Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help me, please! Temp viruses.


  • Please log in to reply
18 replies to this topic

#1 xcalibur0645

xcalibur0645

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:38 PM

Posted 02 February 2016 - 05:40 AM

Help! I think my computer is infected pretty badly and I don't know what to do.

 

Basically, I tried to open a program I downloaded from the internet. At first, it didn't do much trouble, but a few minutes later, unknown program installers started popping up horrendously. Obscure processes clogged my task manager, and basically everything has gone all to Hell. Sometimes, random tabs would also open up in my internet browser, leading me to pornographic websites I'm not interested in.

 

From time to time, my antivirus (Panda) would alert me that it has neutralized suspicious files in my temp folder. All of the suspicious files are .tmp files. I get to delete them very often, but they keep on showing up. I've already done a full scan with Panda and basically did everything I can but still to no avail! Panda has also detected numerous trojan viruses and have deleted them, but I'm not very certain that they're all dead.

 

I really need your help. This computer contains precious media that hold extreme sentimental value, so I don't want them to be deleted. Please help me!



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,320 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:38 AM

Posted 02 February 2016 - 06:47 AM

Welcome to BC...

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
  • Click the Remove Selected button.
  • MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR  REVIEW.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 xcalibur0645

xcalibur0645
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:38 PM

Posted 04 February 2016 - 04:56 AM

Here are my logs.

 

Malwarebytes

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2/4/2016
Scan Time: 4:56 PM
Logfile: MBAB Logs.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.02.04.01
Rootkit Database: v2016.01.20.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: User
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 311405
Time Elapsed: 27 min, 29 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 1
PUP.Optional.ConvertAd, C:\Program Files\03000200-1454338191-0500-0006-000700080009\knsdF1BB.tmpfs, 3108, Delete-on-Reboot, [436e4715158491a50135ca9f4fb35da3]
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 4
PUP.Optional.ConvertAd, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\zyzojupyzbt, Quarantined, [436e4715158491a50135ca9f4fb35da3], 
PUP.Optional.VOPackage, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VOPackage, Quarantined, [a40ddd7f4c4dba7c881df20bc53ee719], 
PUP.Optional.MultiPlug, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WUCOTUSY, Quarantined, [951c86d6465313236d680fd67093a65a], 
PUP.Optional.MultiPlug, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZIGIPYRO, Quarantined, [8d249ebe1b7e83b311c45095e122d927], 
 
Registry Values: 2
PUP.Optional.MultiPlug, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\wucotusy|ImagePath, C:\Program Files\03000200-1454338191-0500-0006-000700080009\hnsd313D.tmp, Quarantined, [951c86d6465313236d680fd67093a65a]
PUP.Optional.MultiPlug, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\zigipyro|ImagePath, C:\Users\User\AppData\Local\03000200-1454368892-0500-0006-000700080009\qnsu9E66.tmp, Quarantined, [8d249ebe1b7e83b311c45095e122d927]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 2
PUP.Optional.ConvertAd, C:\Program Files\03000200-1454338191-0500-0006-000700080009\knsdF1BB.tmpfs, Delete-on-Reboot, [436e4715158491a50135ca9f4fb35da3], 
PUP.Optional.ConvertAd, C:\Program Files\03000200-1454338191-0500-0006-000700080009\rnsx70B.exe, Quarantined, [248d92ca3a5f62d4ff60d41353aec937], 
 
Physical Sectors: 0
(No malicious items detected)
 
 

 

(end)
 
AdwCleaner
 
# AdwCleaner v5.032 - Logfile created 04/02/2016 at 17:36:28
# Updated 31/01/2016 by Xplode
# Database : 2016-02-02.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x86)
# Username : User - USER-PC
# Running from : C:\Users\User\Desktop\adwcleaner_5.032.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files\pandasecuritytb
[-] Folder Deleted : C:\Program Files\03000200-1454338191-0500-0006-000700080009
[-] Folder Deleted : C:\Users\User\AppData\LocalLow\pandasecuritytb
[-] Folder Deleted : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage
[-] Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x3j56i4m.default\pandasecuritytb
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
[x] Shortcut Not Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
[-] Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
[x] Shortcut Not Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
[-] Key Deleted : HKLM\SOFTWARE\SimpleFiles
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
 
