Win32.Downloader.gen problem - log files

[ken545]

Hello Beth,

How are ya doing ? Thanks for the logs, good job. Nothing real serious going on that I can see


Open OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  
  Code:

  :OTL
  O2 - BHO: (DownloadTerms) - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\Beth's Speed Demon\AppData\Local\DownloadTerms\temp.dat File not found
  O3 - HKU\S-1-5-21-3239291453-3162581592-1990427089-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
  
  
  :Services
  
  :Reg
  
  :Files
  ipconfig /flushdns /c
  C:\Program Files\Conduit
  C:\END
  
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top. <--Not run Scan
• Let the program run unhindered, reboot when it is done
• Then post the results of the log it produces

[BethMcM]

Hello Ken, doing great here. Thanks for all the help. Will be glad to have this out of the way. This has been an interesting fix.
Have a great evening.
Beth








All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3239291453-3162581592-1990427089-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Beth's Speed Demon\Desktop\cmd.bat deleted successfully.
C:\Users\Beth's Speed Demon\Desktop\cmd.txt deleted successfully.
File\Folder C:\Program Files\Conduit not found.
File\Folder C:\END not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

User: All Users

User: Beth's Speed Demon
->Temp folder emptied: 53161915 bytes
->Temporary Internet Files folder emptied: 484871927 bytes
->Java cache emptied: 3771001 bytes
->Google Chrome cache emptied: 313976332 bytes
->Apple Safari cache emptied: 43545600 bytes
->Flash cache emptied: 1404 bytes

User: Default
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 53051 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 224104 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 22496704 bytes

Total Files Cleaned = 880.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06262013_171840

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[ken545]

Wonderful, how are things running now ? Go ahead and run a new scan with Spybot and lets see if there gone

[BethMcM]

Hope this is not a whole new can of worms.
Beth

[ken545]

Just a leftover entry for downloadterms, not very serious


Open OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  
  Code:

  :OTL
  
  :Services
  
  :Reg
  [-HKEY_LOCAL_MACHINE\Software\DownloadTerms]
  [-HKEY_CURRENT_USER\Software\DownloadTerms]
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top. <--Not run Scan
• Let the program run unhindered, reboot when it is done
• Then post the results of the log it produces

[BethMcM]

Here is the log. I will be away most of the morning, but will check back in this afternoon.
Thanks for the help.
Have a great day!
Beth



All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\Software\DownloadTerms\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\DownloadTerms\ not found.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Beth's Speed Demon
->Temp folder emptied: 94165 bytes
->Temporary Internet Files folder emptied: 492163 bytes
->Java cache emptied: 2186195 bytes
->Google Chrome cache emptied: 188287752 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 643 bytes

User: Default
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8984 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 182.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06272013_071838

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[ken545]

Looking good Beth

How are things running now ?


ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
   ESET OnlineScan
2. Click the button.
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. Click on to download the ESET Smart Installer. Save it to your desktop.
   2. Double click on the icon on your desktop.
4. Check
5. Click the button.
6. Accept any security warnings from your browser.
7. Check
8. Make sure that the option "Remove found threats" is Unchecked
9. Push the Start button.
10. ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
11. When the scan completes, push
12. Push , and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
13. Push the button.
14. Push

Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.

[BethMcM]

I ran the scan while I was making lunch and came back to this screen shot as there was no log to produce, I am hoping that I did this right and all is well. ScreenHunter_01 Jun. 27 14.51.jpg

I went ahead and ran a spy bot scan and here are the results.


--- Search result list ---
MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

Thank you so much for your help, and I am hoping that the missing log means a good thing.
Beth

[ken545]

Hello Beth,

You have done well, No Threats Found

All Spybot is showing are tracking cookies, you can remove them yourself, but this is what you need to do

Cookies store your log in info for sites you frequent the require a user name and password, so I would write down all your user names and passwords ( like this site for instance ) so that when you return to that site you can log in and it will be remembered but by cleaning all the cookies all data will be lost but as you reenter your user name and password it will be remembered again for the next time you log into that site.


After you have all your usernames and passwords written down....

Open Up Chrome ( my new love ) and click on the 3 bars up on the top right of your browser, then click on History> Clear all browsing history and put a checkmark in Clear Browsing History and Clear Cookies.


Everything else looks fine
We need to update your Java to keep you more secure

1. Go to your Control Panel and click on the Java Icon ( looks like a little coffee cup ) click on About and you should have Version 7 Update 25, if not proceed with the instructions.
   
2. Go to the update Tab and update it
3. Important, during the upgrade UNCHECK ASK TOOL BAR. ( you do not need or want this )
   
4. Then go to your Add Remove Programs (WIN XP) or Programs and Features (Vista / Win 7) in the Control Panel and uninstall all previous versions.

You can verify the installation Here


Let me know how it went ??

[BethMcM]

I did as requested, I am running Windows 7 and Chrome and all is well in the java dept, I deleted the previous version. I normally get updates for java and I do keep it updated, but I have never deleted the previous version before and will do so from now on, as I snoop in areas of my computer to look for surprises.. I recently started a set of index cards with login and passwords which has become very handy.
What should I do with all of the files etc on my desktop (where I saved all of the information and exe's for this process)?
Are any of them worth keeping and using?
Thanks
Beth