[Valinorum]

No. FRST did not do this. Please choose 'Yes' and restart the tool. It should remove the value.

[Advertisements]

Removed, then scanned again - the message didn't show up this time

MBAR scan came out clean, next step?

Edited by LegendOz, 12 January 2015 - 08:47 AM.

[LegendOz]

Removed, then scanned again - the message didn't show up this time

MBAR scan came out clean, next step?

Edited by LegendOz, 12 January 2015 - 08:47 AM.

[Valinorum]

Please do not edit your post. If you need to post anything new; make a new reply instead. Provide me a fresh FRST scan log please.

[LegendOz]

Logs Attached

Attached Files

•  FRST.txt   560.5KB   223 downloads
•  Addition.txt   53.31KB   242 downloads
•  Shortcut.txt   71.65KB   287 downloads

[Valinorum]

• Step #5 Scan with Malwarebytes' Anti-Malware
  • Download Malwarebytes' Anti-Malware from the suitable link below --
    • Download Link #1
    • Download Link #2
    • Download Link #3
  • Double-click mbam-setup.exe to install the application.
  • Before clicking Finish perform the following actions --
    • Un-check the box beside Enable free trial of Malwarebytes Anti-Malware Premium.
    • Check the box beside Launch Malwarebytes Anti-Malware
  • Once the program has loaded, The MBAM dashboard will appear with an alert to update - click the green button Update Now;
  • Click on Setting--
    • Navigate to the tab Detection and Protection and check all the boxes under Detection Options
  • From the Dashboard click on Scan Now;
  • If threats are detected click on Apply actions. If the program asks to reboot your PC, let it do so;
  • On completion of the scan click on View Detailed Log after that click on Export Button, select Text File and save the log to your Desktop;
  • Copy and Paste the contents of the log in your next reply.

 

• Step #6 ESET Online Scanner
  Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information.
  • Download esetsmartinstaller_enu.exe by clicking here.
  • Right-click on the program and choose Run as administrator.
  • Accept their terms and condition and proceed.
  • Install Add-On/Active X if prompted.
  • From the Computer Scan Setting check the following box --
    • Enable detection for potentially unwanted programs
  • Click on Advanced Setting --
    • Uncheck the box beside Remove Found Threats;
    • Check the box beside Scan archives
    • Check the box beside Scan for potentially unsafe applications
    • Check the box beside Enable Anti-Stealth Technology
  • Click on Start and wait for the virus signature database to update.
  • The online scan will begin automatically and can take several hours.
    • Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
  • After the Scan finishes --
    • If no threats were found:
      • Put a checkmark in Uninstall application on close.
      • Close the program and report that nothing was found
    • If threats were found:
      • Open the file located in C:\Program Files\ESET\ESET Online Scanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit).
      • Copy and Paste contents of the log file in your next reply.
  Note: Enable your security programs afterwards.

 

• Required Log(s):
  • Malwarebytes' Anti-Malware Log
  • ESET Scan Log

Regards,
Valinorum

[LegendOz]

Both the scans came out clean

ESET did not produce any log

I have attached the MalwareBytes' AntiMalware Scan Log

Attached Files

•  Malwarebytes' Anti Malware Log.txt   1.04KB   213 downloads

[Valinorum]

How is your PC?

[LegendOz]

Firstly, I would like to thank you Valinorum for being so helpful with this.

 

About the PC, I am not quite sure yet. The registry message which appeared while running MBAR re-appears every time I restart.

I have added the image to it below.

 

 

BitDefender, and Malware Bytes AntiMalware have been giving this pop-up.

It shows up every time I restart (even if I block it); and keeps coming up every 2 mins. or so

 

 

 

On looking up rubyw.exe belong to Private Internet Access.

However, it is not a software I installed and I cannot find it among installed programs in the control panel to remove it.

[Valinorum]

Post a fresh FRST scan log. It is time to remove that program. Before that, are you using any VPN software?

[LegendOz]

FARBAR logs attached

 

Not using a VPN right now (but I have used one by HMA in the past - not installed anymore)
rubyw.exe (not installed by me) is trying to connect to different IPs every couple of minutes

 

On opening FARBAR I got this message

 

 

The program still ran fine though and generated the logs.

Attached Files

•  FRST.txt   557.92KB   120 downloads
•  Addition.txt   49.1KB   146 downloads
•  Shortcut.txt   71.26KB   243 downloads

[Valinorum]

I am incline to believe that you do not use Ruby on rails as well. Do not proceed with the fix if you believe otherwise.


 

• Step #7 Fix with FRST
  Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
  • Open Notepad.exe. Do not use any other text editor software;
  • Copy and Paste the contents inside the code-box to your Notepad --
    

    Start
    CreateRestorePoint:
    CloseProcesses:
    HKLM-x32\...\Run: [] => [X]
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    C:\Users\Aditya\AppData\Local\Temp\ocr4D6E.tmp
    C:\Program Files\pia_manager\
    Emptytemp:
    End

  • Click on File > Save as...
    • Inside the File Name box type fixlist.txt;
    • From the Save as type drop down list, choose All Files
  • Save the file to your Desktop;
  • Re-run FRST.exe and click Fix;
    • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
  • After the completion, a log will be produced;
  • Copy and Paste the contents of the log in your next reply.

 

• Required Log(s):
  • FRST Fix Log

Regards,
Valinorum

[LegendOz]

Fixlog attached.

The BitDefender and MalwareBytes' Anti Malware firewall pop-ups seem to have stopped.

The rubyw.exe seems to have gone too so looks like it worked.

 

Any idea what that error is when starting FRST, and the registry entry one while starting MBAR?

Attached Files

•  Fixlog.txt   1.56KB   184 downloads

[LegendOz]

Update (this happened on BitDefender not sure what caused it):

 

[Valinorum]

Is the error persistent?

[LegendOz]

The BitDefender message, I have seen it twice before.

FRST and MBAR one are happening every time I start them.