***** [ Web browsers ] *****
 
[-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2609 bytes] ##########
 
Junkware Removal Tool
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 7 Ultimate x86 
Ran by User (Administrator) on Thu 02/04/2016 at 17:44:10.96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 5 
 
Successfully deleted: C:\Program Files\mozilla firefox\defaults\pref\itms.js (File) 
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78BJUXKE (Folder) 
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QISBPK20 (Folder) 
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R98DWFOV (Folder) 
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VB93F15W (Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 02/04/2016 at 17:46:00.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
And as for ESET Online Scanner, I tried all of the steps but the program can't download the virus signature database for some reason. It says "Cannot download. Is proxy configured?" What do I have to do to fix that? Thank you very much!
 
[EDIT 6:04 PM (GMT+8)]
 
I realized that unchecking two of the shortcuts in AdwCleaner was a risky move, so I decided to give it another go. Here is the log:
 
# AdwCleaner v5.032 - Logfile created 04/02/2016 at 17:59:51
# Updated 31/01/2016 by Xplode
# Database : 2016-02-02.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x86)
# Username : User - USER-PC
# Running from : C:\Users\User\Desktop\adwcleaner_5.032.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
[-] Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [842 bytes] ##########

Edited by xcalibur0645, 04 February 2016 - 05:05 AM.


#4 buddy215

buddy215

  • Moderator
  • 13,320 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:38 AM

Posted 04 February 2016 - 07:14 AM

Good that you decided to clean the Chrome shortcuts.

 

Reset Google Chrome

You can reset your browser settings in Chrome any time. You might need to do this if apps or extensions you installed changed your settings without your knowledge. Your saved bookmarks and passwords won't be cleared or changed.

  1. Open Chrome.
  2. In the top right, click the Chrome menu
  3. Click Settings.
  4. At the bottom, click Show advanced settings.
  5. Under the section "Reset settings,” click Reset settings.
  6. In the box that appears, click Reset.
Refresh Firefox
  1. Click this Refresh Firefox button directly, if you are viewing this page in Firefox (it won't work if you are using a different browser). You will also find a Refresh button on the top right corner of the Firefox about:support Troubleshooting Information page.
  2. To continue, click Refresh Firefox in the confirmation window that opens.
  3. Firefox will close to refresh itself. When finished, a window will list your imported information. Click Finish and Firefox will open.

 

Please download MiniToolBox and run it.
Checkmark following boxes:

  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 xcalibur0645

xcalibur0645
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:38 PM

Posted 05 February 2016 - 02:55 AM

OK. I'm finished resetting Google Chrome and refreshing Mozilla Firefox.

 

MiniToolBox Logs

 

MiniToolBox by Farbar  Version: 03-02-2016 01
Ran by User (administrator) on 05-02-2016 at 15:48:42
Running from "C:\Users\User\Downloads"
Microsoft Windows 7 Ultimate  Service Pack 1 (X86)
Model: G41-M7 Manufacturer: BIOSTAR Group
Boot Mode: Normal
***************************************************************************
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
========================= FF Proxy Settings: ============================== 
 
========================= Hosts content: =================================
 
**** End of log ****

 

 
CCleaner Windows Startups
 
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
Yes HKCU:Run Messenger (Yahoo!) Yahoo! Inc. "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
Yes HKCU:Run Steam Valve Corporation "C:\Program Files\Steam\steam.exe" -silent
Yes HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes HKLM:Run GrooveMonitor Microsoft Corporation "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
Yes HKLM:Run MSC Microsoft Corporation "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
Yes HKLM:Run NvBackend NVIDIA Corporation "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
Yes HKLM:Run PSUAMain Panda Security, S.L. "C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
Yes HKLM:Run RtHDVCpl Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
Yes HKLM:Run RzWizard Razer Inc. C:\Program Files\Razer\RzWizard\RzWizard.exe
Yes HKLM:Run ShadowPlay Microsoft Corporation C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
Yes HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
 
