Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help me with a fixlist, or other advice?


  • Please log in to reply
24 replies to this topic

#1 nellams

nellams

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 25 December 2014 - 10:49 AM

Hello, 
The infection actually happened weeks ago when I clicked on a link in a youtube description:(. I ran some anti-virus softwares & thought it had gone away, but then it came up again. It's vosteran. Now I tried some other things, including a frst scan, and apart from some obvious things (it tells me "bad memory"), I don't know what to look for. Would someone be willing to help me out? I'm on a Dell Inspiron n4110 with a 64 bit version of Windows 7. ...Thank you in advance:)



BC AdBot (Login to Remove)

 


#2 nellams

nellams
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 25 December 2014 - 11:10 AM

 Oh no, it occurs to me I should have posted this in the anti-virus and anti-malware forum:/ If I get no reply saying it's fine here, I shall remove it. 



#3 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 25 December 2014 - 11:49 AM

Hello there     :welcome:
 
Welcome to Bleeping Computer, I'm LighthouseParty. Let's run a couple of scans to see what could be causing this. FRST logs aren't permitted in this forum - it's only used for advanced problem solving in the MRL forum.

:step1: Please download MiniToolBox to your desktop

  • Double click MiniToolBox.
  • Select the following and then press go.
  • Post the log in your next reply.

Flush DNS
Reset IE Proxy Settings
Reset FF Proxy Settings
List Installed Programs
List Restore Points

:step2: Please download Malwarebytes Anti-Malware to your desktop

  • Double click mbam-setup-x.x.x.xxxx and follow the on-screen instructions.
  • On the dashboard, click update now.
  • After that, click scan now - the scan will now begin.
  • When the scan's completed, select apply actions - make sure the action is quarantine.
  • Restart your computer.

How to get the log.

  • On the dashboard, select the history tab and click application logs.
  • Select the log which has the time and date of when you did the scan.
  • Click copy to clipboard and paste it into your reply.

:step3: Please download Security Check to your desktop

  • Double click SecurityCheck and follow the on-screen instructions.
  • A log should open, called checkup.txt.
  • Please post the contents of it in your next reply.

:step4: Please download Malwarebytes Anti-Rootkit to your desktop

  • Double click it and click ok (Make sure to extract it to your desktop)
  • When it opens, click next and then update.
  • After it's updated, click next and then scan.
  • If malware is detected, select clean, then restart your computer.
  • Open 'MBAR' on your desktop and paste the contens in your reply of the following log:
  • mbar-log-xx.xx.xx.txt.

:step5: Non-malware removal steps

Run System File Checker - http://support.microsoft.com/KB/929833
Run Disk Check - http://support.microsoft.com/kb/2641432
Run Disk Cleanup - http://windows.microsoft.com/en-gb/windows/delete-files-using-disk-cleanup

Thanks and good luck!


Edited by LighthouseParty, 25 December 2014 - 11:49 AM.


#4 nellams

nellams
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  

Posted 25 December 2014 - 12:05 PM

Hello LighthouseParty. Thank you for helping me! While malwarebytes is scanning, here is the log from Mintoolbox: 

MiniToolBox by Farbar  Version: 30-11-2014
Ran by Sarah (administrator) on 25-12-2014 at 09:55:06
Running from "C:\Users\Sarah\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
 
