Solved masetupcleaner.exe asking to run & seems related to Kies?

Dell Inspiron black 15r notebook
October 28, 2014 at 04:35:37
Specs: windows 8.1
I had Samsung Kies installed (win 8.1) and wanted to plug mobile in for updates. Kies prompted for updates and it took 3 attempts for it to say it was updating but with no visible progress on the screen. Every time I then tried to open Kies from desktop icon a message said it was updating and so couldn't run. I subsequently uninstalled it and when i restarted the computer I had the message to run masetupcleaner.exe which I denied. I have read a few comments when I searched about this and none seem very reassuring or clear about what it is or even why it is. Can anyone shed any light on this?

See More: masetupcleaner.exe asking to run & seems related to Kies?

Report •

#1
October 28, 2014 at 05:07:11
✔ Best Answer
Lets have a look at what it has done.

Run both of these, in this order.

Step 1: Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.raymond.cc/blog/adwclean...
http://www.bleepingcomputer.com/dow...
Author's site
http://general-changelog-team.fr/en...
Tutorial
http://general-changelog-team.fr/en...
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Clean.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please Copy & Paste the contents of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 2: Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved onto your Desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.

message edited by Johnw


Report •

#2
October 28, 2014 at 08:29:11
Phew! that was fun, and just a little scary for a techno ignoramus.
And the results are....

# AdwCleaner v4.002 - Report created 28/10/2014 at 14:49:55
# DB v2014-10-26.6
# Updated 27/10/2014 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : cindy - CINDY
# Running from : C:\Users\cindy\Downloads\AdwCleaner(2).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****

Task Deleted : SomotoUpdateCheckerAutoStart

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Key Deleted : HKCU\Software\Conduit
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v34.0 (x86 en-US)


*************************

AdwCleaner[R0].txt - [1549 octets] - [28/10/2014 14:47:47]
AdwCleaner[S0].txt - [1430 octets] - [28/10/2014 14:49:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1490 octets] ##########
____________________________________________________________________

Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows 8.1 x64
Ran by cindy on 28/10/2014 at 15:03:54.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

Successfully deleted: [File] "C:\WINDOWS\wininit.ini"

~~~ Folders

~~~ FireFox

Emptied folder: C:\Users\cindy\AppData\Roaming\mozilla\firefox\profiles\quwgf7w0.default\minidumps [23 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28/10/2014 at 15:06:04.48
End of JRT log


Report •

#3
October 28, 2014 at 14:15:00
"Phew! that was fun, and just a little scary for a techno ignoramus"
Well done.

Step 3: Run RogueKiller
http://www.softpedia.com/get/Securi...
http://majorgeeks.com/RogueKiller_d...
http://www.geekstogo.com/forum/file...
http://tigzy.geekstogo.com/roguekil...
http://www.sur-la-toile.com/RogueKi...
User Guide
http://www.adlice.com/softwares/rog...
Official tutorial
http://www.adlice.com/softwares/rog...
If RogueKiller won't run, open IE & turn off SmartScreen Filter.
http://windows.microsoft.com/en-AU/...
Download & SAVE to your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Quit all programs that you may have started.
Shutdown your antivirus to avoid any conflicts.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7/8, right-click and select "Run as Administrator to start"

For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
Click on "Delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and Copy & Paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop.
Exit/Close RogueKiller.
When completed make sure to re-enable your antivirus.


Report •

Related Solutions

#4
October 31, 2014 at 08:42:43
Okay, confused and have a few questions but here is the Roguekiller scan:

RogueKiller V10.0.4.0 [Oct 29 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/rog...
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : cindy [Administrator]
Mode : Delete -- Date : 10/31/2014 15:38:45

¤¤¤ Processes : 1 ¤¤¤
[Tr.Zeus] mcshield.exe -- [x] -> ERROR [12]

¤¤¤ Registry : 4 ¤¤¤
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10JPVX-75JC3T0 +++++
--- User ---
[MBR] 1793a69dd633eea08550c92d4a489e10
[BSP] df2fca7e1e4559573c2b2a41f1e5c142 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_10302014_213041.log - RKreport_DEL_10302014_213120.log - RKreport_SCN_10302014_212951.log - RKreport_SCN_10312014_153139.log
RKreport_DEL_10312014_153806.log


Report •

#5
October 31, 2014 at 13:55:03
We are going well.

