name the file batch.bat. 
• Select All Files as the Save as type.
• Save the file to your desktop. 
   
• Locate batch.bat  (W8/7/Vista) on your desktop. Right-click the icon and click Run as Administrator. 
• A log (rootfolderlist.txt) will be created on your desktop. Copy the contents of the log and paste in your next reply.
   

STEP 3
 Windows Explorer

• Please navigate to the following folder using Windows Explorer:
  • C:\Users\Allybongo\licenses
• ​Have a look through the files/folders in this folder. 
• Do you recognise anything? 
   

======================================================
 
STEP 4
 Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

• Did StartupLite run successfully?
• rootfolderlist.txt
• Do you recognise anything in the licenses folder?

[Ally]

Hi Adam,thanks for your patience as it took me awhile to get through that last section of instructions.

 

I have deleted the allybongo folder from the desktop.

 

All Malwarebytes protection is enabled now.

there is an enable self-protection(early start) box can I also check this?

 

I ran startup lite but it only showed 1 item which is java auto-updater which I just left enabled.

In the Licenses folder there are two files I opened with notepad and they are for open office Apache Licenses,however there is also a folder called .thumbnails   >normal>empty.

before I paste the rootfolder list I just wanted to let you know I am not sure what MSCONFIG is and how to stop it being a start-up manager could you also let me know how to reverse the changes and stop it managing startup.

 

here is my rootfoldertxt  :

 

 Volume in drive C has no label.
 Volume Serial Number is 3A74-D2B2

 Directory of C:\

28/04/2014  22:25    <DIR>          $RECYCLE.BIN
21/05/2014  00:21    <DIR>          AdwCleaner
24/02/2014  19:19    <DIR>          ClamWinPortable
05/05/2014  16:41    <DIR>          DrvInstall
07/02/2014  13:38    <DIR>          ERDNT
21/05/2014  18:48    <DIR>          FRST
23/02/2014  03:31    <DIR>          Intel
17/05/2014  21:19    <DIR>          MININT
14/07/2009  04:20    <DIR>          PerfLogs
04/03/2014  18:05    <DIR>          Poker
17/05/2014  10:32    <DIR>          Program Files
22/05/2014  10:15    <DIR>          Program Files (x86)
18/05/2014  17:51    <DIR>          ProgramData
03/10/2013  08:40    <DIR>          Recovery
16/02/2014  20:46    <DIR>          RegBackup
05/03/2014  05:26    <DIR>          SUPERDelete
13/02/2014  18:04    <DIR>          Users
21/05/2014  11:16    <DIR>          Windows
               0 File(s)              0 bytes
              18 Dir(s)  191,461,040,128 bytes free
 

Edited by Ally, 22 May 2014 - 04:05 AM.

[LiquidTension]

Hello Ally, 
 

there is an enable self-protection(early start) box can I also check this?

Yes. 
 
The folders in your root folder (C:\) are fine.

STEP 1
 MSCONFIG

• Press the Windows Key  + r on your keyboard at the same time. Type msconfig and click OK.
• If prompted for an administrator password or for confirmation, type the password, or provide confirmation.
• In the Startup tab, click Enable All, followed by OK.
• If prompted, click Restart.
   

STEP 2
 HijackThis (HJT) Scan

• Please download HijackThis and save the file to your desktop.
• Right-Click HijackThis.exe and select  Run as administrator to run the installer.
• Follow the prompts to install the programme. By default it will install to C:\Program Files\Trend Micro\HijackThis.
• Once installed, HijackThis will launch.
• Click on Do a system scan and save a logfile.
• A log will open. Copy the contents of the log and paste in your next reply.
   

======================================================
 
STEP 3
 Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

• HijackThis log

[Ally]

Hi Adam,I have followed your instructions.

Hjthis did not install it just popped up a license agreement then came on but I just went ahead with the scan.