 
=========================== Installed Programs ============================
µTorrent (HKCU\...\uTorrent) (Version: 3.3.1.30017 - BitTorrent Inc.)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 1.1.0.337 - Amazon Services LLC)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Cozi (HKLM-x32\...\{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}) (Version: 1.0.6505.38692 - Cozi Group, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB2910899) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{C8358E8D-6C89-41B3-8439-FEFBC0353D81}) (Version:  - Microsoft)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell Marketplace Webslice IE8 (HKLM-x32\...\{CF67ED0C-F85D-4791-AED3-3FE882EDB45D}) (Version: 8.0 - Nextjump Inc)
Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
Dell Stage (HKLM-x32\...\{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}) (Version: 1.5.201.0 - Fingertapps)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 15.2.17.3 - Synaptics Incorporated)
Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
Dell VideoStage  (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.100.82.24 - Dell Inc.)
EPSON NX430 Series Printer Uninstall (HKLM\...\EPSON NX430 Series) (Version:  - SEIKO EPSON Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Graphing Calculator Viewer (HKLM-x32\...\{8722B4A9-CE59-4BA5-9D45-8E6C6789B940}) (Version: 4.0.0.1 - Pacific Tech)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2345 - Intel Corporation)
Internet Explorer (x32 Version: 8 - Microsoft Corporation) Hidden
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
Java™ 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.240 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 33.1.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1.1 (x86 en-US)) (Version: 33.1.1 - Mozilla)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OverDrive Media Console (HKLM-x32\...\{7A9AB748-A66C-46C2-84CA-D3185727C9B0}) (Version: 3.3.1 - OverDrive, Inc.)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.15 - Dell Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6312 - Realtek Semiconductor Corp.)
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
Roxio Burn (x32 Version: 1.8 - Roxio) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.3 - Sophos Limited)
TrustedID (HKLM-x32\...\{C16A92EF-017B-4839-9C75-FBADB5A1FA27}) (Version: 5.0 - TrustedID)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition (HKLM-x32\...\{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{A7C2902F-C60B-428F-BDD7-ECE4DC0A2CA1}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{A7C2902F-C60B-428F-BDD7-ECE4DC0A2CA1}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{A7C2902F-C60B-428F-BDD7-ECE4DC0A2CA1}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8BEEA2FC-D416-428A-B52A-A3ED45921151}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{8BEEA2FC-D416-428A-B52A-A3ED45921151}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A4F91D60-654C-4892-BFD3-0D41ADA649B6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{A12F43A5-CF0B-44E3-942F-2441CD442F0D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{0B7744D2-1FDD-4843-9987-7CE11B79F370}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{8158D96B-083A-4FE4-8587-B5D0F49FE4B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8158D96B-083A-4FE4-8587-B5D0F49FE4B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D1C4AD0B-CC79-41D2-8D6A-571E7B30658C}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2889818) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{CFB80344-FCBA-4C03-AD77-D49E82F14C3E}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{C1954E2B-1672-4E5C-B564-F8CB2D08345B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{E762A933-274B-4860-B066-A39FAB0838FD}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{A7AA9E77-A9F4-4596-8AFD-4910FF258C3D}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2597088) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{A87EDEA3-4861-4D99-9B36-F442740F1287}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2597088) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A87EDEA3-4861-4D99-9B36-F442740F1287}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2597088) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{26A0F874-417C-4B0A-8088-3FA53638FB49}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{DF548669-AAED-467B-A074-AE2B72A4A871}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{6C727BC2-B2B9-4B03-BD7E-682EA6FA1C04}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7000 - Broadcom Corporation)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Wireshark 1.10.0 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.10.0 - The Wireshark developer community, http://www.wireshark.org)
========================= Restore Points ==================================
 
26-11-2014 02:11:11 Windows Update
02-12-2014 13:38:50 Windows Update
05-12-2014 12:13:14 clean restore
05-12-2014 14:18:25 Installed Sophos Virus Removal Tool.
06-12-2014 00:40:48 clean2
11-12-2014 14:06:03 Windows Update
12-12-2014 10:01:28 Windows Update
21-12-2014 04:15:52 Windows Update
21-12-2014 10:14:09 Windows Update
 
**** End of log ****


#5 nellams

nellams
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 25 December 2014 - 12:30 PM

Here is the Malwarebytes log: 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/25/2014
Scan Time: 10:00:16 AM
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2014.12.25.10
Rootkit Database: v2014.12.23.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Sarah
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 427084
Time Elapsed: 22 min, 49 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 4
PUP.Optional.NewHB.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\kcendgajlhoaiiccpijilcpmgphfflnj, Quarantined, [1bf3c6a154280630e439ec715ba8ad53], 
PUP.Optional.NewHB.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\kcendgajlhoaiiccpijilcpmgphfflnj, Quarantined, [b559e68191eb37ff36e7e5789a69ee12], 
PUP.Optional.NewHB.A, HKU\S-1-5-21-1351224878-3711563997-1094179598-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\kcendgajlhoaiiccpijilcpmgphfflnj, Quarantined, [090514530f6d290d22fa6bf2748f11ef], 
PUP.Optional.MultiIE.A, HKU\S-1-5-21-1351224878-3711563997-1094179598-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE, Quarantined, [9777a7c0f983d85ea6a6963b9c68d42c], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 2
PUP.Optional.Vosteran.A, C:\Users\Sarah\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Vosteran.lnk, Quarantined, [9678036492ea9b9b037035257d86dd23], 
PUP.Optional.NewHB.A, C:\Users\Sarah\AppData\Local\newhb.crx, Quarantined, [b05ea8bfceae8ea846d564f9a45f7a86], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#6 nellams

nellams
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 25 December 2014 - 12:35 PM