CCleaner Scheduled Tasks
 
Yes Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
 
CCleaner List of Programs Installed
 
Adobe Flash Player 20 NPAPI Adobe Systems Incorporated 1/20/2016 4.29 MB 20.0.0.286
Adobe Reader XI (11.0.14) Adobe Systems Incorporated 1/13/2016 184 MB 11.0.14
Apple Application Support (32-bit) Apple Inc. 8/31/2015 96.0 MB 3.2
Apple Mobile Device Support Apple Inc. 8/31/2015 22.5 MB 8.2.1.3
Apple Software Update Apple Inc. 8/31/2015 2.38 MB 2.1.3.127
Bandicam Bandisoft.com 1/25/2016 37.1 MB 3.0.2.1014
Bandisoft MPEG-1 Decoder Bandisoft.com 1/25/2016
Bonjour Apple Inc. 8/31/2015 1.02 MB 3.0.0.10
Canon MP280 series MP Drivers Canon Inc. 7/28/2015
CCleaner Piriform 2/4/2016 5.14
EPSON ME-100 Series Printer Uninstall SEIKO EPSON Corporation 7/14/2015
ESET Online Scanner v3 2/4/2016
GameMaker: Studio YoYo Games Ltd. 7/18/2015
GIMP 2.8.16 The GIMP Team 1/24/2016 266 MB 2.8.16
Google Chrome Google Inc. 7/12/2015 48.0.2564.103
iTunes Apple Inc. 8/31/2015 225 MB 12.2.2.25
Java 8 Update 51 Oracle Corporation 7/25/2015 77.1 MB 8.0.510
Malwarebytes Anti-Malware version 2.2.0.1024 Malwarebytes 2/4/2016 65.9 MB 2.2.0.1024
Microsoft .NET Framework 4.6.1 Microsoft Corporation 1/3/2016 38.8 MB 4.6.01055
Microsoft Office Enterprise 2007 Microsoft Corporation 7/12/2015 12.0.4518.1014
Microsoft Security Essentials Microsoft Corporation 7/13/2015 4.7.205.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 9/3/2015 1.69 MB 3.1.0000
Microsoft Visual C++ 2005 Redistributable - KB2467175 Microsoft Corporation 7/12/2015 308 KB 8.0.51011
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 Microsoft Corporation 8/1/2015 9.89 MB 10.0.30319
Mozilla Firefox 43.0.4 (x86 en-US) Mozilla 1/9/2016 89.5 MB 43.0.4
Mozilla Maintenance Service Mozilla 1/9/2016 213 KB 43.0.4.5848
NVIDIA 3D Vision Controller Driver 340.50 NVIDIA Corporation 7/18/2015 340.50
NVIDIA 3D Vision Driver 341.44 NVIDIA Corporation 7/18/2015 341.44
NVIDIA GeForce Experience 2.5.13.6 NVIDIA Corporation 8/25/2015 2.5.13.6
NVIDIA Graphics Driver 341.44 NVIDIA Corporation 7/18/2015 341.44
NVIDIA PhysX System Software 9.13.1220 NVIDIA Corporation 7/12/2015 9.13.1220
osu! ppy Pty Ltd 8/1/2015 123 MB latest
paint.net dotPDN LLC 1/3/2016 27.7 MB 4.0.8
Panda Free Antivirus Panda Security 2/1/2016 16.01.00.0000
Panda Security Toolbar Panda Security and Visicom Media Inc. 2/1/2016 4.3.1.15
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 7/12/2015 6.0.1.7541
Steam Valve Corporation 7/18/2015 2.10.91.91
The Adventures of AMP 1/24/2016
Unity Web Player Unity Technologies ApS 8/1/2015 12.0 MB 5.1.2f1
Viber Viber Media Inc. 1/29/2016 311 MB 5.4.0.1664
VLC media player VideoLAN 7/12/2015 2.2.0
Wacom Tablet Wacom Technology Corp. 1/26/2016 6.3.15-2
WebTablet FB Plugin 32 bit Wacom Technology Corp. 1/26/2016 2.1.0.7
Windows Live Essentials Microsoft Corporation 9/3/2015 16.4.3528.0331
WinRAR 5.30 beta 1 (32-bit) win.rar GmbH 8/2/2015 5.30.1
Yahoo! Messenger Yahoo! Inc. 7/12/2015
 
