Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Topic Closed, Due to Accidental Bumping

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Topic Closed, Due to Accidental Bumping

Unread postby ezlivin11 » May 9th, 2015, 5:52 am

First post: viewtopic.php?f=11&t=63693
Forgiveness please, I would like to try again. EZ/Mike :oops:
ezlivin11
Active Member
 
Posts: 12
Joined: May 8th, 2015, 12:32 am
Advertisement
Register to Remove

Re: Topic Closed, Due to Accidental Bumping

Unread postby Gary R » May 9th, 2015, 12:13 pm

A help_decrypt file, is usually a sign that your computer has been infected with one of the file encryption ransomware infections, namely one of the CryptoWall variants (CryptoWall 3.0).

Have you received any notifications that your files have been encrypted ?

Please download ... ListCWall to your desktop, and run it.

Once started, ListCWall will scan the Windows Registry for the registry key associated with CryptoWall. If one is found it will export the list of encrypted files to a log file named ListCWall.txt that will be located on your Windows desktop.

Please post me the log.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Topic Closed, Due to Accidental Bumping

Unread postby ezlivin11 » May 10th, 2015, 12:37 am

Preview: Re: Topic Closed, Due to Accidental Bumping
I am sorry for My failure to read and follow directions resulting in a incorrect posting, and I Hope You wanted Me to repost here not start another thread in the other room. :oops:
As requested:
ListCWall 1.3.0 by Lawrence Abrams (Grinler)
Backup function added by The Pugilist
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about the CryptoWall Ransomware can be found here:
http://www.bleepingcomputer.com/virus-r ... nformation

Windows Version: Windows 8.1
Username: easyl_000 Computer Name: MICHAEL1

Program started at: 05/09/2015 08:22:58 PM.


No CryptoWall encrypted file list found.

Program finished at: 05/09/2015 08:22:58 PM
Execution time: 0 hours(s), 0 minute(s), and 0 seconds(s)

I did peform sfc /scannow it ended with "some files could not be repaired", so I moved to DISM.exe /scanhealth and it was successful (logs for both available on request),
but everything seemed slow and out of whack, then used toubleshooter, and now it is going south again. Thank You EZ/Mike
ezlivin11
Active Member
 
Posts: 12
Joined: May 8th, 2015, 12:32 am

Re: Topic Closed, Due to Accidental Bumping

Unread postby ezlivin11 » May 10th, 2015, 12:52 am

I wasn't sure how you wanted my answer, so I used quick reply. Then I saw that the answer number did not update, so this reply is to insure that happens.
ezlivin11
Active Member
 
Posts: 12
Joined: May 8th, 2015, 12:32 am

Re: Topic Closed, Due to Accidental Bumping

Unread postby Gary R » May 10th, 2015, 2:02 am

OK, looks like you don't have Cryptowall, or if you do it's at an early stage and hasn't yet started encrypting files.

I've looked closely through the logs you've posted so far, and there's no obvious signs of an infection on your computer, but I'd like to scan further to make sure.

So, here's what I want you to do next ...

Please run a scan with ESET Online Scanner (this will take a few hours to complete, but it is very thorough)

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on Run ESET Online Scanner
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed click on Start to start the scan.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed you will be presented with a list of found threats ....
    • Click on the List of found threats link
    • Click on Export to text file
    • Save as ESET.txt to your Desktop
  • Exit out of ESET Online Scanner.
  • Post me the contents of ESET.txt please.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Topic Closed, Due to Accidental Bumping

Unread postby ezlivin11 » May 10th, 2015, 7:47 am

As Requested:

C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\AskToolbarInstaller-12.24.1_ORJ-SPE.msi a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\ChromeUtils\APNNativeMsgHost.exe a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\SO.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\VNT\vntldr.exe a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\Users\easyl_000\AppData\Local\Temp\APNSetup.exe a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application
C:\Users\Michael\Downloads\ubcd534.iso Win32/PSWTool.KonBoot.A potentially unsafe application

Ill be awaiting your next set of instructions, Your time and effort is greatly appreciated,. EZ/Mike
ezlivin11
Active Member
 
Posts: 12
Joined: May 8th, 2015, 12:32 am

Re: Topic Closed, Due to Accidental Bumping

Unread postby Gary R » May 10th, 2015, 9:28 am

Still not anything of any real concern on the malware front. Still, we'll take care of the items found and see if that has any effect on your situation (I don't expect it will, but you never know).

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad (don't include Code: Select all).
Code: Select all
C:\Program Files (x86)\AskPartnerNetwork
C:\Users\easyl_000\AppData\Local\Temp\APNSetup.exe
C:\Users\Michael\Downloads\ubcd534.iso
EmptyTemp:
Hosts:
cmd: ipconfig /flushdns

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log

Next ....

Reboot your computer, and let me know how it is behaving now please.