Security check log: 

 Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java™ 6 Update 24  
 Java version 32-bit out of Date! 
 Adobe Reader XI  
 Mozilla Firefox (34.0.5) 
 Google Chrome (39.0.2171.71) 
 Google Chrome (39.0.2171.95) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 


#7 nellams

nellams
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 25 December 2014 - 12:44 PM

When I click "Scan" for malwarebytes anti-root kit, it says 

---------------------------
Error
---------------------------
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
---------------------------
OK   
---------------------------


#8 nellams

nellams
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 25 December 2014 - 12:59 PM

I don't know how to exit:(...I thought I was out of it...



#9 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 25 December 2014 - 02:21 PM

Try restarting your computer and then opening the extracted folder and double-clicking mbar.exe.



#10 nellams

nellams
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 25 December 2014 - 02:29 PM

OK, I will try that, but i have to leave for a few hours, is it ok to get back to you later today?



#11 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 25 December 2014 - 02:40 PM

Sure :)



#12 nellams

nellams
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  

Posted 25 December 2014 - 02:47 PM

Thanks:) I'll report back later...It's the extracted folder that troubles me...



#13 nellams

nellams
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 25 December 2014 - 09:41 PM

Oof...I can't figure this out. This is how it goes:
I either
  1. Restart the computer & double- click the mbar icon on the desktop, click yes for permissions, click c:\users\sarah\desktop for the extraction path. It opens- I push next, then update, then next again, then when i push scan, it gives the error message:

This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
Or
  2. Restart the computer and open the "mbar" folder on the desktop. Double-click the mbar application, or windows command, and get the same outcome. 
What am I doing wrong? :(

Edited by nellams, 25 December 2014 - 09:41 PM.


#14 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 26 December 2014 - 05:01 AM

Hello there,

 

We'll skip Malwarebytes Anti-Rootkit for now.

:step1: Please uninstall some programs
 
There's currently some programs on your PC that we need to remove, for the time-being at least. Press the Windows + R key on your keyboard and type in appwiz.cpl and press enter. Navigate to each of the following below one-by-one and click uninstall:

  • µTorrent
  • Java™ 6 Update 24

If any programs listed above aren't in Programs and Features, you can just skip them. Please download JavaRa from here and once opened it, select 'remove JRE' (If that's not there, select remove Java Runtime). Make sure you skip the re-install Java option!

:step2: Please download rKill to your desktop

  • Double click it (Win 7, 8 and Vista users, right-click and select run as admin)
  • The tool will run and then a log file should open.
  • Please post the contents of it in your next reply.

Please don't restart your computer before running the next step.

:step3: Please download AdwCleaner to your desktop

  • Double click adwcleaner_x.xxx.exe. (Win 7, 8 and Vista users, right-click and select run as admin)
  • If prompted, click I agree.
  • Click scan. When it's finished, select clean.
  • Allow AdwCleaner to restart your computer.
  • Once your computer's restarted, a log should appear.
  • Please post this in your next reply.

:step4: Please download Junkware Removal Tool to your desktop

  • Double click JRT.exe. (Win 7, 8 and Vista users, right-click and select run as admin)
  • Press any key and the scan will begin.
  • At the end, a log will open. Please post this in your next reply.

:step5: Please visit the ESET Online Scanner webpage
:exclame: Internet Explorer MUST be used for this step.  :exclame:

  • Click the checkbox next to 'Yes, I accept the Terms of Use' and click start.
  • Select the checkboxes which are displayed in the picture below.

jqnp8z.png

  • Press start and the scan will now begin - this scan will take a long time.
  • When the scand finished, select list threats and then export.
  • Choose a name for the log (e.g ESET) and click save (to your desktop)
  • Press the back button and then click finish. Please include the contents of the log in your reply.


#15 nellams

nellams
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  

Posted 26 December 2014 - 04:24 PM

Hi, I've uninstalled the programs on the list and downloaded JavaRa...but whenever I try to open it, it prompts me to save, and opens a blank internet tab...I've tried to figure it out, but good gravy, I must be challenged;_;






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users