I'm Baaaack!

StiinaQT · Jun 4, 2014

Hi Geeks! I had no idea there was anything wrong until I tried to run my Malwarebites. It would not start up no matter what I tried. So, I went through the Read/ Run First process and have my logs. Also note that I had just run CCleaner prior to realizing anything was wrong and I did delete some registry keys--all appeared to be legit, old data type entries. If I need to, I did back it up and I can restore it.

So, here are my logs, except of course, the MBam log.

Thanks for the help!

Laura / StiinaQT

StiinaQT · Jun 4, 2014

Forgot to include the TDSKiller Log, sorry! I forgot that it was too big to include as is, had to compress it.

Kestrel13! · Jun 4, 2014

Download and run OTM.

Download OTM by Old Timer and save it to your Desktop.

Right-click OTM.exe And select " Run as administrator " to run it.

Paste the following code under the area. Do not include the word Code.
Code:
:reg
[-HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}]
[-HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)
[-HKU\S-1-5-21-3148705106-146894118-3194988050-1000\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}]
[-HKU\S-1-5-21-3148705106-146894118-3194988050-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D2FC5A74-A324-4159-9BF7-65BD01ECAAAB}]
[-HKU\S-1-5-21-3148705106-146894118-3194988050-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow]
[-HKU\S-1-5-21-3148705106-146894118-3194988050-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectShowTabsWelcome]
[-HKU\S-1-5-21-3148705106-146894118-3194988050-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440}]

:Commands
[emptytemp]
[Reboot]
Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.

Push the large button.

OTM may ask to reboot the machine. Please do so if asked.

Copy everything in the Results window (under the green bar), and paste it into a text file to ATTACH into your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and attach the contents of that document back here in your next post.

Re run Hitman again and attach log.

Uninstall Malware Bytes using Revo Uninstaller.

Now try to reinstall it and let me know how you get on.

StiinaQT · Jun 4, 2014

Thank you, Kestrel13. I've completed the OTM process and rerun the Hitman Pro, including the logs. I uninstalled MBam with Revo Uninstaller and rebooted. Unfortunately, it will not run again. It stops during the update process and I get the "MBam has stopped working. Windows is checking for a solution for the problem..." then it shuts down. Same as it was doing before. I hope the logs tell you something to help me regain control of the MBam program.

Thanks again!

Laura / StiinaQT

Kestrel13! · Jun 5, 2014

How do you feel about going into the Windows Registry and deleting some keys/values? :confused

These need to be deleted: (bolded entries)

HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}

HKU\S-1-5-21-3148705106-146894118-3194988050-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow

HKU\S-1-5-21-3148705106-146894118-3194988050-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectShowTabsWelcome

HKU\S-1-5-21-3148705106-146894118-3194988050-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440}

Then reboot and rescan with Hitman again and attach the log.

StiinaQT · Jun 5, 2014

I modified the registry, very carefully and triple checked before deleting entries and rebooted. I started HitmanPro, but about 3/4 of the way through, my computer locked and started buzzing funny and you know...the blue screen of death. I booted in safe mode with networking so I could let you know. I'm going to reboot and try HitmanPro again and see what happens. I'll not run any other programs. :-o Guess I shouldn't have tried to multitask while HitmanPro was running. At least I'll make sure that isn't the problem.

I'll be doing that next. Thanks for your help. Hopefully my next message will have a log attached.

Laura

StiinaQT · Jun 6, 2014

Success! Here is my HitmanPro Log.

Let me know what else I need to do. May try to see if I can run MBam now in the mean time.

Thanks again!

Laura

Kestrel13! · Jun 6, 2014

Yes let me know about Malware Bytes, but in the mean time give this a run:

Reset Google Chrome to Defaults.

StiinaQT · Jun 6, 2014

I did as instructed for resetting Google Chrome. Not sure if the problems I just had on FB are mine or theirs. I'll try it again and see if I'm ok or not.

Laura

PS Anything else I should clean up?

Kestrel13! · Jun 6, 2014

Yes, rerun Hitman and attach the log. Also let me know about Malware Bytes.