Update & Run Malwarebytes' Anti-Malware ( MBAM ) Free Version. Use Quick scan ( now called Threat Scan )
Malwarebytes' Anti-Malware
http://www.softpedia.com/get/Antivi...
http://www.malwarebytes.org/free/
Make sure you uncheck > Enable free trial < at the END of the install.
http://i.imgur.com/tUFCbYz.gif
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box to Scan for rootkits.
http://i.imgur.com/dZgt1g2.gif
Copy and Paste the contents of the log, in your reply please.


Report •

#6
November 2, 2014 at 03:01:27
Done:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 02/11/2014
Scan Time: 10:33:08
Logfile: malware scan.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.02.03
Rootkit Database: v2014.11.01.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: walmcin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 357641
Time Elapsed: 20 min, 6 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


Report •

#7
November 2, 2014 at 03:53:54
Just going back to RogueKiller, was that the log after hitting Delete?

Run ESET Online Scanner, Copy and Paste the contents of the log in your reply please. This scan may take a very long while, so please be patient. Maybe start it before going to work or bed.
http://www.eset.com/us/online-scann...
http://www.eset.com/home/products/o...
You may have to download ESET from a good computer, put it on a flash/thumb/pen drive & run it from there, if your comp is unbootable, or won't let you download.
Create a ESET SysRescue CD or USB drive
http://kb.eset.com/esetkb/index?pag...
How do I use my ESET SysRescue CD or USB flash drive to scan and clean my system?
http://kb.eset.com/esetkb/index?pag...
Configure ESET this way & disable your AV.
http://i.imgur.com/3U7YC.gif
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Which web browsers are compatible with ESET Online Scanner?
http://www.nod32.fi/eset-online-sca...
http://kb.eset.com/esetkb/index?pag...
Online Scanner not working
http://kb.eset.com/esetkb/index?pag...
Why Would I Ever Need an Online Virus Scanner? I already have an antivirus program installed, isn't that enough?
http://www.squidoo.com/the-best-fre...
Once onto a machine, malware can disable antivirus programs, prevent antimalware programs from downloading updates, or prevent a user from running antivirus scans or installing new antivirus software or malware removal tools. At this point even though you are aware the computer is infected, removal is very difficult.
5: Why does the ESET Online Scanner run slowly on my computer?
If you have other antivirus, antispyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and hinder performance. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished.
17: How can I view the log file from ESET Online Scanner?
http://kb.eset.com/esetkb/index?pag...
http://www.eset.com/home/products/o...
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking on it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start ? Run dialog box from the Start Menu on the Desktop.
If no threats are found, you will simply see an information window that no threats were found.
http://www.trishtech.com/security/s...

message edited by Johnw


Report •

#8
November 2, 2014 at 09:38:51
Yes. But the website page kept popping up as well with info on how to get rid of Tr.zeus using Roguekiller which I found confusing and I wasn't sure if the problem had been solved but didn't post it then. When I went back later I ran it again and the Tr.zeus warning was still there so went through the whole process again (again with the RK webpage appearing) and then posted the log here. I must admit that after reading the page that came up on RK site about Tr.zeus I am just a little freaked out. But then Malwarebytes report says no malicious items found???
Will do the next bit now but if I have to disable real-time scanning and the Eset scanner completes while I'm not at my computer (ie asleep) won't my computer be vulnerable in the meantime?

Report •

#9
November 2, 2014 at 13:45:31
"[Tr.Zeus] mcshield.exe -- [x] -> ERROR [12]"
This appears to be a new version, finding all of the infected parts is what I am trying to do.

"But then Malwarebytes report says no malicious items found"
Once a user has clicked something they were not sure of, it is too late, we then have to find a special tool that can recognize & remove the infected bits. Authors of these special tools, can only deal with so much, there are thousands of new versions coming out each week.

"won't my computer be vulnerable in the meantime?"
Only if you click & allow something into the comp that you shouldn't.
ESET online is used countless times every day & is a tool you should keep in your armory for a second opinion.


Report •

#10
November 2, 2014 at 23:14:34
Hi,
Here is the Eset scan result:

C:\Users\cindy\Downloads\DriverWizard_spb16.exe Win32/Toolbar.Conduit.S potentially unwanted application deleted - quarantined

That is all there was on the page. It seems very short compared to the others, is this correct?