Here is my hijack this log:

 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:07:39, on 22/05/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 7\RealTimeProtector.exe
C:\Users\Allybongo\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/?o...U219DHP&pc=U219
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE11ENGB/MSN_WCP
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe"
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Digit Skinnable Clock V2] C:\Program Files (x86)\Horizon5\Digit\DIGITV2_1.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Amazon Cloud Player] c:\users\allybongo\appdata\local\amazon cloud player\amazon music helper.exe
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.dell.com
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (Emsisoft Web Malware Scan) - http://ax.emsisoft.c...oft_webscan.cab
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 7 (AdvancedSystemCareService7) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
O23 - Service: BlackBerry Device Manager - BlackBerry Limited - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Encrypting File System (EFS) (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Fax - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel® Integrated Clock Controller Service - Intel® ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: CNG Key Isolation (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Netlogon - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: O2FLASH - Unknown owner - C:\Windows\system32\o2flash.exe (file missing)
O23 - Service: O2SDIOAssist - Unknown owner - C:\Windows\SysWOW64\srvany.exe
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Software Protection (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: Interactive Services Detection (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: Credential Manager (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Virtual Disk (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: Block Level Backup Engine Service (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: DW WLAN Tray Service (wltrysvc) - Dell Inc. - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
O23 - Service: WMI Performance Adapter (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9453 bytes
 

[LiquidTension]

Hello Ally, 
 
The fix below will disable unnecessary programmes from starting up when you boot your computer. Each programme can be started manually at any time by clicking on the associated executable (.exe) file. 
 
There may be programmes listed below that you wish to run at startup. If this is the case, simply ensure a checkmark is not placed next to the entry.
 
STEP 1
 HijackThis Fix

• Right-Click HijackThis.exe and select  Run as administrator to run the programme.
• Click Do a system scan only.
• Ensure all windows other than HJT are closed.
• Place a tick next to the following items:
  • O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
  • O4 - HKLM\..\Run: [RUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe"
  • O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
  • O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
  • O4 - HKLM\..\Run: [Digit Skinnable Clock V2] C:\Program Files (x86)\Horizon5\Digit\DIGITV2_1.exe
  • O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
  • O4 - HKCU\..\Run: [Amazon Cloud Player] c:\users\allybongo\appdata\local\amazon cloud player\amazon music helper.exe
  • O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
  • O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
• Once selected, click Fix checked, followed by Yes to confirm that you would like to remove the selected entries.
• Close the HijackThis window. 
   

STEP 2
 Update Outdated Software
Outdated software contain security risks that must be patched. Please download and install the latest version of the programmes below.

•  Follow these instructions to check for and download the latest Windows Updates.
   

STEP 3
 Disable Java in Your Browser
Due to frequent exploits we recommend you disable Java in your browser. For information on Java vulnerabilities, please read the following article (point #7).

• Click the Windows Start Button  and type Java Control Panel (or javacpl) in the search bar. 
• Press the Windows Key  + w on your keyboard at the same time. Type Java Control Panel (or javacpl) in the search bar. 
• Click on the Java Control Panel. Once opened, click the Security tab.
• Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser. 
• Click Apply. When the Windows User Account Control (UAC)  appears, allow permissions to make the changes. 
• Click OK in the Java Plug-in confirmation window.
• Restart your browser(s) for changes to take effect.
• More information can be found here and here.
   

STEP 4
 Security Check

• Please download SecurityCheck and save the file to your desktop.
• Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
• A log (checkup.txt) will automatically open on your desktop.
• Copy the contents of the log and paste in your next reply.
   

======================================================
 
STEP 5
 Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

• Confirmation you had no issues with the instructions. 
• checkup.txt
• Comments on how your computer is performing. 

Note: There are important steps to follow. Please ensure you continue following this topic until I give you the "All Clean".

[Ally]

Hi Adam,

I have followed your instructions and had no problems.

My PC is running fine.

