|
Post by danimal1969 on Oct 22, 2014 14:14:17 GMT -8
Alright, here it is:
C:\AdwCleaner\Quarantine\C\ProgramData\Conduit\Multi\CT3310511\UninstallerUI.exe.vir a variant of Win32/Toolbar.Conduit.AJ potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0\spext.dll.vir Win32/bProtector.D potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\a2dt91bk.default\Extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}\Plugins\npConduitFirefoxPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application C:\Users\Dan\AppData\Local\Temp\gxtweed.dll Win32/TrojanDownloader.Tracur.AM trojan C:\Users\Dan\AppData\Local\{3B98C378-6899-4F12-8C04-8B82556E203E}\dknumzkfvbn.dll Win32/TrojanDownloader.Tracur.AM trojan C:\Users\Dan\Downloads\Shockwave_Installer_Slim.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application C:\Windows\System32\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
|
|
|
Post by danimal1969 on Oct 22, 2014 14:37:42 GMT -8
Also worth mentioning, I had to disable Norton to make this run, even then it took 16 hours. When I got home from work, I saw it had finished and posted the log for you. Then as I was closing IE I got a pop up from Norton saying it blocked something called imgutil.dll. Even though I thought it was still disabled. Norton tells me its a "high risk" ws.malware.2.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 22, 2014 15:30:44 GMT -8
I will do this quickly so hopefully Tracur does not get into gear.
You may want to read carefully all of this message first before starting the steps.
NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Download the script attached, needs to be the same file name as well (fixlist.txt), have it on the Desktop, so that fixlist.txt is next to FRST64.exe,
DO NOT DRAG AND DROP to download the script, it won't work for FRST (Right click on the attachment link (not the normal left click) and from the menu choose Save As or Save Link as.)
The script tells FRST what to do.
Start FRST that is on the desktop When the tool opens click Yes to disclaimer. (if it still does)
Press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) please post it to your reply (attach or paste)
Quads
|
|
|
Post by danimal1969 on Oct 22, 2014 15:47:20 GMT -8
Did as instructed, got a windows error that FRST had an error and must close. Fixlog was generated. I'm guessing that it doesn't look too good. I'm going to restart and try again since FRST won't open now.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-10-2014 01 Ran by Dan at 2014-10-22 19:43:35 Run:3 Running from C:\Users\Dan\Desktop Loaded Profile: Dan (Available profiles: Dan) Boot Mode: Normal ==============================================
Content of fixlist: ***************** start C:\Users\Dan\AppData\Local\Temp\gxtweed.dll C:\Users\Dan\AppData\Local\{3B98C378-6899-4F12-8C04-8B82556E203E}\dknumzkfvbn.dll C:\Users\Dan\AppData\Local\{3B98C378-6899-4F12-8C04-8B82556E203E} C:\Users\Dan\Downloads\Shockwave_Installer_Slim.exe C:\Windows\System32\Adobe\Shockwave 12\gt.exe C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe EmptyTemp: end *****************
"C:\Users\Dan\AppData\Local\Temp\gxtweed.dll" => File/Directory not found. "C:\Users\Dan\AppData\Local\{3B98C378-6899-4F12-8C04-8B82556E203E}\dknumzkfvbn.dll" => File/Directory not found. "C:\Users\Dan\AppData\Local\{3B98C378-6899-4F12-8C04-8B82556E203E}" => File/Directory not found. "C:\Users\Dan\Downloads\Shockwave_Installer_Slim.exe" => File/Directory not found. "C:\Windows\System32\Adobe\Shockwave 12\gt.exe" => File/Directory not found. "C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe " => File/Directory not found.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 22, 2014 15:54:01 GMT -8
FRST has been run 3 times not 2 times as what should have been, That is why Nothing is found the logs are screwed, No good.
You can go on your way
Bye
Quads
|
|
|
Post by danimal1969 on Oct 22, 2014 16:02:02 GMT -8
FRST has been run 3 times not 2 times as what should have been, That is why Nothing is found the logs are screwed, No good. You can go on your way Bye Quads
When I got the error message, I ran the FRST again. I thought that would have made sense. I'm sorry if I made a mistake.
So that means you won't help me any more because I made a mistake? Just trying to get you the info you needed.
Dan
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 22, 2014 16:13:33 GMT -8
The Guidelines state:
"Make changes to your computer only when the Malware Expert specifically states it. The Malware Experts request specific steps to be followed, as some malware removal requires multiple steps and evaluations along the way. When you take other advice or make other changes, this often negates the work done by the expert, and can sometimes result in an inoperable system.
This also includes any tools or steps other than those the from the Malware Expert. We need to be certain about the state of your system to see what actually is going on, and what is required to fix the system while not harming the rest of the system. Most often, well-intentioned independent efforts can make things much worse. The malware remediation tools are more advanced than other tools, and can often create bigger problems when used without expert guidance."
"Follow all the directions in order, and to the end. Please perform all steps in the order they are listed in each set of instructions. As you might imagine, some steps are a bit complicated. If things are not clear, be sure to stop and let the Malware Expert know the problem. We don't mind clarifying a situation, as others might have the same question. If a tool does not run as expected, don't force it. Stop the steps, and update the forum topic with the current situation. It is better stop and let us know, than to force a tool to run and cause bigger problems. Bottom line is, if you are not sure about something, STOP and ASK until you are sure."
Your log that came back is incorrect as it is not log number 2 which is probably gone for all time now as the one from run 2 gets over written, so log 2 is not from the run I asked.
All you have maybe is tools and their Quarantines now, who knows what the correct log may have said.
You can go on your merry way with the tools you used beyond the guidelines, but it means you can get doing whatever you are trying to do with FRST or any of the other tools, as the forum has stopped with your system and any problem that may be caused by you using the tools
Quads
|
|
|
Post by danimal1969 on Oct 22, 2014 16:27:26 GMT -8
Quads,
I guess I don't know what to say, other than to say I hope you will change your mind.
Yes, I read the guidelines when I joined and my intention was not to go "off on my own" trying things. I assumed my windows just hiccupped and FRST just needed a restart. Obviously I was wrong. Again, I do apologize for doing that, but please understand it wasn't my intention to perform uninstructed steps.
Is there anything I can do to get your site's help back? I'm truly appreciative of what you're doing and I promise nothing like this will happen again.
Dan
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 22, 2014 16:31:48 GMT -8
No
All you have got now is the tools / Programs and their Quarantine folders now to delete from the system (or Play with) unless the now gone run 2 log showed something we now no longer have
Good Bye
Quads
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 25, 2014 23:48:24 GMT -8
System Now fixed, Thread now closed
Quads
|
|