98 replies to this topic

[dlsmall03]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/5/2014
Scan Time: 10:43:34 AM
Logfile: malw log2.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.05.08
Rootkit Database: v2014.06.02.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Linda

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 315360
Time Elapsed: 13 min, 16 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
PUP.Optional.WeCare.A, C:\ProgramData\ReadOnlyInstaller.msi, Quarantined, [518b9dd749322313f2e7031bfc04dd23],
PUP.Optional.ShopAtHome.A, C:\Users\Linda\Downloads\ShopAtHome_App_C39330255YZ.exe, Quarantined, [6478d0a4bfbc89ad1ca6aeb3867b19e7],

Physical Sectors: 0
(No malicious items detected)

(end)

[dlsmall03]

regarding chkdsk c: /r - it says

access denied; do not have sufficient privileges;

invoke this utility running in elevated mode

[Satchfan]

Sorry, my mistake. It needs to be run a different way for your system.

• Go to Start and type in cmd
• right-click on the cmd icon above, and click Run As Administrator
• type chkdsk c: /r, (don't forget the spaces: there are two, chkdsk^c/:^/r) and hit Enter
• type Y to agree to run at restart
• type Exit and hit enter.

Now reboot your computer and let Chkdsk run.

Can you still let me know what the current problems are

Thanks

Satchfan
 

 

[dlsmall03]

ran cmd and rebooted.

when boot up - windows installer tries to install scansoft port11 but says needs disc.

 

 

[Satchfan]

That is related to your Brother software and not virus/malware-related.

 

I still let you to tell me what the current problems are.

 

Satchfan

[dlsmall03]

realplay.exe - fatal application - exiting application.

[dlsmall03]

1.  tried to clear cookies history on google chrome

shift control delete

locks up computer - have to do hard reboot

 

2.  was getting random system errors before

[Satchfan]

realplay.exe - fatal application - exiting application.

Have you upgraded your system to another Windows version? If not, ty to run it as administrator by right-clicking on the Real Player icon then choose Run as administrator.

===================================================
 

tried to clear cookies history on google chrome

Google Chrome causes problems that we see regularly.

Uninstall Chrome and if asked about user data or settings, remove those also. You can re-install it later if you want it.

===================================================

Run ESET Online Scan

IMPORTANT Please make sure you uncheck the box next to Remove found threats. Eset will detect anything that looks even slightly suspicious, which could include legitimate program files. If you do not uncheck the box, Eset will automatically remove all suspicious files which could leave some of your software inoperable.

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan

• click the Eset online Scanner button
• for alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  

  
  o    click on esetinstaller.exe to download the ESET Smart Installer. Save it to your desktop.
  o    double click on the Eset installer icon on your desktop.
   

• check Yes, I accept the Terms of Use
• click the Start button
• accept any security warnings from your browser
• check Scan archives and Remove found threats
• click Advanced settings and select the following:

  
  o    Scan potentially unwanted applications
  o    Scan for potentially unsafe applications
  o    Enable Anti-Stealth technology
   

• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• when the scan completes, push List of found threats
• push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  
  Note - if ESET doesn't find any threats, no report will be created.
• push the back button.
• push Finish

When the scan is complete:

If no threats were found:

o    put a checkmark in "Uninstall application on close"
o    close program
o    report to me that nothing was found

If threats were found:

o    click on "list of threats found"
o    click on "export to text file" and save it as ESET results and save to the desktop
o    Click on back
o    put a checkmark in "Uninstall application on close"
o    click on finish
o    close program
o    copy and paste the report here

Thanks

Satchfan

[dlsmall03]

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekjmlcgpmcjigljdiagaibfjfaideal\10.31.0.526_0\APISupport\APISupport.dll.vir Win32/Conduit.SearchProtect potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekjmlcgpmcjigljdiagaibfjfaideal\10.31.0.526_0\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekjmlcgpmcjigljdiagaibfjfaideal\10.31.0.526_0\plugins\ChromeApiPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Linda\AppData\Local\NativeMessaging\CT3307181\1_0_0_2\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Linda\AppData\Roaming\Advanced System Protector\aspsetup.exe.vir a variant of MSIL/AdvancedSystemProtector.B potentially unwanted application deleted - quarantined
C:\Program Files (x86)\NCH Software\Switch\switch.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Program Files (x86)\NCH Software\Switch\switchsetup[1]_v4.17.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Program Files (x86)\NCH Software\Switch\uninst.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Users\Linda\AppData\Local\CRE\iekjmlcgpmcjigljdiagaibfjfaideal.crx a variant of Win32/Toolbar.Conduit.AA potentially unwanted application deleted - quarantined
 

[Satchfan]

All that Eset found has been dealt with.