StiinaQT · Jun 6, 2014

I guess I didn't include the last Hitman log, but nothing has changed and it's the same result. I'm attaching the latest run. MBam still shuts down when I try to run it.

Can I delete that infernal Ask Toolbar (via Revo Uninstaller)?

Thanks again,

Laura

StiinaQT · Jun 6, 2014

I forgot to mention that what ever this critter has done, it keeps knocking my wireless off too. It did that the last time I had a critter too. It's still doing that as well.

Laura

Kestrel13! · Jun 7, 2014

Can I delete that infernal Ask Toolbar (via Revo Uninstaller)?
Click to expand...

By Uninstalling Chrome using Revo Uninstaller. Then reinstall Google Chrome and rescan with Hitman and attach new log. It should come up clean then. As for Malware Bytes not running, you may have to ask about that in the software forum. Apart from what Hitman is now showing (minor junk) I'm not seeing any "critters" or anything...

StiinaQT · Jun 9, 2014

Kestrel13,

I did the uninstall and reinstalled, but apparently Google Chrome has a back up file and when it reinstalled, there was everything that was there before! Maybe the Ask toolbar isn't so invasive as others (not sure--perhaps you know?). My wireless N keeps turning off still. That might be resolved later this week when I have enough money to purchase a new modem to replace our very old one and a repeater to boost the signal. The Hitman Pro log shows the same, but I'm including it. Meant to do that yesterday, but I ended up taking a nap instead, lol. MBam still will not work.

Thanks again.

Kestrel13! · Jun 9, 2014

C:\Users\StiinaBB\AppData\Local\Google\Chrome\User Data\Default\Web Data
Click to expand...

Delete the Web Data folder and that should solve it.

You can post in the software forum about Mbam.

If you are not having any other malware problems, it is time to do our final steps:

We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.

Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.

Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.

If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.

Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.

Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

After doing the above, you should work thru the below link:

How to Protect yourself from malware!

StiinaQT · Jun 19, 2014

Thanks, Ketrel13. Sorry for the length of time it's taken me to get back. I've been sick for the last week and I'm just now getting back to this.

I was following your final steps and started having issues. The MGTools.bat didn't run properly and I started investigating my problems with MBam. I first discovered this new entity on my computer called "Interactive." I tried to take its privileges away and it fixed itself. I have some screen shots of what has happened.

Essentially, I tried to delete my MBam shortcut and I got this warning that if I did that, I wouldn't be able to access the program. Really? So, I find this Interactive on my permissions list and it has full control of the MBAM shortcut and all of my permissions have gone. I tried to retake control and got warnings, was told I couldn't and when I added a "denied" control for Interactive, it just changed back.

I'm telling you, I have something--a trojan or what ever you would call this--on my machine, but I can't get rid of it. Have you heard of this kind of behavior? I didn't go looking any further if it's inserted itself into any other programs, but this is very strange--it's not attached to the program itself, but the shortcut! I don't get it.

I'm attaching some screen shots with files named to indicate where they came from.

See what you think, ok? I appreciate all of your help.

Laura

Kestrel13! · Jun 20, 2014

This does not sound like malware at all. Any user logged in to the local system is a member of the Interactive group. This group is used to allow only local users to access a resource.

You can post about it in the software forum.

StiinaQT · Jul 6, 2014

I'm not sure what it is that I did as I updated with the manual download several times, but it was after I uninstalled my Google Chrome and reinstalled it, that MBam worked today. It did the scan on automatic mode, but I did finally get the log. I put everything into quarantine. I'm attaching the log for you.

Thanks again for your help.

Laura

Kestrel13! · Jul 7, 2014

No problem. And is everything running nicely?

I'm Baaaack!

StiinaQT Private First Class

Attached Files:

StiinaQT Private First Class

Attached Files:

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

StiinaQT Private First Class

Attached Files:

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

StiinaQT Private First Class

StiinaQT Private First Class

Attached Files:

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

StiinaQT Private First Class

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

StiinaQT Private First Class

Attached Files:

StiinaQT Private First Class

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

StiinaQT Private First Class

Attached Files:

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

StiinaQT Private First Class

Attached Files:

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

StiinaQT Private First Class

Attached Files:

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

Useful Searches