Page 11 of 17 FirstFirst ... 910111213 ... LastLast

  1. Joined : Apr 2015
    Posts : 9,142
    W10Prox64
       17 Nov 2015 #101

    --------------------------------------
    updating the RECAP list:

    DONE-Set another restore point,
    DONE-Run ESET from Firefox, save the log file and paste it here, let it delete whatever it finds.
    DONE-Run Malwarebytes Anti-Exploit (see post #17)
    Download and install Malwarebytes Anti-Exploit
    This will help protect your browsers against zero-day attacks.
    DONE-Run SuperAntiSpyware ( see post #49)
    DONE-Please run one last scan of Malwarebytes Antimalware - but this time you're going to do a full scan of drive C and not just a threat scan (see my instructions in previous post #75)
    DONE-sfc /scannow - no integrity violations found
    DONE-CryptoPrevent

    Please set 2 restore points: CLEAN #1 and CLEAN #2

    Ccleaner:
    Please download and install. I will post screenshots of what we need to do.

    (I may have a couple of other tools I will add to the list here, if we find they are necessary, so TBD.)

    Then, I will suggest you put a couple add-ons into Firefox and adjust some settings for safety, and ONLY use Firefox to browse the web, until Edge has extension support (sometime next year).

    --------------------------------------


    Next is to set 2 restore points.


    Then download and install Ccleaner. Please be sure to watch each screen of the installation for additional things that we don't want. No Google Chrome, nothing. If any boxes are checked by default, read what they pertain to, and then chances are you need to uncheck them. I can't remember if it tries to install anything else with it or not.


    Click image for larger version. 

Name:	cc01.PNG 
Views:	2 
Size:	46.8 KB 
ID:	48933

    open the list of existing restore points, and we will delete all old ones, because they contain infection remnants and we don't want to have them available for a restore. Leave only the restore points you just set - Clean #1 and Clean #2.

    Highlight them one at a time, and click Remove.


    Next we'll have a look at your installed programs, to see if there are any problems left, like outdated versions of Java, etc. Select save to text file in this screen, and post the file here.

    Click image for larger version. 

Name:	cc02.PNG 
Views:	2 
Size:	82.5 KB 
ID:	48934

    We will also have a look at your startups and autoruns, and your installed programs from here.

    Click image for larger version. 

Name:	cc03.PNG 
Views:	2 
Size:	110.0 KB 
ID:	48935

    Do this for each tab, i.e. Internet Explorer, Firefox, Scheduled Tasks, Context Menu.
    Click the Publisher column heading, to sort each by Publisher name - makes it easier for me to evaluate.
    Save each one to a text file and post it here.

    Now proceed to Registry. Select all boxes EXCEPT Help Files. Run the scan. When it is at 100%, make sure all the boxes are checked for everything it lists, then click Fix Selected Items. Save a backup when it asks you somewhere in Documents, where you can find it. (If ever needed, the file can simply be double-clicked, and all changes will be incorporated back into your registry. This should only be done if you find that something is terribly wrong with the operations of the computer after cleaning. In all the years of using this tool, I have never once had to revert my cleaning changes.)
    Attached Thumbnails Attached Thumbnails cc04.PNG  
      My System SpecsSystem Spec


  2. Joined : Apr 2015
    Posts : 9,142
    W10Prox64
       17 Nov 2015 #102

    I think, if it's okay with you, we can stop here for tonight?
      My System SpecsSystem Spec


  3. Joined : Jul 2015
    Posts : 359
    Windows 10 Pro 64bit v10586.3
       17 Nov 2015 #103

    You could have backed your important files and done a clean install to resolve this issue.
      My System SpecsSystem Spec


  4. Joined : Apr 2015
    Posts : 9,142
    W10Prox64
       17 Nov 2015 #104

    lopedoggie said: View Post
    You could have backed your important files and done a clean install to resolve this issue.
    True. And we would have never known what infections were on the computer, and the passwords would have never been changed, and then who knows.
      My System SpecsSystem Spec


  5. Joined : Sep 2015
    Posts : 66
    Windows 10
       17 Nov 2015 #105

    For simrick


    I agree; let's call it a day.

