- Please download Malwarebytes Anti-Malware to your desktop.
- Double-click mbam-setup-version.exe and follow the prompts to install the program.
- At the end, be sure a check-mark is placed next to the following:
- Enable free trial of Malwarebytes Anti-Malware Premium
- Launch Malwarebytes Anti-Malware
- Then click Finish.
- If an update is found, you will be prompted to download and install the latest version.
- Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
- When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
- Reboot your computer if prompted.
My computer is infected
#16
Posted 03 April 2015 - 10:05 PM
#17
Posted 03 April 2015 - 10:09 PM
I checked my Programs list and it said something along the lines of "Something went wrong when uninstalling Malwarebytes, would you like to remove it from your Programs list?"
#18
Posted 03 April 2015 - 10:23 PM
Joe
#19
Posted 03 April 2015 - 10:47 PM
Ok, sorry for taking so long but I think this is what you were talking about right?
Attached Files
#20
Posted 03 April 2015 - 10:51 PM
www.malwarebytes.org
Scan Date: 4/3/2015
Scan Time: 9:12:31 PM
Logfile: Malwarebytes Log.txt
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.04.04.02
Rootkit Database: v2015.03.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Brendan
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 396559
Time Elapsed: 32 min, 58 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 1
PUP.Optional.AdobeExtendedPlugin.C, C:\ProgramData\{84436a25-a071-c6b6-8443-36a25a07a896}\civilization 4 game.exe, 3844, , [246e7fe9d3b7ca6c8fa2201c30d2fe02]
Modules: 0
(No malicious items detected)
Registry Keys: 13
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, , [8e04c6a2a3e7bc7a85762215ff0413ed],
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, , [8e04c6a2a3e7bc7a85762215ff0413ed],
PUP.Optional.QuickRef.A, HKLM\SOFTWARE\WOW6432NODE\QuickRef_1.10.0.9, , [a6ec1256e0aa70c6b67979497c872ad6],
PUP.Optional.LocalTemperature.A, HKLM\SOFTWARE\WOW6432NODE\LOCALTEMP, , [157d61074941ca6c26db7942ca39a957],
PUP.Optional.VoPackage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VOPackage, , [c1d1ee7acebc4fe7bef99daf51b47789],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4820778D-AB0D-6D18-C316-52A6A0E1D507}, , [3d55a5c3deac6ec8752f10c8b74c1de3],
PUP.Optional.Salus.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\mwiynzm4ndy1yjz, , [a9e988e07f0bb97d73196460d82b4db3],
PUP.Optional.QuickRef.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\qrnfd_1_10_0_9, , [365c48204e3c87afc46e6062927133cd],
PUP.Optional.Nosibay.A, HKU\S-1-5-21-708214694-1593697130-2342718439-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Nosibay, , [048e87e14f3ba69024fcfbd06d9611ef],
PUP.Optional.StormWatchApp.A, HKU\S-1-5-21-708214694-1593697130-2342718439-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\StormWatchApp, , [ddb5d395d7b364d28eaa973a09fa39c7],
PUP.Optional.MultiIE.A, HKU\S-1-5-21-708214694-1593697130-2342718439-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE, , [2e642a3e127863d3c6dfd367669f936d],
PUP.Optional.WindApp.A, HKU\S-1-5-21-708214694-1593697130-2342718439-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\STORE\WindApp Tag, , [137f95d335555fd7f3521ca1a75c58a8],
PUP.Optional.SelectionTool.A, HKU\S-1-5-21-708214694-1593697130-2342718439-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WTOOLS\Selection Tools Tag, , [fa98d2966624a98d4fc803c0bf442ed2],
Registry Values: 3
PUP.Optional.LocalTemperature.A, HKLM\SOFTWARE\WOW6432NODE\LOCALTEMP|GUID, CE3A2868-5A71-468D-AE9F-1354CF642F2F, , [157d61074941ca6c26db7942ca39a957]
