Page 2 of 2 FirstFirst 12
Results 11 to 18 of 18
  1. #11
    Member
    Join Date
    Sep 2006
    Posts
    68
    Points
    6

    Default

    All done,

    Thanks Joe.

    Here is the ESET log:

    ESETSmartInstaller@High as downloader log:
    all ok
    # version=8
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6920
    # api_version=3.0.2
    # EOSSerial=3796d4c3ab45b74cab3ff9daf215aa23
    # engine=13977
    # end=finished
    # remove_checked=true
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2013-06-03 03:48:05
    # local_time=2013-06-03 01:18:05 (+0930, Central Standard Time)
    # country="Australia"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode=5893 16776574 66 85 44086762 121865925 0 0
    # scanned=308217
    # found=8
    # cleaned=8
    # scan_time=10190
    sh=E9B92B0031D59B91726245C7F50820D4DF261B62 ft=1 fh=2d747543a957fc14 vn="Win32/Adware.1ClickDownload.AE application (cleaned by deleting - quarantined)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-4013523473-2947983006-3160469227-1003\$RY30UNV.exe"
    sh=BDE434BC951FE761E81D06727FC0265655064EE9 ft=1 fh=c71c0011b6395944 vn="a variant of Win32/SProtector.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\BrowseToSave\sprotector.dll"
    sh=9D730A0B6235C8599C076B277AD8754247587E6A ft=1 fh=399d76fdebda03ad vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Staff\AppData\Local\Temp\APNStub.exe"
    sh=DED201AE02FB9EA3646489AFEDA49270C4620D9C ft=1 fh=c71c001196f8c3ac vn="a variant of Win32/Toolbar.Babylon.C application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Staff\AppData\Local\Temp\695B9EC8-BAB0-7891-9E24-930D357B841C\Latest\BExternal.dll"
    sh=7759A3318DE2ABC3755EBB7F50322C6D586B5286 ft=1 fh=e3d39714b3bfb2a0 vn="Win32/Toolbar.Babylon.E application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Staff\AppData\Local\Temp\695B9EC8-BAB0-7891-9E24-930D357B841C\Latest\IEHelper.dll"
    sh=CAE38F7984A73FA129EB5FD190410A68C81350C2 ft=1 fh=b629c1bd568509dc vn="a variant of Win32/Toolbar.Babylon.E application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Staff\AppData\Local\Temp\695B9EC8-BAB0-7891-9E24-930D357B841C\Latest\Setup.exe"
    sh=88FF7A58B2D3DC22F6743DC73D02954218BEFE43 ft=1 fh=21ffbb981f3d28af vn="Win32/InstalleRex.I application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Staff\Downloads\NISSAN GQ PATROL MAVERICK WORKSHP REPAIR MANUAL pdf.exe"
    sh=B13519DD80B55034C5BADE68E08D252D735E0698 ft=1 fh=17b92d0718388745 vn="Win32/Adware.1ClickDownload.W application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Staff\Downloads\VipBoxSportsApp_setup(47c42).exe"
    ESETSmartInstaller@High as downloader log:
    all ok
    Update failed (41217). Trying proxy 10.60.184.528080
    finished. ret_update=0 e_gle=0
    # version=8
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6920
    # api_version=3.0.2
    # EOSSerial=3796d4c3ab45b74cab3ff9daf215aa23
    # engine=13985
    # end=stopped
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2013-06-04 03:01:38
    # local_time=2013-06-04 12:31:38 (+0930, Central Standard Time)
    # country="Australia"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode=5893 16776574 66 85 44170375 121949538 0 0
    # scanned=351
    # found=0
    # cleaned=0
    # scan_time=134
    ESETSmartInstaller@High as downloader log:
    all ok
    Update failed (41217). Trying proxy 10.60.184.528080
    finished. ret_update=0 e_gle=53251
    # version=8
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6920
    # api_version=3.0.2
    # EOSSerial=3796d4c3ab45b74cab3ff9daf215aa23
    # engine=13985
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2013-06-05 03:22:23
    # local_time=2013-06-05 12:52:23 (+0930, Central Standard Time)
    # country="Australia"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode=5893 16776574 66 85 44258020 122037183 0 0
    # scanned=307603
    # found=0
    # cleaned=0
    # scan_time=1171
    # version=8
    # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
    # OnlineScanner.ocx=1.0.0.6920
    # api_version=3.0.2
    # EOSSerial=3796d4c3ab45b74cab3ff9daf215aa23
    # engine=16640
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2014-01-14 03:01:13
    # local_time=2014-01-14 01:31:13 (+0930, Central Daylight Time)
    # country="Australia"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode=5893 16776574 66 85 63523950 141303113 0 0
    # scanned=330735
    # found=7
    # cleaned=0
    # scan_time=6243
    sh=3FDA53F88C2B98DE37AC2C2080502BE2E576E901 ft=1 fh=3800e8a51d246518 vn="Win32/SProtector.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowseToSave\uninstall.exe.vir"
    sh=20FD8DFD6BAC9F5C59D1A66ED0D24AD2182964A3 ft=1 fh=205dc3d519308ce9 vn="a variant of Win32/OpenInstall application" ac=I fn="C:\Users\Staff\Downloads\dvdshrink32setup1zip.exe"
    sh=CB20DFD703B61B9470BBB3B1BE157D47A8C0849A ft=1 fh=63788d9fe9c2f077 vn="Win32/Bundled.Toolbar.Google.D application" ac=I fn="C:\Users\Staff\Downloads\Shockwave_Installer_Slim.exe"
    sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D application" ac=I fn="C:\Windows\System32\Adobe\Shockwave 12\gt.exe"
    sh=74E7D99D3B29F1E124EBDCA6BE0184E24619EC5E ft=1 fh=57c05034de303995 vn="multiple threats" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MVQK1QQ9\update[1]"
    sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D application" ac=I fn="C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe"
    sh=74E7D99D3B29F1E124EBDCA6BE0184E24619EC5E ft=1 fh=57c05034de303995 vn="multiple threats" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MVQK1QQ9\update[1]"