    It's gradually approaching 11:00 pm here in Florida, and I'm running out of steam. I think we accomplished a lot today, as well as yesterday and the day-before, and I am very grateful for your help. Had I contacted a Computer Techy to come to my apartment to set things straight, he never could have accomplished what was necessary in one to three hours.

    I'll tune in tomorrow, first thing. I think that you wanted me to create some Restore Points and to add some features to Firefox.

    Thanks again for all your help.
      My System SpecsSystem Spec


  6. Joined : Apr 2015
    Posts : 9,142
    W10Prox64
       17 Nov 2015 #106

    Writer said: View Post
    It's gradually approaching 11:00 pm here in Florida, and running out of steam. I think we accomplished a lot today, as well as yesterday and the day-before, and I am very grateful. Had I contacted a Computer Techy to come to my apartment to set things straight, he never could have accomplished what was necessary in one to three hours.

    I'll tune in tomorrow, first thing. I think that you wanted me to create some Restore Points and to add some features to Firefox.

    Thanks again for all your help.
    Sounds good.
      My System SpecsSystem Spec


  7. Joined : Apr 2015
    Posts : 9,142
    W10Prox64
       18 Nov 2015 #107

    This is a reminder for later:

    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1

    Don't do anything yet with it.
      My System SpecsSystem Spec


  8. Joined : Sep 2015
    Posts : 66
    Windows 10
       18 Nov 2015 #108

    For simrick


    I created the two new Restore Points.

    I deleted the old Restore Points.

    I installed CCleaner and saved all the information.

    This note appeared at the end of the CCleaner install.

    Registry Note 11-18-2015.docx

    A window appeared in the Notification corner at the end that said:
    CCleaner is now monitoring your computer and will let you know when it needs cleaning.
    The various Tab information is listed below:

    CCleaner Windows Tab 11-18-2015.txt
    CCleaner Internet Explorer Tab 11-18-2015.txt
    CCleaner Firefox Tab 11-18-2015.txt
    CCleaner Scheduled Tasks Tab 11-18-2015.txt
    CCleaner Context Menu Tab 11-18-2015.txt

    CCleaner Registry Changes
    CCleaner Registry Changes 11-18-2015.reg


    The DLL Error still appears at booting.

    A small window has appeared on my Task Bar that says "DMW Notification;" when I click on it, nothing else comes up. I'll leave it there until I hear from you about it.
      My System SpecsSystem Spec


  9. Joined : Apr 2015
    Posts : 9,142
    W10Prox64
       18 Nov 2015 #109

    Thanks. Please give me some time to evaluate everything.

    EDIT:
    Please open Ccleaner and make the following changes:

    In the Uninstall Programs Window, please uninstall:
    Plugin Java(TM) Platform SE 8 U31
    This is outdated and could have been the initial method of infection.

    In the Firefox Tab please DISABLE
    Plugin Java Deployment Toolkit 8.0.310.13 11.31.2.13 Oracle Corporation


    In the Scheduled Tasks Window, please DISABLE:
    Task Cedfomh C:\PROGRA~1\SHOPPE~3\Velgu.bat
    Task Fsaksaeelkida "C:\ProgramData\Fsaksaeelkida\1.0.6.1\oohnagee.exe"
    Task Jifqinw C:\PROGRA~1\SHOPPE~2\Muirra.bat
    Task Jisnojci C:\PROGRA~1\SHOPPE~4\Ajejao.bat
    Task Jyxutjdn C:\Users\User\AppData\Roaming\Jyxutjdn.exe
    Task Nuppobc C:\PROGRA~1\GROOVE~1\Rukdof.bat
    Task Rimgotp C:\PROGRA~1\SHOPPE~1\Yojyd.bat
    Task tmrjkEPblUbCKPY8TD975OiP C:\Users\User\AppData\Roaming\tmrjkEPblUbCKPY8TD975OiP.exe

