Jump to content

Browsers plagued by unwanted ads and misdirected web pages


Recommended Posts

Hi Gringo,

I've got some issues with CCLeaner related to cleaning out temporary files. First, two small points. 1) Your instructions say don't install Yahoo toolbar. But the install option given by ccleaner is for Google Chrome, not Yahoo Toolbar. 2) There is an additional box with an option to "intelligent scan cookies" (approximately) in order to save passwords for e.g. email accounts, etc. The ccleaner recommendation is to Yes, intelligent scan. I went with the recommendation. This info should be in your instructions, I think.

Bigger issue: is the selection of items. In this case, it is best for me to paste a screen capture of the dialog (despite forum suggestions not to do so). There are some items on here that I don't want to delete - such as Adobe Photoshop CS3 and CS4. And RegEdit. So, at this point in your instructions, I am cancelling, stopping. (Maybe I'll choose Analyze if I have time.) I suspect that only temporary files will be deleted - but I can't take a chance with having to reinstall so much software that I need.

Can you clarify why ccleaner has targeted Photoshop? Is it just temp files or the entire application?

I'm on a work deadline right now and I have to get some things done for tomorrow. So, for tonight, I will stop before completing ccleaner.

Also, I will have to wait until Wednesday or Thursday to check out your link about my printing issues. Thanks.

Wait: I'm hitting a high frustration point right now. I don't think the forum will let me paste my screen capture because when I click "Post" I get an error message saying the post is "too short."

Second, and worse, Photoshop CS6 will not launch!! (I wanted to create a jpeg of the screen capture.) So, now I have a printer not working, my photo software (my livelihood) won't launch and I have no time to deal with either now. Hope you have some suggestions.

Until tomorrow,

~flash51

p.s. Did you get my PayPal donation?

Link to post
Share on other sites

  • Staff

Greetings

I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools

Gringo

Link to post
Share on other sites

Sorry, I haven't replied. Work and life suddenly got very busy. I am running both Malwarebytes and Msft Security Essentials - simultaneously (I hope that's a wise thing to do). I am visiting only a few, known web sites - sites I need to visit to conduct my business - so I *should* be safe.

I haven't had time to run the printer procedure.

The Adobe Photoshop CS6 problem (would not launch) went away - it now launches fine. I think the problem arose because I had a ccleaner dialog box open waiting further instructions from you.

Which, BTW, I don't believe I have an answer from you on the question of why ccleaner was targeting and listing (among other applications) my previous Photoshop version (CS4). I don't want to delete CS4. Is that what ccleaner is trying to do?

I will be working very long days through this weekend and won't be able to tend to these issues as hard as you or I would like. Please be patient, yes, I do need some extra time.

Thanks.

Frank

Link to post
Share on other sites

  • Staff

Greetings

I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools

Gringo

Link to post
Share on other sites

Hello Gringo, (hmm, wondering why my Enter key isn't moving cursor to a new line, again. Oh well.)...... I'm picking up with your message of 3/19/13 at 6:21PM. Sorry for the delay, but work and travel calls. I hope to move through the rest of this process this evening. .... a quick update. Photoshop CS6 came back to life and launched without me taking any action other than shutting down the computer overnight last week. ..... I have now run CCLEANER with all default checks/ticks as you specified. I am still not able to print ... but I haven't taken the steps you specified. I will get to that in sequence of your posts. ...... I also ran a Quick Scan with MBAM. Nothing was found. I will paste the log text here and move to the next step with is to run HiJack this. Thank you. .......................... ======================================================== 2013/03/26 06:33:18 -0500 NANO2 Frank MESSAGE Starting protection

2013/03/26 06:33:19 -0500 NANO2 Frank MESSAGE Protection started successfully

2013/03/26 06:33:19 -0500 NANO2 Frank MESSAGE Starting IP protection

2013/03/26 06:33:36 -0500 NANO2 Frank MESSAGE IP Protection started successfully

2013/03/26 11:47:28 -0500 NANO2 Frank MESSAGE Executing scheduled update: Daily

2013/03/26 11:47:52 -0500 NANO2 Frank MESSAGE Scheduled update executed successfully: database updated from version v2013.03.25.13 to version v2013.03.26.11