And all this guidance is very much appreciated by the way....


Report •

#11
November 3, 2014 at 02:47:03
" is this correct?"
Yep.

Need these logs please.

Install CCleaner ( This is a slim version that doesn't install the Yahoo toolbar )
http://www.freewarefiles.com/CClean...
http://www.freewarefiles.com/screen...
http://www.softpedia.com/get/Securi...
http://www.piriform.com/ccleaner/bu...

Open CCleaner > Tools > Startup > Windows tab, down the bottom right hand corner, Click on > Save to text file. Save file to Desktop. Post that info please.
My screenshot ( SS )
http://i.imgur.com/JFYFZSg.gif

Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt).
The logs are large, upload them using this, or upload to a site of your choosing. No account needed. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif


Report •

#12
November 8, 2014 at 05:02:46
Hi,
I have run CCleaner and Farbar (When I opened Farbar a window appeared that said something about an application error but it went ahead anyway)
CCleaner:
Adobe Flash Player 15 Plugin Adobe Systems Incorporated 20/10/2014 6.00 MB 15.0.0.189
Amazon 1Button App for Windows Taskbar Amazon 12/12/2013 1.0.0.2
Belarc Advisor 8.4 Belarc Inc. 14/07/2014 8.4.0.0
Blackboard Collaborate Launcher Blackboard 20/10/2014 114 MB 1.2.0.0
Canon Easy-WebPrint EX Canon Inc. 14/07/2014 1.4.1.0
Canon IJ Scan Utility ‪Canon Inc.‬ 14/07/2014
Canon MG5400 series MP Drivers Canon Inc. 14/07/2014 1.00
Canon MG5400 series On-screen Manual Canon Inc. 14/07/2014 7.5.0
Canon MG5400 series User Registration Canon Inc.‎ 14/07/2014
Canon My Image Garden Canon Inc. 14/07/2014 1.0.0
Canon My Image Garden Design Files Canon Inc. 14/07/2014 1.0.0
Canon My Printer Canon Inc. 14/07/2014 3.0.0
Canon Quick Menu Canon Inc. 14/07/2014 2.0.0
CCleaner Piriform 04/11/2014 4.19
CyberLink Media Suite Essentials CyberLink Corp. 14/07/2014 1.16 GB 10.0
Dell Backup and Recovery Dell Inc. 12/12/2013 1.7.5.63
Dell Digital Delivery Dell Products, LP 12/12/2013 2.7.1000.0
Dell Product Registration Dell Inc. 12/12/2013 1.16.1
Dell Touchpad Synaptics Incorporated 14/07/2014 46.4 MB 16.3.13.5
Dell WLAN and Bluetooth Client Installation Dell Inc. 12/12/2013 10.0
ESET Online Scanner v3 02/11/2014
HomeMeeting JoinNet 4.4.0 HomeMeeting Inc 14/07/2014 4.4.0
Intel(R) Management Engine Components Intel Corporation 13/12/2013 9.5.3.1520
Intel(R) Processor Graphics Intel Corporation 12/10/2014 10.18.10.3907
Intel(R) Rapid Storage Technology Intel Corporation 12/12/2013 12.5.0.1066
Intel(R) SDK for OpenCL - CPU Only Runtime Package Intel Corporation 13/12/2013 3.0.0.66956
Java 7 Update 71 Oracle 21/10/2014 119 MB 7.0.710
Lexibar Spanish lexicool.com 15/04/2014
Malwarebytes Anti-Malware version 2.0.3.1025 Malwarebytes Corporation 24/10/2014 56.7 MB 2.0.3.1025
McAfee LiveSafe – Internet Security McAfee, Inc. 30/10/2014 12.8.992
Microsoft Office Microsoft Corporation 12/12/2013 296 MB 15.0.4454.1510
Microsoft Silverlight Microsoft Corporation 12/10/2014 50.7 MB 5.1.30514.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 12/12/2013 1.92 MB 3.1.0000
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 12/12/2013 4.84 MB 8.0.59193
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 06/02/2014 13.2 MB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 12/12/2013 8.85 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 06/02/2014 10.1 MB 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 12/12/2013 13.8 MB 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 12/12/2013 11.1 MB 10.0.40219
Mozilla Firefox 34.0 (x86 en-US) Mozilla 02/11/2014 81.2 MB 34.0
Mozilla Maintenance Service Mozilla 14/07/2014 341 KB 29.0
My Dell PC-Doctor, Inc. 14/07/2014 128 MB 3.5.6426.22
OpenOffice 4.1.1 Apache Software Foundation 20/10/2014 338 MB 4.11.9775
PrimoPDF -- brought to you by Nitro PDF Software Nitro PDF Software 14/07/2014 5
Qlock Free Vitei inc 28/07/2014 3.90 MB 1.91
Qualcomm Atheros Bluetooth Suite (64) Qualcomm Atheros Communications 10/08/2014 93.3 MB 8.0.1.316
Quickset64 Dell Inc. 12/12/2013 10.15.018
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 14/07/2014 6.0.1.6927
Shared C Run-time for x64 McAfee 12/12/2013 1.38 MB 10.0.0
Skype™ 6.18 Skype Technologies S.A. 15/08/2014 26.3 MB 6.18.106
Spybot - Search & Destroy Safer Networking Limited 06/02/2014 1.6.2
TutorABC_Helper TutorABC 14/07/2014 1.0.1.82
TutorChat TutorGroup 01/08/2014 1.1.3.19
Vuze Remote Toolbar v9.3 Spigot, Inc. 03/06/2014 7.29 MB 9.3
Windows Live Essentials Microsoft Corporation 16/06/2014 16.4.3528.0331
WinX Free MP4 to WMV Converter 5.0.6 Digiarty Software, Inc. 24/06/2014 92.6 MB