.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Topic Closed, Due to Accidental Bumping

Unread postby ezlivin11 » May 10th, 2015, 10:32 pm

I messed up trying to build a second boot drive (didn't have a second product key). End result I have a fresh install. During windows update, there was some corruption (Logs available). Major Error is 0X800F0805, The fix I found is to mount another image and make it read only. I do have a 8.1.iso copy to use (it doesn't have the updates). Is This the cmd line needed?
Dism /Mount-Image /ImageFile:C:\test\images\myimage.wim /index:1 /MountDir:C:\test\offline /ReadOnly /Optimize
The other option I found was to use a image from windows update. But I would to need change the location of the image? I will not touch the computer until You instruct me to. I will keep reading and and hopefully learn.
ezlivin11
Active Member
 
Posts: 12
Joined: May 8th, 2015, 12:32 am

Re: Topic Closed, Due to Accidental Bumping

Unread postby Gary R » May 11th, 2015, 12:44 am

Did you run the script I asked you to run, and if so did it create the log it is supposed to ?

If it did, please post it.

As for the other problems you are describing, they are beyond the scope of this forum. We are a forum that specialises in the removal of Malware, and if your problems do not have a Malware related cause (as seems to be the case), then we will need to hand you over to a forum that specialises in the type of issues that you appear to be suffering with.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Topic Closed, Due to Accidental Bumping

Unread postby ezlivin11 » May 11th, 2015, 2:33 am

As Requested:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-05-2015
Ran by Michael at 2015-05-10 23:17:31 Run:1
Running from C:\Users\Michael\Desktop\FRST-OlderVersion
Loaded Profiles: Michael (Available profiles: Michael)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Program Files (x86)\AskPartnerNetwork
C:\Users\easyl_000\AppData\Local\Temp\APNSetup.exe
C:\Users\Michael\Downloads\ubcd534.iso
EmptyTemp:
Hosts:
cmd: ipconfig /flushdns
*****************

"C:\Program Files (x86)\AskPartnerNetwork" => File/Directory not found.
"C:\Users\easyl_000\AppData\Local\Temp\APNSetup.exe" => File/Directory not found.
"C:\Users\Michael\Downloads\ubcd534.iso" => File/Directory not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 219.9 MB temporary data.


The system needed a reboot.

==== End of Fixlog 23:17:57 ====

looking good 8) Thank you for your time and help!
ezlivin11
Active Member
 
Posts: 12
Joined: May 8th, 2015, 12:32 am

Re: Topic Closed, Due to Accidental Bumping

Unread postby Gary R » May 11th, 2015, 5:27 am

If you're still having problems with reliability, I'd try doing the following ....

Follow the instructions on the following page ... http://www.tomshardware.co.uk/faq/id-20 ... ndows.html ... to run chkdsk /r on your computer. This will check your hard drive for errors, and will attempt to repair any it finds.

The check will take some time, and will boot back to normal mode when complete.

If you're still having problems after that ...

Uninstall the following programs, and reboot your computer when all of them have been uninstalled ...

Glary Utilities 5.24
McAfee All Access – Total Protection
McAfee SafeKey(uninstall only)
McAfee SiteAdvisor
Tweaking.com - Windows Repair


... "tuning utilities" are a really bad idea, and a complete waste of time, they do nothing to improve the performance of your computer, and often cause a great many problems of their own. I do not recommend their use at all.

Like all AV programs, McAfee gets deeply integrated into your Operating System, and as such can often be the source of reliability issues. I recommend you temporarily uninstall it (at least until you've established that it isn't the cause of your problems) and rely on Windows Defender (which has been much improved in W8 and W8.1) to act as your AV (don't forget to switch it on once you've uninstalled McAfee).

If you're still having problems, then try to refresh your computer ... http://windows.microsoft.com/en-GB/wind ... h-reset-pc

If that doesn't work then get back to me, and I'll recommend one or two of the "general help" forums that specialise in dealing with your kind of problems, and where you'll be more likely to get a resolution to your issues.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Topic Closed, Due to Accidental Bumping

Unread postby ezlivin11 » May 11th, 2015, 9:11 am

Thank You for the suggestions, and I have already tried them plus more. You found the last bits that eluded me. So many thanks Gary for your excellent effort and the clean bill of health. I will now be able to move forward with the bugs purged. Again Many Thanks To You and Yours :cheers: :cheers: :cheers: EZ/Mike
ezlivin11
Active Member
 
Posts: 12
Joined: May 8th, 2015, 12:32 am

Re: Topic Closed, Due to Accidental Bumping

Unread postby Gary R » May 11th, 2015, 10:57 am

You're welcome. :)

If you still continue to have issues, then I recommend the following sites for general computer help (as opposed to specific malware removal help) ....

http://www.bleepingcomputer.com/forums/f/209/windows-8/
http://www.geekstogo.com/forum/forum/188-windows-8/
http://forums.whatthetech.com/index.php ... wforum=119

.... they're listed in no specific order of preference.

I've linked to the forums that deal with Windows 8/8.1, however all the sites listed have other forums specific to hardware and software issues that may better suit your needs.

The quality of help at each is usually very good.

If any of them ask if you've been checked for malware, please feel free to refer them to this topic.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Topic Closed, Due to Accidental Bumping

Unread postby Gary R » May 14th, 2015, 8:22 am

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 72 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware