tomsinchina
-
Posts
19 -
Joined
-
Last visited
-
No, it's all good. Thanks!
-
Hey, sorry for the delay. I've been sick. Here's the log: # DelFix v10.6 - Logfile created 01/04/2014 at 15:32:24# Updated 11/11/2013 by Xplode# Username : jiro comeputer - BLACKBOX# Operating System : Windows 7 Professional Service Pack 1 (64 bits) ~ Activating UAC ... OK ~ Removing disinfection tools ... Deleted : C:\_OTMDeleted : C:\AdwCleanerDeleted : C:\zoek-results.logDeleted : C:\Users\jiro comeputer\Downloads\Addition.txtDeleted : C:\Users\jiro comeputer\Downloads\AdwCleaner.exeDeleted : C:\Users\jiro comeputer\Downloads\dds.scrDeleted : C:\Users\jiro comeputer\Downloads\esetsmartinstaller_enu.exeDeleted : C:\Users\jiro comeputer\Downloads\Fixlog.txtDeleted : C:\Users\jiro comeputer\Downloads\FRST.txtDeleted : C:\Users\jiro comeputer\Downloads\HijackThis.msiDeleted : C:\Users\jiro comeputer\Downloads\OTM.exeDeleted : HKLM\SOFTWARE\OldTimer ToolsDeleted : HKLM\SOFTWARE\AdwCleanerDeleted : HKLM\SOFTWARE\TrendMicro\Hijackthis ~ Cleaning system restore ... Deleted : RP #124 [installed DirectX | 03/27/2014 08:18:09]Deleted : RP #125 [installed Microsoft Visual C++ 2005 Redistributable | 03/30/2014 11:40:50] New restore point created ! ~ Resetting system settings ... OK ########## - EOF - ##########
-
I am compelled to ask, out of curiosity, do you help people with problems like this virtually daily for no reason other than you enjoy doing it? Or are you paid by someone, e.g. MalwareBytes? In which case, it's very cool of them to provide such a service without fee, what do they get out of it? Does this work as an early warning on previously undetected infections?
-
Great, I've added those plugins and changed the settings in Chrome about running scripts. That guide you linked is a bit out of date, the settings are in a different area now. I found this one online and used it instead: http://www.ghacks.net/2012/07/21/configuring-chromes-click-to-play-feature/ Umm so yeah, seems like everything is working great! Let's clean up.
-
This seems to have worked. Thanks! Why would my browser settings have been so screwy? Is there any certainty it won't happen again in a few days?
-
Oh man.... since disabling all extensions (I still haven't turned any back on yet) it's totally gone away. Until today... Just checked, all extensions still disabled, but I'm getting bounced to CAPTCHA pages and getting that 'Sorry' message about illegal traffic again. This is so weird.
-
Oh SWEET. Thanks! I disabled all Chrome extensions (deleted half, never use them). And then went further and deleted all the extensions installed in Firefox and IE (which I never use, but whatever). Seems like the problem has disappeared.... Again. I'll give it 24 hours and will report back if it remains disappeared. If so, you are a huge champ!
-
Here's what the page looks like, in case you are curious. Sometimes it's this and sometimes it's a CAPTCHA I have to enter to get to the search engine.
-
And the browser will not permit me to change this. I can change to another search engine for the omnibox thing (eg. Yahoo, but who the hell wants to use that) But I cannot edit the entry for google...?
-
Yep, I use chrome as a browser exclusively. Oh hey, weird. I just noticed it seems to happen ONLY when I use the chrome search bar to search (you know the place you can interchangeably write either web addresses or searches) but never happens if I first go to http://www.google.com then search. Could the settings in Chrome be screwy? My chrome's omnibar (that thing I described above, apparently that's what Google call it) is set to this page, rather than just http://www.google.com: http://www.google.com/search?q=%s&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?
-
Yeah, several times already today Google has bumped me to this page: " We're sorry...... but your computer or network may be sending automated queries. To protect our users, we can't process your request right now." Assuming this means something is still wrong? Did the Zoek scan not find anything of concern?