Farbar Tool:
Zippyshare link: http://www8.zippyshare.com/v/173667...

Although the Farbar Additional file is on my desk top it was not in the desktop list when I browsed on Zippyshare.....?


Report •

#13
November 8, 2014 at 13:00:23
Run FRST again please, make sure Addition is checked. Wait for the Update to finish before scanning.
http://i.imgur.com/u81X5V0.gif

Report •

#14
November 9, 2014 at 06:36:33
Hi,
Can you explain to me how I would find these files again on Zippyshare? I logged in to the site and couldn't find the file I uploaded last time.
When I ran Farbar Tool the application error message appeared again; it reads: "Exception EAccess Violation in module ERUNT.exe at 00003A62. Access violation at address 00403A62 in module ERUNT.exe. Read of address 0069005C." Do you know what this is?

Here are the links:
http://www72.zippyshare.com/v/48589...
http://www72.zippyshare.com/v/45416...



Report •

#15
November 9, 2014 at 13:38:06
"Can you explain to me how I would find these files again on Zippyshare? I logged in to the site and couldn't find the file I uploaded last time."
I can, no need to log in, just click on the link you gave me.

"Exception EAccess Violation in module ERUNT.exe at 00003A62"
Shall deal with that later.

===============================

Copy & Paste the text below ( starting closeprocesses: ), save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

closeprocesses:
emptytemp:
AlternateDataStreams: C:\Users\cindy\OneDrive:ms-properties
Vuze Remote Toolbar v9.3 (HKLM-x32\...\{44C0EC7E-CF09-4569-B34B-0A9347D72596}) (Version: 9.3 - Spigot, Inc.) <==== ATTENTION
SearchScopes: HKLM - {BC24095D-2385-4880-97E9-54228BC26855} URL = http://www.bing.com/search?q={searc...
SearchScopes: HKLM-x32 - {BC24095D-2385-4880-97E9-54228BC26855} URL = http://www.bing.com/search?q={searc...
SearchScopes: HKCU - DefaultScope {041EF639-73BB-4D88-89FE-49945D02995F} URL = https://uk.search.yahoo.com/search?...
SearchScopes: HKCU - {041EF639-73BB-4D88-89FE-49945D02995F} URL = https://uk.search.yahoo.com/search?...
SearchScopes: HKCU - {BC24095D-2385-4880-97E9-54228BC26855} URL =
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
S3 BtFilter; \SystemRoot\system32\DRIVERS\btfilter.sys [X]
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No File
C:\Users\cindy\AppData\Local\Temp\dllnt_dump.dll

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.


Report •

#16
November 10, 2014 at 01:25:59
Hi,

I have the fixlist.txt saved to desktop but FRST64 cannot find it.....


Report •

#17
November 10, 2014 at 02:08:19
Re my post #11

"Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop
Did you?

My post #15
"NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work."


Report •

#18
November 10, 2014 at 03:53:13
Oops, ok, the FRST64 was in downloads....
Here is the fixlist log:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-11-2014 01
Ran by cindy at 2014-11-10 10:40:33 Run:1
Running from C:\Users\cindy\Desktop
Loaded Profile: cindy (Available profiles: cindy & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
closeprocesses:
emptytemp:
AlternateDataStreams: C:\Users\cindy\OneDrive:ms-properties
Vuze Remote Toolbar v9.3 (HKLM-x32\...\{44C0EC7E-CF09-4569-B34B-0A9347D72596}) (Version: 9.3 - Spigot, Inc.) <==== ATTENTION
SearchScopes: HKLM - {BC24095D-2385-4880-97E9-54228BC26855} URL = http://www.bing.com/search?q={searc...
SearchScopes: HKLM-x32 - {BC24095D-2385-4880-97E9-54228BC26855} URL = http://www.bing.com/search?q={searc...
SearchScopes: HKCU - DefaultScope {041EF639-73BB-4D88-89FE-49945D02995F} URL = https://uk.search.yahoo.com/search?...
SearchScopes: HKCU - {041EF639-73BB-4D88-89FE-49945D02995F} URL = https://uk.search.yahoo.com/search?...
SearchScopes: HKCU - {BC24095D-2385-4880-97E9-54228BC26855} URL =
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
S3 BtFilter; \SystemRoot\system32\DRIVERS\btfilter.sys [X]
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No File
C:\Users\cindy\AppData\Local\Temp\dllnt_dump.dll
*****************

Processes closed successfully.
C:\Users\cindy\OneDrive => ":ms-properties" ADS removed successfully.
Vuze Remote Toolbar v9.3 (HKLM-x32\...\{44C0EC7E-CF09-4569-B34B-0A9347D72596}) (Version: 9.3 - Spigot, Inc.) <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BC24095D-2385-4880-97E9-54228BC26855}" => Key deleted successfully.
"HKCR\CLSID\{BC24095D-2385-4880-97E9-54228BC26855}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BC24095D-2385-4880-97E9-54228BC26855}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{BC24095D-2385-4880-97E9-54228BC26855}" => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{041EF639-73BB-4D88-89FE-49945D02995F}" => Key deleted successfully.
"HKCR\CLSID\{041EF639-73BB-4D88-89FE-49945D02995F}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BC24095D-2385-4880-97E9-54228BC26855}" => Key deleted successfully.
"HKCR\CLSID\{BC24095D-2385-4880-97E9-54228BC26855}" => Key not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => Key deleted successfully.
BtFilter => Service deleted successfully.
"HKCR\PROTOCOLS\Handler\belarc" => Key deleted successfully.
"HKCR\CLSID\{6318E0AB-2E93-11D1-B8ED-00608CC9A71F}" => Key not found.
C:\Users\cindy\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
EmptyTemp: => Removed 343.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====


Report •

#19
November 10, 2014 at 04:13:02
Run TFC
http://www.geekstogo.com/forum/file...
http://www.bleepingcomputer.com/dow...
http://oldtimer.geekstogo.com/TFC.exe
http://www.itxassociates.com/OT-Too...
Download it onto your Desktop If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Double-click TFC.exe to run it. Note: If you are running on Vista/Windows 7/8, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

If you are still getting the > masetupcleaner.exe message, go into CCleaner > Tools > Startup & Disable Kies.

Run RogueKiller again & post the log please.


Report •

#20
November 10, 2014 at 05:25:50
Done. And what I discovered when I bothered to read properly was that the Tr.Zeus alert was to do with the McAfee antivirus which they go on to say to ignore and that the next version out will deal with this glitch. Did I understand correctly?

