[pystryker]

Looking good, how is the machine running? Let's run some scans for remnants and orphans.



Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits



Go back to the Dashboard and select Scan Now



If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.





On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list.

Click View, then click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->

• Select the option YES, I accept the Terms of Use then click on Start
• When prompted allow the Add-On/Active X to install.
• Make sure that the option Remove found threats is NOT checked.
• Make sure that the option Scan archives is checked.
• Now click on Advanced Settings and select the following:
• Scan for potentially unwanted applications
• Scan for potentially unsafe applications
• Enable Anti-Stealth Technology
• Now click on Start
• The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically. The scan may take several hours.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• Now click on Finish
• Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic.

Step 3: SecurityCheck Scan


Download Security Check by screen317 from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Things I need to see in your next post:

• ESET Scan Log
• MBAM Log
• SecurityCheck Log

[Advertisements]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

[pystryker]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

[pystryker]

User returned.

[Acousticcountry]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/30/2015
Scan Time: 12:54:37 AM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.01.4.1018
Malware Database: v2015.03.30.03
Rootkit Database: v2015.03.26.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Chris

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 437302
Time Elapsed: 24 min, 8 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 3
PUP.Optional.ConsumerInput.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}, Quarantined, [dfcc9dae890158de53bef33f4eb5827e],
PUP.Optional.uTorrentBar.A, HKLM\SOFTWARE\WOW6432NODE\uTorrentBar, Quarantined, [b9f20942e5a5dc5aa13fb0259073dd23],
PUP.Optional.uTorrentBar.A, HKU\S-1-5-21-346444361-470292555-3986792257-1000\SOFTWARE\APPDATALOW\SOFTWARE\uTorrentBar, Quarantined, [2388f9523d4d023449993f96ab5859a7],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 5
PUP.Optional.Information.A, C:\Program Files (x86)\Information, Quarantined, [3675e863701a1521cdd430cc9f648d73],
PUP.Optional.InstallX.A, C:\Users\Chris\AppData\Roaming\InstallX Search Protect for Yahoo, Quarantined, [9912f05b1a7050e652864b3416ed38c8],
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-9.3, Quarantined, [56556edd4c3e06300b92552b4bb8eb15],
PUP.Optional.HQVid.A, C:\Program Files (x86)\HQvidPv1.12, Quarantined, [d9d24308fc8e9b9bafc4691c27dcbb45],
PUP.Optional.ChromeEnhancer.A, C:\Program Files\ChromeEnhancer, Quarantined, [0c9f72d9e6a444f2e3258b2a867df20e],

Files: 20
PUP.Optional.AdPeak.A, C:\temp\t.msi, Quarantined, [e5c6e76439510a2cadcfb00f41c4c937],
PUP.Optional.Proxy.A, C:\Users\Chris\AppData\Local\proxy.log, Quarantined, [c3e8cc7f96f4e2545f09b8268b789f61],
PUP.Optional.Information.A, C:\Program Files (x86)\Information\background.html, Quarantined, [3675e863701a1521cdd430cc9f648d73],
PUP.Optional.Information.A, C:\Program Files (x86)\Information\50368.crx, Quarantined, [3675e863701a1521cdd430cc9f648d73],
PUP.Optional.Information.A, C:\Program Files (x86)\Information\50368.xpi, Quarantined, [3675e863701a1521cdd430cc9f648d73],
PUP.Optional.Information.A, C:\Program Files (x86)\Information\Installer.log, Quarantined, [3675e863701a1521cdd430cc9f648d73],
PUP.Optional.InstallX.A, C:\Users\Chris\AppData\Roaming\InstallX Search Protect for Yahoo\config.xml, Quarantined, [9912f05b1a7050e652864b3416ed38c8],
PUP.Optional.InstallX.A, C:\Users\Chris\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.zip, Quarantined, [9912f05b1a7050e652864b3416ed38c8],
PUP.Optional.InstallX.A, C:\Users\Chris\AppData\Roaming\InstallX Search Protect for Yahoo\SearchProtectorMonitor.log, Quarantined, [9912f05b1a7050e652864b3416ed38c8],
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-9.3\360-53098.crx, Quarantined, [56556edd4c3e06300b92552b4bb8eb15],
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-9.3\53098.crx, Quarantined, [56556edd4c3e06300b92552b4bb8eb15],
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-9.3\53098.xpi, Quarantined, [56556edd4c3e06300b92552b4bb8eb15],
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-9.3\background.html, Quarantined, [56556edd4c3e06300b92552b4bb8eb15],
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-9.3\bgNova.html, Quarantined, [56556edd4c3e06300b92552b4bb8eb15],
PUP.Optional.HQVid.A, C:\Program Files (x86)\HQvidPv1.12\53098.crx, Quarantined, [d9d24308fc8e9b9bafc4691c27dcbb45],
PUP.Optional.HQVid.A, C:\Program Files (x86)\HQvidPv1.12\53098.xpi, Quarantined, [d9d24308fc8e9b9bafc4691c27dcbb45],
PUP.Optional.HQVid.A, C:\Program Files (x86)\HQvidPv1.12\background.html, Quarantined, [d9d24308fc8e9b9bafc4691c27dcbb45],
PUP.Optional.ChromeEnhancer.A, C:\Program Files\ChromeEnhancer\bhelper.dll, Quarantined, [0c9f72d9e6a444f2e3258b2a867df20e],
PUP.Optional.ChromeEnhancer.A, C:\Program Files\ChromeEnhancer\bhelper64.dll, Quarantined, [0c9f72d9e6a444f2e3258b2a867df20e],
PUP.Optional.ChromeEnhancer.A, C:\Program Files\ChromeEnhancer\ChromeEnhancerMonitor64.exe, Quarantined, [0c9f72d9e6a444f2e3258b2a867df20e],

Physical Sectors: 0
(No malicious items detected)

(end)

[Acousticcountry]

I left the ESET scan going, and when I came back it appeared that my computer had restarted.  I checked and there was a log, however it is very short, so I am not sure if the scan completed.  Here is what I have.

 

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
 

[pystryker]

I left the ESET scan going, and when I came back it appeared that my computer had restarted. I checked and there was a log, however it is very short, so I am not sure if the scan completed. Here is what I have.

Ok, let's run it again and see if the same result occurs. The MBAM log quarantined everything it found, but I'd like to make sure with the ESET log. If it does the same thing again, we'll proceed. Also, please don't forget to run the SecurityCheck program and post the log. If you'd like, you can run it before running ESET and post the log.

[pystryker]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.