36 replies to this topic

[----------------]

Full System Scan with Malwarebytes Antimalware

• If not existing, please download Malwarebytes Anti-Malware to your desktop.
• Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  
• At the end, be sure a checkmark is placed next to the following:
  
  
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  
  
• Click Finish.

If the program is already installed:

• Run Malwarebytes Antimalware
• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the scan log which shows the Date and time of the scan just performed.
• Click 'Copy to Clipboard'
• Paste the contents of the clipboard into your reply.

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked
  
• Click on Advanced Settings and ensure these options are ticked:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Click Scan
• Wait for the scan to finish
• If any threats were found, click the 'List of found threats' , then click Export to text file....
• Save it to your desktop, then please copy and paste that log as a reply to this topic.

[Guyl]

I had been working on answers for about 4 hours - typing stuff in the reply box but not posting it until I had everything ready and then FF locked up and I had to shut it down.  I lost it all so I'll tell you what I can remember.  FF is now crashing about twice a day, at least, now and getting worse.

 

I think your instructions for MalwareBytes are out of date because when I try to follow them my version is not like that.  I already had MWB and ran it Tuesday.  I can't figure out how to get the log posted but here is the result - C:\Users\Guy\Desktop\SetupImgBurn_2.5.8.0.exe(PUP.Optional.OpenCandy)>Quarantined and Deleted Successfully.

 

For ESET, it appears that is supposed to be run from I/E unless you download a file to run it from FF.  It would not run in I/E so I downloaded the file.  After it finished it would not save a log file so here are the results:  It found 2 items.

Guy\Desktop\Downloads\Delete\vlcmediaplayer-setup(1).exe    Win32\DownloadsAdmin.G potentially unwanted application

Guy\Desktop\Downloads\Delete\vlcmediaplayer-setup.exe    Win32\DownloadsAdmin.G potentially unwanted application

 

I've never had this much trouble with programs not running or not doing what they are supposed to.  Is this normal or could this machine be very infected or have another problems causing these problems?

[----------------]

These problems aren´t malware related. Let´s check something else...

 

 

System File Check

For Windows XP:

• Press the Windows- and the R-key simultanously.
• Within the text box that jus opened, write cmd and hit Enter.

For Windows Vista/7:

• Press the Windows key to open the start menu.
• Don´t highlight anything, just write cmd.
• The start menu will offer you an entry named cmd.
• Right click it and select "run as administrator"

Within the opening window, write the following:

sfc /scannow

(See the blank within).

• Hit enter. Your system will be checked for damaged system files.
• Tell me the result of that scan in here (as the tool produces no log).

 

 

 

Use the Windows Error Checking utility (Check Disk), with the options to fix file system errors and scan the disk surface for errors, attempt recovery of data and repair the disk:

• Click the "Windows Orb" Start button, then click Computer.
• Right-click on the drive that you wish to check > Properties > Tools tab
• In the "Error checking" section, click on Check now.
• Place a checkmark in both boxes > Start.
• If the disk you have chosen is the Windows system disk:
• A message will notify you that a restart is necessary ask "Do you want to check for hard disk errors the next time you start your computer?".
• Click Schedule disk check > OK and close all windows.
• Re-start the computer. The disk will be checked when the system boots.
• This will take some time to run and at times may appear stalled but just let it run.
• When the disk check is complete, the system will re-start automatically and load Windows.

A log of the disk check is recorded only if the scheduled re-start is used, and only for drives on the same HDD as the Operating System.
To open Event Viewer and view the log:

• Click the "Windows Orb" Start button -> type "eventvwr" without the quotes -> press the key.
• The Event Viewer window will open.
• In the left pane, expand "Windows Logs" and then click on Application.
• In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
• Look in the Source column for "Wininit", with an entry corresponding to the date and time of the disk check.
• Click on that Wininit entry to select it.
• On the top main menu, click Action > Copy > Copy Details as Text.
• Paste the contents into your next reply.

[Guyl]

I ran the scan and it did not find any problems.

 

I ran the Error checking utility, which took 5 - 6 hours to complete, and have tried to paste the wininit file here but paste is not an option.  I tried to paste it to my desktop but paste is grayed out.  How can I get the results to you?

 

I tried something else.

 

 

  System

    - Provider

      [ Name] Microsoft-Windows-Wininit       [ Guid] {206f6dea-d3c5-4d10-bc72-989f03c8b84b}       [ EventSourceName] Wininit

    - EventID 1001

      [ Qualifiers] 16384

      Version 0       Level 4       Task 0       Opcode 0       Keywords 0x80000000000000     - TimeCreated