    In the Windows Tab:
    Question: Is there a reason you have your Realtek Audio disabled? Are you having problems with it?
    No HKLM:Run RTHDVCPL "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s

    Same question with these - is this on purpose?
    No HKLM:Run HotKeysCmds C:\Windows\system32\hkcmd.exe
    No HKLM:Run IgfxTray C:\Windows\system32\igfxtray.exe
    No HKLM:Run Persistence C:\Windows\system32\igfxpers.exe
    No HKCU:Run OneDrive Microsoft Corporation "C:\Users\User\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
    No Startup User Send to OneNote.lnk Microsoft Corporation C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE

    Regarding the registry note:
    The file referenced at: HKLM\SYSTEM\CurrentControlSet\services\tmKasKUsC\ImagePath could not be located. These references are often left behind after uninstalling software.
    Solution: Delete the registry key.
    This should have been taken care of, when you ran the registry cleaner tool in Ccleaner. I see it listed as being cleaned - it's the very last entry in the reg file.

    Please perform these changes, and then reboot the computer. See if the DLL error message is now gone.

    NOTE: I still need a text file of all your installed programs from the UNINSTALL TAB. I can see hints of toolbars and other things that I need to identify so we can uninstall them.
    Thanks.
    Last edited by simrick; 18 Nov 2015 at 12:48.
      My System SpecsSystem Spec

  10.    18 Nov 2015 #110

    I don't mean to sidetrack or duplicate what @simrick is doing but with regards to one minor part, the C:\users\AppData\Local\PluginBus\xBin\PluginBus.dll problem at startup, you could download autoruns from here Autoruns for Windows, run it and right click and delete the entry where it is found in the Image path...

    It was from a scheduled task to add adware apparently pluginbus.dll and the problem dll has probably already been cleaned up just leaving the start-up item.

    Click image for larger version. 

Name:	Capture.PNG 
Views:	1 
Size:	206.1 KB 
ID:	49069
      My System SpecsSystem Spec


 
Page 11 of 17 FirstFirst ... 910111213 ... LastLast


Similar Threads
Thread Forum
BEST Anti-Virus for Windows 10 Pro ??
I have been using Norton Anti-Virus for 10 years and Norton Security the past 3 years !! I actually bought a 3-User pack on a Super Sale Price (from Norton). My Wife uses on and I have one "unused" !! Since I Upgraded to WINDOWS 10 PRO I find...
AntiVirus, Firewalls and System Security
Malware or Virus?
I usually use downmagz.com to download magazines. Today, I went to there to get some mags and when I went to the download page I got a popup that said CableONE has blocked the website. Clicked OK and then a page came up with a blue screen and...
AntiVirus, Firewalls and System Security
Solved ?Question about virus behavior.
Hi all, story; I got a virus about 6 months ago,,around then,, I had a pro-virus program, and it found virus after virus,after virus,,,,uhh infected files,,, my question is; why didnt the virus program kill the "source of the virus"? was i...
AntiVirus, Firewalls and System Security
Help with a virus
Hi everyone, So here is my issue, I installed some software but it turned out to be a fake version of that software. It installed a ton of bloat and popups and all of that. When ever I uninstalled the software it would reinstall itself and it was a...
AntiVirus, Firewalls and System Security
VIRUS TOTAL Bookmarked
While Miles was helping some one in Eight Forums he made a recommendation for the user to scan a URL with an online scanner. An then it came to me, I should have Virus Total bookmarked. https://virustotalcloud.appspot.com/static/img/logo.png ...
AntiVirus, Firewalls and System Security
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 14:30.
Find Us
Twitter Facebook Google+



Windows 10 Forums