That's all.
 
I noticed that my computer has been slowing down a little bit in the startup process. It takes a little while for my Steam login screen to show up, and the icons in the notification bar also take a while to show up. Can that be the work of a virus? I'm not really literate when it comes to this deep kind of computer stuff.
 
Again, I appreciate your help very much!


#6 buddy215

buddy215

  • Moderator
  • 13,320 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:38 AM

Posted 05 February 2016 - 07:28 AM

Disable these Windows Startups: Use CCleaner by clicking on each item and then choosing Disable on the right.

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
Yes HKCU:Run Messenger (Yahoo!) Yahoo! Inc. "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
Yes HKCU:Run Steam Valve Corporation "C:\Program Files\Steam\steam.exe" -silent
Yes HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes HKLM:Run GrooveMonitor Microsoft Corporation "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
Yes HKLM:Run ShadowPlay Microsoft Corporation C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
 
Disable these Tasks:
Yes Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

 

Uninstall these programs:

ESET Online Scanner v3 2/4/2016

Java 8 Update 51 Oracle Corporation 7/25/2015 77.1 MB 8.0.510

Mozilla Firefox 43.0.4 (x86 en-US) Mozilla 1/9/2016 89.5 MB 43.0.4 (Uninstall or Update to 44....Help > About Firefox > Check for update)

Panda Security Toolbar Panda Security and Visicom Media Inc. 2/1/2016 4.3.1.15

Yahoo! Messenger Yahoo! Inc. 7/12/2015

 

After doing the above attempt to run a scan using Eset. Note in the directions that there are two options....one for using IE browser and the other

for using Firefox or Chrome.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 xcalibur0645

xcalibur0645
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:38 PM

Posted 07 February 2016 - 09:58 AM

OK. I'm pretty busy on school works, but I'll work on your instructions as soon as possible tomorrow. I'm just posting this to let you know that I'm still active. I've read somewhere about posts being deactivated if they don't get any activity within three days.



#8 buddy215

buddy215

  • Moderator
  • 13,320 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:38 AM

Posted 07 February 2016 - 11:12 AM

This topic will remain open. What you read was for another forum....Malware Removal forum.

Following the instructions in my last post should decrease the startup time and decrease the amount

of computer resources used after startup.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 xcalibur0645

xcalibur0645
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:38 PM

Posted 08 February 2016 - 09:02 AM

OK. Here is the next set of results.

 

I successfully disabled all of the startups you've listed, and I've also successfully disabled all of the scheduled tasks you've listed. Aside from Panda Security Toolbar, I've also successfully uninstalled all of the programs you've stated. The error "Error: 2 - The system cannot find the file specified" shows up whenever I attempt to uninstall Panda Security Toolbar. Any ideas on the reason behind this?

 

As for the next step, I've successfully fired it up, too.

 

ESET Online Scan Logs

 

C:\AdwCleaner\Quarantine\C\Program Files\pandasecuritytb\pandasecurityDx.dll.vir a variant of Win32/Toolbar.Visicom.B potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files\pandasecuritytb\pandasecuritytb.dll.vir a variant of Win32/Toolbar.Visicom.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files\pandasecuritytb\ToolbarCleaner.exe.vir a variant of Win32/Toolbar.Visicom.E potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files\pandasecuritytb\uninstall.exe.vir a variant of Win32/Toolbar.Visicom.E potentially unwanted application deleted
C:\Program Files\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application deleted
C:\Users\User\AppData\Local\Temp\nso77F6.tmp a variant of Win32/Adware.ConvertAd.AGC application cleaned by deleting
 
That's all. Thank you.