It appears that your computer is clean.

Please let me if there are any remaining problems and if not, we can tidy up.

Satchfan

[dlsmall03]

seems to be working much better - did u find virus?

[Satchfan]

did u find virus?

As I said before, PC Tools was causing some problems as it can interfere with your antivirus and some of our tools. When it doesn’t recognise something it assumes it’s bad which can be dangerous: better to use tools that know what they are finding and that only prevent the bad stuff.

Also, Windows Defender was interfering/clashing with your antivirus plus there was a lot of bad stuff attempting to redirect your searches.

All appears to have been dealt with now.

Now that you’re free from malware, as long as your computer seems to be running well, please follow these simple steps to tidy up you computer and decrease the likelihood of getting infected again:

Uninstall OTL

• double-click OTL.exe
• click the CleanUp! button.
• select Yes when the Begin cleanup Process? prompt appears.
• if you are prompted to reboot during the cleanup, select Yes.
• the tool will delete itself once it finishes, if not delete it by yourself.

NOTE: If you receive a warning from your firewall or other security programs regarding OTL attempting to contact the internet, please allow it to do so.

===================================================

Uninstall AdwCleaner

• double click on adwcleaner.exe to run the tool
• click on Uninstall
• confirm with Yes.

You can delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete.

===================================================

Create a Restore Point

• click on Start > Control Panel (All Control Panel Items)
• click on System > System Protection
• check that you have System Protection turned on for the drive that you want to create a restore point for, (usually C:
• click Create
• type in a description for the restore point to help recognize it when doing a System Restore, and click on the Create button.

Remove old restore points

• open Disk Cleanup by clicking Start. In the search box, type Disk Cleanup, and then, in the list of results, click Disk Cleanup.
• if prompted, select the drive that you want to clean up, and then click OK.
• in the Disk Cleanup for (drive letter) dialog box, click Clean up system files. If you're prompted for an administrator password or confirmation, type the password or provide confirmation
• if prompted, select the drive that you want to clean up, and then click OK
• click the More Options tab, then under System Restore and Shadow Copies, click Clean up
• in the Disk Cleanup dialog box, click Delete
• click Delete Files, and then click OK.

===================================================

Update installed programs

Your version of Adobe Reader is out-of-date and need to be removed and updated.

Having the latest updates ensures there are no security vulnerabilities in your system.

• click Start, Control Panel, Programs and Features.
• click on Adobe Reader 10.1.10 and then Uninstall.

If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

Visit Adobe and download the latest version of Acrobat Reader.

===================================================

Recommended programs

SpywareBlaster. SpywareBlaster protects against bad ActiveX, it immunizes your PC against them. It blocks over 11,000 bad sites and uses no resources of your computer.

=========================

Update and run Malwarebytes. This really is an excellent program that you should also update and run on a regular basis, probably weekly.

========================

It’s important to keep programs up to date so that malware doesn't exploit any old security flaws.

FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated.

===================================================

MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

A couple of links with information here and here which can answer any questions you might have about installing/using it.

===================================================

I also recommend that you read the following:

How to prevent malware by miekiemoes

Help! My computer is slow! by miekiemoes

Simple and easy ways to keep your computer safe and secure on the Internet  by Lawrence Abrams

I will keep this open for 24 hours in case you have any problems, after which I’ll close the topic.

Safe computing

Satchfan
 

[Satchfan]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.

[Satchfan]

This thread has been re-opened at the request of the topic-starter.

[Satchfan]

Hi dlsmall03

 

Could you please explain what problems you are having.

 

Satchfan