2013/03/26 11:47:52 -0500 NANO2 Frank MESSAGE Starting database refresh

2013/03/26 11:47:52 -0500 NANO2 Frank MESSAGE Stopping IP protection

2013/03/26 11:47:57 -0500 NANO2 Frank MESSAGE IP Protection stopped successfully

2013/03/26 11:48:35 -0500 NANO2 Frank MESSAGE Database refreshed successfully

2013/03/26 11:48:35 -0500 NANO2 Frank MESSAGE Starting IP protection

2013/03/26 11:48:51 -0500 NANO2 Frank MESSAGE IP Protection started successfully

2013/03/26 16:47:30 -0500 NANO2 Frank MESSAGE Starting database refresh

2013/03/26 16:47:30 -0500 NANO2 Frank MESSAGE Stopping IP protection

2013/03/26 16:47:31 -0500 NANO2 Frank MESSAGE IP Protection stopped successfully

2013/03/26 16:47:34 -0500 NANO2 Frank MESSAGE Database refreshed successfully

2013/03/26 16:47:34 -0500 NANO2 Frank MESSAGE Starting IP protection

2013/03/26 16:47:45 -0500 NANO2 Frank MESSAGE IP Protection started successfully

Link to post
Share on other sites

Hello Gringo,

Your instructions next have asked for the HijackThis report. I will post it below my comments here. Your instructions also asked for a summary (How is the computer doing now?) - which I will give, including some repeated information.

In general, the computer seems to be running fine - with the exception of not being able to print. I will address that matter in sequence.

I have been using Firefox (19.0.2) for several days without any of the annoying pop-ups that started this mess. I sometimes use Internet Explorer - also with no problems. I mentioned an issue with the Enter/Return key not creating a new line in my previous post. That post was created with IE. This post is created with FF and the Enter/Return key is working fine.

Next in your list of instructions is the printer issue. I will tackle that immediately next.

I am hoping we are near the end. Business will take me away from the this PC starting Wednesday March 27.

Best,

Flash51/Frank

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 5:13:29 PM, on 3/26/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v10.0 (10.00.9200.16521)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\System32\spool\drivers\x64\3\E_S10IC2.EXE

C:\Users\Frank\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\spool\DRIVERS\x64\3\E_DPPE03.EXE

C:\Windows\system32\spool\DRIVERS\x64\3\E_S10RN2.EXE

C:\Users\Frank\Desktop\Install\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN

O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

O4 - Startup: Dropbox.lnk = Frank\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Startup: ZipCloud.lnk = C:\Program Files (x86)\ZipCloud\ZipCloud.exe

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.photobiz.com/global/uploader/24/ImageUploader5.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://imagecatcher.brightroom.com/ImageUploader4.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe

O23 - Service: Computer Backup (ZipCloud) (BackupStack) - Just Develop It - C:\Program Files (x86)\ZipCloud\BackupStack.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe

O23 - Service: @%systemroot%\system32\CISVC.EXE,-1 (CISVC) - Unknown owner - C:\Windows\system32\CISVC.EXE (file missing)

O23 - Service: Comcast Secure Backup & Share Backup Service (ComcastSecureBackupSharebackup) - Secure Backup and Share - C:\Program Files\SecureBackupShare\ComcastSecureBackupSharebackup.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

O23 - Service: HDD & SSD access service - Unknown owner - (no file)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 10387 bytes

Link to post
Share on other sites

OMT - may or may not berelated. My browser is not displaying fonts correctly. They will get fuzzy, pixelated, and blurred with pixels of various colors. It is intermittent - refreshing the screen and/or scrolling the web page often clears up the blur. Sorry - but you asked how things are going. ~frank

Link to post
Share on other sites

Trying to solve printer issue. The link you provided at three options from HP. Not sure which to use so, I've tried two. The HP Hardware Diagnostics Utility cannot find my printer. And, the HP Print and Scan Doctor cannot find my printer. And, I cannot print a text file. I cannot print a test page from the printer properties dialog box.

The HP web page suggests a series of plugging/unplugging both the USB cable and the power cable - as well as the printer power switch. I've done all of that. And rebooted my PC. Nothing helps.

You should note this. The Epson printer utility recognizes the printer, reports remaining ink quantities for each color AND it will print a nozzle check.

Windows acknowledges when I plug and unplug the USB cable. It chimes up (connect) or down (disconnect) as I plug/unplug the cable. I've plugged it in to USB ports both on the back (where it always belongs) and on the front panel.

But I can't print.

So, I'm wondering - is the print queue fouled up, even though there are no documents in the print queue dialog box, except the one text file or print test page. I have been cancelling each unsuccessful print attempt. (sorry about the spelling errors).

Any suggestions? It seems you may have responded to my earlier posts (I got a pop up notice). I'll check for that now.

~flash51

Link to post
Share on other sites

Hi Gringo,

I got the printer working again by uninstalling the Epson driver, rebooting and reinstalling the driver.

The only lingering issues are: 1) fonts that display pixelated. I'm pasting a screen capture. They usually clear up immediately by scrolling or page up/down; and

2) Do you know of any reason why my mouse would randomly send double clicks on a single-click press? Maybe I'll re-install the mouse driver.