RogueKiller report:
RogueKiller V10.0.4.0 [Oct 29 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/rog...
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : cindy [Administrator]
Mode : Delete -- Date : 11/10/2014 13:17:58

¤¤¤ Processes : 1 ¤¤¤
[Tr.Zeus] mcshield.exe -- [x] -> ERROR [12]

¤¤¤ Registry : 4 ¤¤¤
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10JPVX-75JC3T0 +++++
--- User ---
[MBR] 1793a69dd633eea08550c92d4a489e10
[BSP] df2fca7e1e4559573c2b2a41f1e5c142 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_10302014_213041.log - RKreport_DEL_10302014_213120.log - RKreport_DEL_10312014_153806.log - RKreport_DEL_10312014_153845.log
RKreport_DEL_11082014_132102.log - RKreport_DEL_11082014_135650.log - RKreport_SCN_10302014_212951.log - RKreport_SCN_10312014_153139.log
RKreport_SCN_11082014_131406.log - RKreport_SCN_11082014_135446.log - RKreport_SCN_11102014_131611.log


Report •

#21
November 10, 2014 at 12:45:40
"Exception EAccessViolation in module ERUNT.exe at 00003A62"
No idea wthout googling, trillions of error combinations out there.
Ok, after googling.
Erunt is a registry backup, programs will do a backup if installed & according to your logs, you don't appear to have it installed, hence the error, nothing to worry about.
Googling confirmed here.
http://www.windowsbbs.com/malware-v...

Download Security Check by screen317 from one of the following links and save it to your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://screen317.spywareinfoforum.o...
http://screen317.changelog.fr/Secur...
Please restart the computer before running this security check.
* Double click SecurityCheck.exe. If you run Windows Vista or 7/8, right click and choose 'Run as Administrator'.
o If you are asked by Windows to run this program or not, please click 'Yes' or 'Run'.
o When you see a console window, press any key to continue scanning.
o Wait while it scans.
o If your firewall alerts you of Security Check, please press 'Allow' or similar.
* A Notepad document should open automatically after scan is completed. It will be called checkup.txt; Please Copy and Paste the contents into your reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.


Report •

#22
November 10, 2014 at 12:51:08
"Done. And what I discovered when I bothered to read properly was that the Tr.Zeus alert was to do with the McAfee antivirus which they go on to say to ignore and that the next version out will deal with this glitch. Did I understand correctly?"
Correct. It's called a false positive & ALL security programs can do that.

We are nearly finished.


Report •

#23
November 11, 2014 at 04:39:16
Here is the log from Security Check:

Results of screen317's Security Check version 0.99.89
x64 (UAC is enabled)
Internet Explorer 11
[b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u]
[color=red][b]Windows Security Center service is not running! This report may not be accurate![/b][/color]
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
Windows Defender
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u]
Java 7 Update 71
[color=red][b]Java version out of Date![/b][/color]
Adobe Flash Player 15.0.0.189
Mozilla Firefox (34.0)
[b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]
[b][u]`````````````````System Health check`````````````````[/b][/u]
Total Fragmentation on Drive C: %
[b][u]````````````````````End of Log``````````````````````[/b][/u]

What's up with Java being out of date? I always seem to be 'allowing' Java and it is used for my audio/recording online studies.

:-)


Report •

#24
November 11, 2014 at 04:57:56
Just going to bed.

"What's up with Java being out of date?"
No idea, if you have checked for an update, maybe it's a false positive.

System Restore will have infected files in it, turning System Restore OFF & then ON will remove them.
Windows 8
http://www.bleepingcomputer.com/tut...

As you can see from your logs, you had stuff installed, that you do not know, how it had been installed.
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom install. No more click, click during an install, you have to read after each click.

I use Softpedia, down the bottom of the page, they make you aware what Ad-supported programs the author of the program has included.
Sample page
Vuse.
http://www.softpedia.com/get/Intern...
Screenshot.
http://i.imgur.com/tfuRHUa.gif

Use Unchecky to help prevent these third party installs. Nothing is perfect, the badies are always ahead of the goodies, so be vigilant.
http://www.softpedia.com/get/System...
http://unchecky.com/
A reliable application that aims to protect your computer against third-party components often offered during software installations.


Report •

#25
November 11, 2014 at 08:40:31
G'nite then.
But when you wake up.......

Ok, I have done the on again/off again system restore point and there were two drives - one was C drive and the other was a folder PBR image which was already off. When I googled this I learned that it is something called a Push Button Reset in case you need to repair your computer. Do I leave this as it was, ie off?
Possibly the last question I'll ask (lol) in this discussion!
And a huge thank you for your time and effort in this.
:-)


Report •

#26
November 11, 2014 at 13:48:34
"Do I leave this as it was, ie off?"
Yes.

"And a huge thank you for your time and effort in this"
YW, nicely done.


Report •

Ask Question