Here is my security check log:

 

 

Results of screen317's Security Check version 0.99.83  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
Kaspersky Internet Security   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File  
 SpywareBlaster 5.0    
 Java version out of Date!
 Adobe Flash Player 13.0.0.214  
 Adobe Reader XI  
 Mozilla Firefox (29.0.1)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Kaspersky Lab Kaspersky Internet Security 14.0.0 avp.exe  
 Kaspersky Lab Kaspersky Internet Security 14.0.0 avpui.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

[LiquidTension]

Hello Ally, 
 

My PC is running fine.

Very good. 
 
STEP 1
 OTL

• Please download OTL and save the file to your desktop.
• Double-click OTL.exe to run the programme. Ensure all other windows are closed. 
• Copy the entire contents of the codebox below and paste into the  textbox.:OTL

  :Commands
  [emptytemp]
  [emptyjava]
  [clearallrestorepoints]

• Click the  button.
• Let the programme run and reboot your computer if prompted. 
   

STEP 2
 DelFix

• Please download DelFix and save the file to your Desktop.
• Double-click DelFix.exe to run the programme.
• Place a checkmark next to the following items:
  • Activate UAC
  • Remove disinfection tools
  • Create registry backup
  • Reset System Settings
• Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
 
--- Malwarebytes Anti-Malware will still be present on your computer. I recommend keeping this programme, updating and scanning with it once a week to maintain security on your computer. If you do not wish to keep this programme on your computer, you can uninstall it by pressing the Windows Key  + r on your keyboard at the same time, typing appwiz.cpl, clicking OK and searching for Malwarebytes.

 
======================================================
 
All Clean!
Congratulations, your computer appears clean!  
I no longer see signs of malware on your computer, and feel satisfied that our work here is done. Below I have compiled a list of resources you may find useful. The articles document information on computer security/maintenance, common infection vectors and how you can stay safe on the Internet.

• Answers to common security questions - Best Practices by quietman7, MVP
• How Malware Spreads - How did I get infected? by quietman7, MVP
• Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams, MVP
• How to Prevent Malware by miekiemoes, MVP
• How to backup and restore your data using Cobian Backup by YourHighness
• Slow Computer/browser? It May Not Be Malware by quietman7, MVP
   

The following security/maintenance programmes come highly recommended in the security community.

•  Web of Trust (WOT) is a browser add-on designed to alert the user before interacting with a potentially malicious website. 
•  Malwarebytes Anti-Malware Premium incorporates real-time protection and is designed to run alongside your anti-virus. 
•  SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
•  CCleaner (portable) is a handy temp file cleaner. Avoid the built-in registry cleaner => see this article for information. 
•  Secuina PSI will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
•  StartupLite will scan your computer for unneccessary startup programmes. Disabling indentified programmes may improve boot-time. 
•  NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology. 
•  AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
   

Wary of a particular file/website? Need a second opinion? Scan the file/URL using these free online scanner services:

•  Virus Total (File & URL)
•  Jotti's Malware Scan (File)
•  Dr.Web Online Check (URL)
•  Trend Micro Site Safety Center (URL)
•  Norton Safe Web (URL)

-- Should you have any questions on the above tools, or comuter security in general, please feel free to ask. 
 
 
======================================================
 
Please confirm you have no outstanding issues, and are happy with the state of your computer. Once I have confirmation things are in order, we can wrap things up and I will close this thread. 
 
Thank you for using WhatTheTech.
 
Safe Surfing.  
Adam (LiquidTension).

[Ally]

Hi Adam,

I have followed your instructions and now it feels like I have a totally new computer!

Many Thanks for giving up your time to sort out my system.

Thank you also for helping me get my start processes back to normal and for all the information you have provided.

I am going to add no-script to my firefox browser and check out some sites I browse against those url site safety scanner links you provided.

All the best.....can't thank you enough

[LiquidTension]

You are more than welcome.

Take care.

[CatByte]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.