Did you find anything in the CClean and HiJackThis reports?

Thanks,

flash51

Link to post
Share on other sites

  • Staff

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional

These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

  • Run HijackThis (rightclick and run as admin)
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
      O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
      O4 - Startup: Dropbox.lnk = Frank\AppData\Roaming\Dropbox\bin\Dropbox.exe
      O4 - Startup: ZipCloud.lnk = C:\Program Files (x86)\ZipCloud\ZipCloud.exe

[*] Close all open windows and browsers/email, etc...

[*] Click on the "Fix Checked" button

[*] When completed, close the application.

  • NOTE**You can research each of those lines
>here< and see if you want to keep them or not
just copy the name between the brackets and paste into the search space
O4 - HKLM\..\Run: [IntelliPoint]

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start

    [*]When asked, allow the add/on to be installed

    • Click Start

    [*]Make sure that the option Remove found threats is unticked

    [*]Click on Advanced Settings, ensure the options

    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.

    [*]Click Scan

    [*]wait for the virus definitions to be downloaded

    [*]Wait for the scan to finish

When the scan is complete

  • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found

  • If threats were found
    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    • close program
    • copy and paste the report here

Gringo

Link to post
Share on other sites

Hi Gringo,

The ESET scan likely will take overnight. It's already found on "threat" (Wins32/OpenCandy application). It's been running an hour and reports being 28% done.

I'd like you to know, on Wednesday I have a tight schedule - and the start of a business trip. I'll try to attend to this threat in the morning.

My printer is still acting up - but I can't find a pattern to report to you. Somethings print, others don't. I have to print a CD label tonight so, I have to keep at it for a while.

Thanks,

Frank

Link to post
Share on other sites

Hi Gringo,

The ESET scan likely will take overnight. It&#39;s already found on "threat" (Wins32/OpenCandy application). It&#39;s been running an hour and reports being 28% done.

I&#39;d like you to know, on Wednesday I have a tight schedule - and the start of a business trip. I&#39;ll try to tend to this threat in the morning.

My printer is still acting up - but I can&#39;t find a pattern to report to you. Somethings print, others don&#39;t. I have to print a CD label tonight so, I have to keep at it for a while.

Thanks,

Frank

Link to post
Share on other sites

Good morning,

Here is the ESET SCAN. Four threats were found.

The last two would be false positives, aren't they? Uniblue has long been removed. What a PITA that program was. Made the system slower, not faster 2-3 years ago.

C:\Program Files (x86)\RealArcade\Installer\bin\OCSetupHlp.dll Win32/OpenCandy application

C:\Users\Frank\AppData\Roaming\Uniblue\PowerSuite\_temp\ub.exe multiple threats

C:\Users\Frank\Desktop\Install\Gadgets\cnet_StickyNotes_zip.exe a variant of Win32/InstallCore.D application

C:\Users\Frank\Desktop\Install\WinZip\WinZip155.exe a variant of Win32/OpenInstall application

RE: The printer. I've already uninstalled the driver. And reinstalled, I thought that fixed it. But, no.

You may have noticed, I have the option to run this PC remotely with LogMeIn. Would you like me to do that with any of your future suggestions after I leave today?

Many, many thanks for your time and patience.

~flash51

Link to post
Share on other sites

  • Staff

Hello flash51

There are some minor things in your online scan that should be removed.

delete files

  • Copy all text in the code box (below)...to Notepad.
    @echo off
    del /f /s /q "C:\Program Files (x86)\RealArcade\Installer\bin\OCSetupHlp.dll"
    del /f /s /q "C:\Users\Frank\AppData\Roaming\Uniblue\PowerSuite\_temp\ub.exe"
    del /f /s /q "C:\Users\Frank\Desktop\Install\Gadgets\cnet_StickyNotes_zip.exe"
    del /f /s /q "C:\Users\Frank\Desktop\Install\WinZip\WinZip155.exe"
    del %0


  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: batfileicon.gif<--XPvista_bat_icon.png<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.

The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.

:Why we need to remove some of our tools:

  • Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
    They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.
    The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
    • The application window will appear
    • Click the Re-enable button to re-enable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK.

Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • CF-Uninstall.png

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.

  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

About Java

  • During the cleaning process if I found that Java was installed I asked for it to be uninstalled, Many home users will not miss it. If you use OpenOffice, play online games or use business applications which require Java, Then you need to install the latest version and make sure to disable it in your web browsers.
    If an application or website requires it, you should receive a notification indicating that when you attempt to launch that application or access that website.
    Link to download latest version. -
install Java
How to disable java in your web browsers - Disable Java

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls
CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner
Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)
    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article

Strong passwords: How to create and use them Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety
Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as 'perfect security'. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Gringo

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.