PUP.Optional.WindApp.A, HKU\S-1-5-21-708214694-1593697130-2342718439-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|WindApp, "C:\Users\Brendan\AppData\Roaming\Store\WindApp\WindApp.exe" /winstartup, , [6a28d4946129b185868d2c97ea1935cb]
PUP.Optional.SelectionTools.A, HKU\S-1-5-21-708214694-1593697130-2342718439-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Selection Tools, "C:\Users\Brendan\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe" /winstartup, , [9bf7b5b34f3bf2443980c7ff46bdbc44]
Registry Data: 0
(No malicious items detected)
Folders: 2
PUP.Optional.Nosibay.A, C:\Users\Brendan\AppData\Roaming\Nosibay, , [cdc52e3a305a2115072c6145cd36a15f],
PUP.Optional.PastaLeads.A, C:\Program Files\Common Files\PastaLeads, , [f0a2f474aae01b1b87060ea24eb506fa],
Files: 19
PUP.Optional.AdobeExtendedPlugin.C, C:\ProgramData\{84436a25-a071-c6b6-8443-36a25a07a896}\civilization 4 game.exe, , [246e7fe9d3b7ca6c8fa2201c30d2fe02],
PUP.Optional.AdobeExtendedPlugin.C, C:\ProgramData\{3a0c3e94-ebf8-9e2d-3a0c-c3e94ebffa53}\civilization 4 game.exe, , [f69c94d40783e254f43d102c56ac08f8],
PUP.Optional.Winsock.Hijack, C:\Windows\SysWOW64\BDL.dll, , [4949ce9ad6b41125dd36f9400bf77789],
PUP.Optional.Winsock.Hijack, C:\Windows\SysWOW64\VCL.dll, , [a6ec2840bcce1b1bbccdda61ac56e818],
PUP.Optional.OutBrowse, C:\Users\Brendan\Downloads\3DS_Emulator.exe, , [c7cbbeaa17734ceaeb388bb01ce621df],
PUP.Optional.AdobeExtendedPlugin.C, C:\Users\Brendan\Downloads\Sid Meies Civilization IV Full Download For PC.exe, , [d8bae583bdcd2d09c869b686f70b2ed2],
PUP.Optional.VCL.A, C:\Windows\System32\VCLOff.ini, , [ace6293ff5952f07a28612a4857ee41c],
PUP.Optional.VCL.A, C:\Windows\SysWOW64\VCLOff.ini, , [81115711602ad1656dbb8135966db34d],
PUP.Optional.BasementDuster.A, C:\Windows\System32\BasementDusterOff.ini, , [7e140068543685b13e238f28c63d6a96],
PUP.Optional.BasementDuster.A, C:\Windows\SysWOW64\BasementDusterOff.ini, , [8a0889df3753d1657ee30ea9659e3bc5],
PUP.Optional.Trovi.A, C:\Users\Brendan\AppData\Roaming\Mozilla\Firefox\Profiles\mc4mmp7v.default\searchplugins\trovi.xml, , [246e4622127871c55bac32871be8649c],
PUP.Optional.SelectionTools.A, C:\Users\Brendan\AppData\Roaming\Selection Tools.installation.log, , [454df276d9b184b2f76e388a956ef40c],
PUP.Optional.Bubbledock.A, C:\Users\Brendan\AppData\Roaming\Bubble Dock.boostrap.log, , [0b8770f83b4f1c1a3197a622ec17e41c],
PUP.Optional.Bubbledock.A, C:\Users\Brendan\AppData\Roaming\Bubble Dock.installation.log, , [cec4bcac0a80d2644682e2e607fcf10f],
PUP.Optional.WindApp.A, C:\Users\Brendan\AppData\Roaming\WindApp.boostrap.log, , [0092e4840a8091a526a33890ec178779],
PUP.Optional.WindApp.A, C:\Users\Brendan\AppData\Roaming\WindApp.installation.log, , [157dc1a74743b482c306ad1b09faae52],
PUP.Optional.MindSpark.A, C:\Users\Torin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_eliteunzip.dl.tb.ask.com_0.localstorage, , [6f23f672474381b56d2c44b259aabc44],
PUP.Optional.MindSpark.A, C:\Users\Torin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_eliteunzip.dl.tb.ask.com_0.localstorage-journal, , [a5ed2f39c0ca3df9fa9f32c4f90a966a],
PUP.Optional.Trovi.A, C:\Users\Brendan\AppData\Roaming\Mozilla\Firefox\Profiles\mc4mmp7v.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://www.trovi.com...=031715&SSPV="), ,[ade55d0b1b6ff145602ed3635aac30d0]
Physical Sectors: 0
(No malicious items detected)
(end)
It does not look like you quarantined anything;
Make sure you have done that,
When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
- Reboot your computer if prompted.