#10 buddy215

buddy215

  • Moderator
  • 13,320 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:38 AM

Posted 08 February 2016 - 10:08 AM

The Panda Security Toolbar...adware....was removed mostly by AdwCleaner and Eset found and removed a bit more of it.

Panda may attempt to reinstall it during an upgrade or update of Panda. If it does you can remove it again using AdwCleaner or manually uninstall.

 

Is the computer performing up to par after completing all of the above and a reboot?

 

EDIT: In your opening post you expressed concern about losing 'precious media files'. It is very important to prepare for this to 

happen. You can easily backup those files or the entire hdd. Best that the backups be on an external medium...DVD....Flash Drive...external hdd.

I make use of the free email cloud storage for important documents. Disaster such as a hdd becoming unbootable due to damage/ failure can

happen at any time and for several reasons. Then there are threats such as Ransomware that can encrypt all of your documents.


Edited by buddy215, 08 February 2016 - 10:25 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#11 xcalibur0645

xcalibur0645
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:38 PM

Posted 08 February 2016 - 03:46 PM

Ever since I did my first run of threat removals (the one involving AdwCleaner, Junkware Removal Tool, and Malwarebytes), Panda hasn't detected or neutralized any threat or suspicious program. The startup speed has significantly boosted after I've disabled those startups and scheduled tasks too, and everything seems to be going smoothly so far. I will still keep an eye on the system for a day or two, and I'll update you if I ever get some significant finds.

 

There is something that's bothering me, though. Right before I opened this computer, I was led to a black screen that told me one of my disks had to be checked for consistency. It just sort of scanned all of my files, but that's all. After it did, my computer booted normally. Is that somehow related to anything or is that occurrence completely irrelevant?

 

As for backing up precious media files, I am more than happy to do it now. I just want to make sure that my computer is already free from threats before I do it, otherwise my flash drive might get infected by viruses too--unless such an instance is actually impossible and I'm just spewing gibberish here. I'm not really aware of how viruses (or most malware in general) work.



#12 buddy215

buddy215

  • Moderator
  • 13,320 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:38 AM

Posted 08 February 2016 - 04:59 PM

You can backup your data without much concern of malware being backed up. I'd say you can do that now without being concerned about that.

I don't know what triggered that disk scan. Since nothing was reported as needing fixing, I wouldn't be concerned unless it starts to happen often.

 

If something occurs that you think I could help you with....this topic will remain open. Happy surfin'....


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#13 xcalibur0645

xcalibur0645
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:38 PM

Posted 10 February 2016 - 04:07 AM

I'll keep this thread updated in case something bizarre pops up again. So far, everything seems to be going smoothly.

 

Thank you very much for your help!



#14 buddy215

buddy215

  • Moderator
  • 13,320 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:38 AM

Posted 10 February 2016 - 06:45 AM

You're welcome....happy surfin'


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#15 xcalibur0645

xcalibur0645
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:38 PM

Posted 11 February 2016 - 06:03 AM

OK. I've got a problem.

 

Basically, I downloaded this free software called Autodesk Sketchbook. It is an officially-recognized program developed by a trusted company, and since I directly downloaded it from the company's website, I don't think it's the one that caused the virus prompt.

 

Anyway, while using the program, Panda popped up with this notification.

 

http://s16.postimg.org/trmuseqf9/Infected_Screenshot.png

 

It says:

 

"IDriver.exe

1 infected item

Virus

c:\program files\common file...\idriver.exe

Follow the steps

Step-by-step guide

Panda Free Antivirus"

 

Right when I thought the viruses were gone for good! What should I do?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users