-
Left it overnight to complete scan. Just did three different Google searches closely together to see if that screen would come up and it did on the third (but maybe that's because I did so many close together, or because Google still have my IP listed, even though the illegal traffic has stopped?). ANYWAY, I don't know. Here's the log. zoek-results.txt
-
NOOOOOOOOOOO! After not seeing any problems all yesterday, I've had that damned Google screen back at least 4 - 5 times today. Should I redo the ESET scan?
-
Alright, freaking awesome. I'll give it 24ish hours and if nothing comes up I'll let you know and we can all celebrate our glorious victory.
-
Oh, I copied the code out of the email notification, not the forum. My mistake. The alert hasn't come up since rebooting post-running OTM, but that was 4 minutes ago so it's hard to be sure since it doesn't come up every time I go to Google, just most of the time. Do you think you/we found and deleted the sucker causing the problem? Here's the re-done OTM log: All processes killed========== FILES ==========< ipconfig /flushdns /c >Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.C:\Users\jiro comeputer\Downloads\cmd.bat deleted successfully.C:\Users\jiro comeputer\Downloads\cmd.txt deleted successfully.C:\Users\jiro comeputer\AppData\Local\Downloaded Installations\{AB81C6D4-8F6A-4283-86F3-402DE3E63A21}\Mobile Mouse Server.msi moved successfully.DllUnregisterServer procedure not found in C:\Users\jiro comeputer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RP44R7CV\BiTool[1].dllC:\Users\jiro comeputer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RP44R7CV\BiTool[1].dll moved successfully.C:\Users\jiro comeputer\AppData\Local\Temp\updater_temp_TuneUp\3.0.5.1\rollback folder moved successfully.C:\Users\jiro comeputer\AppData\Local\Temp\updater_temp_TuneUp\3.0.5.1 folder moved successfully.C:\Users\jiro comeputer\AppData\Local\Temp\updater_temp_TuneUp\3.0.4.3\rollback folder moved successfully.C:\Users\jiro comeputer\AppData\Local\Temp\updater_temp_TuneUp\3.0.4.3 folder moved successfully.C:\Users\jiro comeputer\AppData\Local\Temp\updater_temp_TuneUp\2.4.8.5\rollback folder moved successfully.C:\Users\jiro comeputer\AppData\Local\Temp\updater_temp_TuneUp\2.4.8.5 folder moved successfully.C:\Users\jiro comeputer\AppData\Local\Temp\updater_temp_TuneUp folder moved successfully.C:\Windows\Installer\387b2b0.msi moved successfully.C:\Windows\System32\Adobe\Shockwave 12\gt.exe moved successfully.File/Folder C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe not found.========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes User: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes User: jiro comeputer->Temp folder emptied: 8427495869 bytes->Temporary Internet Files folder emptied: 296810968 bytes->Java cache emptied: 476439 bytes->FireFox cache emptied: 282011785 bytes->Google Chrome cache emptied: 309582671 bytes->Flash cache emptied: 1701 bytes User: Public User: UpdatusUser->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 200704 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32 (64bit) .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 467784870 bytes%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 45946166 bytes%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42304214 bytesRecycleBin emptied: 0 bytes Total Files Cleaned = 9,415.00 mb OTM by OldTimer - Version 3.1.21.0 log created on 03232014_173026 Files moved on Reboot...File C:\Users\jiro comeputer\AppData\Local\Temp\etilqs_NLjtVV474r2e7MW not found!File C:\Users\jiro comeputer\AppData\Local\Temp\etilqs_P3SqSGtXWLXNCjz not found!C:\Users\jiro comeputer\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.C:\Users\jiro comeputer\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.C:\Users\jiro comeputer\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 moved successfully.C:\Users\jiro comeputer\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 moved successfully.C:\Users\jiro comeputer\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 moved successfully.C:\Users\jiro comeputer\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 moved successfully.C:\Users\jiro comeputer\AppData\Local\Google\Chrome\User Data\Default\Cache\data_4 moved successfully.C:\Users\jiro comeputer\AppData\Local\Google\Chrome\User Data\Default\Cache\index moved successfully.C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. Registry entries deleted on Reboot...