      [ SystemTime] 2014-06-07T01:33:52.000000000Z

      EventRecordID 23684       Correlation     - Execution

      [ ProcessID] 0       [ ThreadID] 0

      Channel Application       Computer Guy-PC       Security

- EventData

      Checking file system on C: The type of the file system is NTFS. Volume label is TI106332W0C. A disk check has been scheduled. Windows will now check the disk. CHKDSK is verifying files (stage 1 of 5)... Cleaning up instance tags for file 0x2bfcc. 657408 file records processed. File verification completed. 4646 large file records processed. 0 bad file records processed. 0 EA records processed. 43 reparse records processed. CHKDSK is verifying indexes (stage 2 of 5)... 713324 index entries processed. Index verification completed. 0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 5)... 657408 file SDs/SIDs processed. Cleaning up 788 unused index entries from index $SII of file 0x9. Cleaning up 788 unused index entries from index $SDH of file 0x9. Cleaning up 788 unused security descriptors. Security descriptor verification completed. 27959 data files processed. CHKDSK is verifying Usn Journal... 34666344 USN bytes processed. Usn Journal verification completed. CHKDSK is verifying file data (stage 4 of 5)... 657392 files processed. File data verification completed. CHKDSK is verifying free space (stage 5 of 5)... 86507243 free clusters processed. Free space verification is complete. Windows has made corrections to the file system. 715239423 KB total disk space. 368324168 KB in 191036 files. 105548 KB in 27960 indexes. 0 KB in bad sectors. 780731 KB in use by the system. 65536 KB occupied by the log file. 346028976 KB available on disk. 4096 bytes in each allocation unit. 178809855 total allocation units on disk. 86507244 allocation units available on disk. Internal Info: 00 08 0a 00 80 57 03 00 6a 31 06 00 00 00 00 00 .....W..j1...... 9a 06 00 00 2b 00 00 00 00 00 00 00 00 00 00 00 ....+........... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Windows has finished checking your disk. Please wait while your computer restarts.

 

Is this the info you're looking for?

 

 

[----------------]

Yes, that is the info, thanks.

How is your system behaving after the disck check?

[Guyl]

It seems the shut down and start up seems to be better but I'm still not so excited about it's ability to change from web page to page.  For example, orur thread is now 2 pages and going from page 2 to page 1 it took 15 to 20 seconds to switch and another 15 to 20 seconds to go back to page 2.

[----------------]

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.

• Run adwcleaner.exe
• Hit Scan and wait for the scan to finish.
• Confirm the message but don´t uncheck anything.
• Hit Clean
• When the run is finished, it will open up a text file
• Please post its contents within your next reply
• You´ll find the log file at C:\AdwCleaner[S1].txt also

Delete junk with JRT

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2

• Save it to your desktop, start it and follow the instructions in the window.
• After the scan finished the (checkup.txt) will open. Copy its content to your thread.

[Guyl]

Well, that AdwCleaner is a VERY, VERY, VERY BAD & DANGEREOUS PROGRAM.  It just deleted 2 very important folders of mine.  They were large enough that it appears they were deleted rather than sent to the recycle bin.  I beleive I followed your instructions.  I hit Scan and after it finished I looked for what it had found but couldn't fine anything so I hit the Clean button.  After that finished it rebooted and an Excel spreadsheet opened that showed me what had been deleted.  I can't believe a program would delete something without giving you the opportunity to say "NO" to it.

 

Is there any way I can recover these folders?

 

 Now, I'm scared to run the next 2 programs.

[----------------]

Please post up the log file by adwcleaner.

[Guyl]

Here it is.  The Save folder and the Genesis folders are the ones I'm referring to.

 

# AdwCleaner v3.212 - Report created 10/06/2014 at 12:29:31                     # Updated 05/06/2014 by Xplode                         # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)                   # Username : Guy - GUY-PC                           # Running from : C:\Users\Guy\Desktop\adwcleaner_3.212.exe                   # Option : Clean                                                             ***** [ Services ] *****                                                                                           ***** [ Files / Folders ] *****                                                           Folder Deleted : C:\Genesis                           Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Genesis               Folder Deleted : C:\Users\Guy\Desktop\Save                       Folder Deleted : C:\Users\Guy\AppData\Roaming\Mozilla\Firefox\Profiles\lg29d22p.default\Extensions\anttoolbar@ant.com                                       ***** [ Shortcuts ] *****                                                                                           ***** [ Registry ] *****                                                           Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh             Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32               Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS               Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\GoforFiles_RASAPI32                 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\GoforFiles_RASMANCS                 Key Deleted : HKCU\Software\GoforFiles                       Key Deleted : HKLM\Software\GoforFiles                                                       ***** [ Browsers ] *****                                                           #NAME?                                                                                               -\\ Mozilla Firefox v29.0.1 (en-US)                                                         [ File : C:\Users\Guy\AppData\Roaming\Mozilla\Firefox\Profiles\lg29d22p.default\prefs.js ]                                               Line Deleted : user_pref("extensions.fvd_single.surfcanyon.ramp.start_time", "1395344687079");                                             #NAME?                                                               *************************                                                           AdwCleaner[R0].txt - [1652 octets] - [10/06/2014 12:27:04]                     AdwCleaner[S0].txt - [1553 octets] - [10/06/2014 12:29:31]                                                     ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1613 octets] ##########                

 

 

 

                             

[Guyl]

That posted as a mess.  I used copy and paste of the Excel spreadsheet.  Can you decipher it or is there a better way to get it to you?

[----------------]

Are there any other adwCleaner files on your C drive?

If yes, please post them as well.

[Guyl]

No, I did a search off my laptop and that is the only one I can find.

[Guyl]

I still can't find those files & folders that adwCleaner deleted.  Can you check with any of your techies to see if we can get them back.

[----------------]

I´ve contacted the developer.

Please run adwCleaner, hit "tools" and run the quarantine manager.

Are you able to locate and restore your folders there?