  2. #12
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,178
    Points
    1308

    Default

    Hi Haynzy,

    Most of what Eset found has already been taken care of by AdwCleaner, just a few left overs and we can clean up.

    We need to do a fix using OTL

    • Double click on the to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :COMMANDS
      [CREATERESTOREPOINT]
      
      :OTL
      
      
      :Files
      ipconfig /flushdns /c
      C:\Users\Staff\Downloads\Shockwave_Installer_Slim.exe
      C:\Windows\System32\Adobe\Shockwave 12\gt.exe
      
      :Commands
      [emptytemp]
    • Make sure all other windows are closed.
    • Click the Run Fix button at the top
    • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
    • Post the log that is found in C:\_OTL\Moved Files in your next reply.
    • Open OTL again and click the Quick Scan button.


    In your next reply:

    *Post the OTL Fix log that is found in---> C:\_OTL\Moved Files, then we can start to clean up our tools.

    Thanks
    Joe

  3. #13
    Member
    Join Date
    Sep 2006
    Posts
    68
    Points
    6

    Default

    Thanks Joe,

    Here's the OTL log:

    All processes killed
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point
    ========== OTL ==========
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Staff\Downloads\cmd.bat deleted successfully.
    C:\Users\Staff\Downloads\cmd.txt deleted successfully.
    C:\Users\Staff\Downloads\Shockwave_Installer_Slim.exe moved successfully.
    C:\Windows\System32\Adobe\Shockwave 12\gt.exe moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public

    User: Staff
    ->Temp folder emptied: 59863758 bytes
    ->Temporary Internet Files folder emptied: 7976789 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 86999725 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 81440 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 148.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 01152014_093611

    Files\Folders moved on Reboot...
    C:\Users\Staff\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...

  4. #14
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,178
    Points
    1308

    Default

    Very well done Haynzy.

    We are done here and you're Malware free, I'll post a clean up speech Tomorrow so we can remove all my tools. stop by to get those instructions.

    Thank you for being easy to work with.

    Joe

  5. #15
    Member
    Join Date
    Sep 2006
    Posts
    68
    Points
    6

    Default

    Awesome, thanks Joe.
    I really appreciate your work.

  6. #16
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,178
    Points
    1308

    Default

    Hello Haynzy,

    Congratulations your logs are clean! Lets clean up after ourselves.

    Next

    Double-click on AdwCleaner.exe to run the tool again.
    • Click on the Uninstall button.
    • Click Yes when asked are you sure you want to uninstall.
    • Both AdwCleaner.exe, its folder and all logs will be removed.


    Next

    OTL Clean-Up

    Right click on the icon on your desktop and choose Run as administrator to open the main window.

    Next click on the button.

    Once clean up is complete you will be prompted to reboot your computer. Please do so.

    This will remove most of the programs we have used including itself.

    If there are any left over tools or logs on your computer please delete them now.


    Next

    Clear Restore Points

    Go Start > All Programmes > Accessories > System tools
    Right click Disc Cleanup and select run as administrator
    When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
    Select More Options tab
    Press Sytem Restore and Shadow Copies Cleanup button



    Finally

    I post this for everone. There prevention steps

    Turn On Automatic Updates:

    To do that:

    1. Click Start,click Run, type sysdm.cpl, and then press ENTER.

    2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for "any" time of day. Remember, your computer must be on at the scheduled timefor updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are then downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that "you" can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

    Antispyware programs:

    I would recommend the download and installation of the following program and the updating of it regularly:

    WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.

    Please read this great article by miekiemoes How to prevent Malware
    and this great article by Tony Klein So How Did I Get Infected In First Place

    Also read the latest!

    CryptoPrevent Tool:

    How to prevent your computer from becoming infected by CryptoLocker


    Thanks
    Joe

  7. #17
    Member
    Join Date
    Sep 2006
    Posts
    68
    Points
    6

    Default

    All done,

    Thanks so much Joe, your help is much appreciated.

    Cheers,
    Haynzy

  8. #18
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,522
    Points
    563

    Default

    Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

    If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

    Everyone else please begin a New Topic.

    Thank you,
    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

Page 2 of 2 FirstFirst 12