#21
Posted 03 April 2015 - 11:14 PM
Ok here it is.
Attached Files
#22
Posted 03 April 2015 - 11:17 PM
Here comes a fix, remember Copy, paste, run fix, post log.
A few items to fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
CloseProcesses: CreateRestorePoint: HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-708214694-1593697130-2342718439-1002 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...&D=040315&SSPV= SearchScopes: HKU\S-1-5-21-708214694-1593697130-2342718439-1002 -> {ABDAE76F-7F4D-4D96-8974-D0DF805DD6F3} URL = FF DefaultSearchEngine: Trovi FF SelectedSearchEngine: Trovi FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3333531&octid=EB_ORIGINAL_CTID&ISID=M15D18B3C-B481-47C6-8CAF-1827BC06D7D7&SearchSource=55&CUI=&UM=8&UP=SP72707F87-9D5F-4DE3-958B-41D6F16D8D40&D=031715&SSPV= FF NewTab: about:newtab FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF SearchPlugin: C:\Users\Brendan\AppData\Roaming\Mozilla\Firefox\Profiles\mc4mmp7v.default\searchplugins\trovi.xml [2015-04-03] S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X] R1 mwiynzm4ndy1yjz; system32\drivers\mwiynzm4ndy1yjz.sys [X] S1 qrnfd_1_10_0_9; system32\drivers\qrnfd_1_10_0_9.sys [X] 2015-03-16 23:13 - 2015-03-25 22:50 - 00000000 ____D () C:\ProgramData\3b347388000055a1 2015-03-16 22:15 - 2015-03-16 23:12 - 00000000 ____D () C:\Users\Brendan\AppData\Roaming\BitTorrent 2015-03-16 19:41 - 2015-03-16 19:41 - 00003270 _____ () C:\windows\System32\Tasks\GlobalUpdate-ywy1yzzxn2szbtl 2015-03-16 19:41 - 2015-03-16 19:41 - 00000000 ____D () C:\Users\Brendan\AppData\Roaming\ywy1yzzxn2szbtl 2015-03-16 18:10 - 2015-03-16 18:53 - 00000000 ____D () C:\Program Files\Common Files\PastaLeads 2015-03-16 18:08 - 2015-03-16 18:11 - 00000000 ____D () C:\Users\Brendan\Documents\ProPCCleaner 2015-03-16 18:08 - 2015-03-16 18:08 - 00003196 _____ () C:\windows\System32\Tasks\ProPCCleaner_Start 2015-03-16 18:08 - 2015-03-16 18:08 - 00000000 ____D () C:\Users\Brendan\AppData\Local\Pro_PC_Cleaner 2015-03-16 21:51 - 2014-08-21 23:11 - 00000000 __SHD () C:\windows\SysWOW64\AI_RecycleBin C:\Users\Torin\AppData\Local\Temp\oct1F35.tmp.exe C:\Users\Torin\AppData\Local\Temp\oct9D77.tmp.exe Task: {0215C75D-25FF-4855-B8B2-85D8BA044F77} - System32\Tasks\GlobalUpdate-ywy1yzzxn2szbtl => C:\Users\Brendan\AppData\Roaming\ywy1yzzxn2szbtl\ywy1yzzxn2szbtl.exe [2015-03-15] () <==== ATTENTION C:\Users\Brendan\AppData\Roaming\ywy1yzzxn2szbtl\ywy1yzzxn2szbtl.exe Task: {57BE5E2C-42A0-4AE6-9405-0AB2B78FDD0A} - System32\Tasks\SBWUpdateTask_Time_8ad185b5-1AEE65E83569 => C:\Program Files\Common Files\SpeedBit\SBUpdate\SBUpdate.exe <==== ATTENTION C:\Program Files\Common Files\SpeedBit Task: {83B3623B-BC7F-49E7-BD77-D7D0442FBB88} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION C:\Program Files (x86)\Pro PC Cleaner Task: {C9BEADB8-D8E5-47A1-8223-F4BA8C48E0D3} - \GPUP No Task File <==== ATTENTION Task: {D80F0111-0C24-4936-9FFA-9CA913594EDA} - System32\Tasks\SBWUpdateTask_Logon_8ad185b5-1AEE65E83569 => C:\Program Files\Common Files\SpeedBit\SBUpdate\SBUpdate.exe <==== ATTENTION Task: {FDD312D7-29C4-4478-AB2A-06581E81D97D} - \Jelbrus Secure Web Task No Task File <==== ATTENTION AlternateDataStreams: C:\Windows:nlsPreferences AlternateDataStreams: C:\ProgramData\Temp:56E2E879 AlternateDataStreams: C:\Users\Brendan\OneDrive:ms-properties HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" CMD: bitsadmin /reset /allusers CMD: netsh winsock reset catalog CMD: ipconfig /flushdns CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset RemoveProxy: hosts: Emptytemp:Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.
#23
Posted 03 April 2015 - 11:35 PM
Ok here's the Fixlog
Attached Files
#24
Posted 03 April 2015 - 11:36 PM
Next
Please download AdwCleaner by Xplode onto your Desktop.
- Close all open programs and internet browsers.
- Double click on AdwCleaner.exe to run the tool.
- Click the Scan button and wait for the process to complete.
- Click the logfile button and the log will open in Notepad.
- NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
- Click on the Clean button follow the prompts.
- A log file will automatically open after the scan has finished and the PC has rebooted.
- Please post the content of that log file with your next answer.
- You can find the log file at C:\AdwCleaner
- Next
Please download Junkware Removal Tool to your Desktop.
Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.
In your next reply post;- The AdwCleaner [SO].txt Log
- The JRT.txt Log
Joe
#25
Posted 03 April 2015 - 11:49 PM
Ok heres the log.
#26
Posted 03 April 2015 - 11:57 PM
Here's the other one.
#27
Posted 04 April 2015 - 12:08 AM
What's next?
#28
Posted 04 April 2015 - 12:15 AM
Windows Vista/ Windows 7/ Windows 8
Uninstall / reinstall Chrome
1.Close all Chrome windows and tabs.
2.Go to the Start menu > Control Panel. (Windows 8 users: Learn how to access the Control Panel)
3.Click Programs and Features.
4.Double-click Google Chrome.
5.Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, select the "Also delete your browsing data" checkbox.
If you have Bookmarks that you want to save, you want to do that first.
Export / Import Bookmarks. https://support.goog...wer/96816?hl=en
Then reinstall Chrome from here-->http://www.google.com/chrome/
I would also reset Firefox;
How to reset Firefox:
- Click the menu button and then click help .
- From the Help menu choose Troubleshooting Information. ...
- Click the Reset Firefox… button in the upper-right corner of the
- Troubleshooting Information page.
- To continue, click Reset Firefox in the confirmation window that opens.
Thanks
Joe
#29
Posted 04 April 2015 - 12:34 AM
Ok I did that and it seems to have worked. Thank you. I really appreciate the help.
#30
Posted 04 April 2015 - 12:42 AM
Download DelFix by Xplode and save it to your desktop.
- Run the tool by right click on the icon and Run as administrator option.
- Make sure that these ones are checked:
- Remove disinfection tools
- Purge system restore
- Reset system settings
- Push Run.
- The program will run for a few seconds and display a notepad report.
Paste it for my review.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users