Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PUP.Optional.InstallCore keeps comming back.


  • Please log in to reply
45 replies to this topic

#1 MrKnightmare

MrKnightmare

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 18 October 2013 - 03:29 PM

Along with PUP.Optional.BrowseFox.A, PUP.AdBundler, Trojan.Downloader.Ri, PUP.Optional.DefaultTab, PUP.Optional.Conduit.A. I keep running malwarebytes, sometimes it wants a restart, but the same things keep coming back...i have been running scans all day and this is driving me crazy.
Please help.

 

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org
 
Database version: v2013.06.16.03
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
jon :: STROPPY-PC [administrator]
 
16/06/2013 17:34:23
mbam-log-2013-06-16 (17-34-23).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 236125
Time elapsed: 1 minute(s), 51 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 2
C:\Users\jon\Downloads\oi_automouseclickerzip.exe (PUP.BundleInstaller.OI) -> Quarantined and deleted successfully.
C:\Users\jon\Downloads\Spybot Search & Destroy.exe (PUP.AdBundler) -> Quarantined and deleted successfully.
 
(end)
 

Edited by MrKnightmare, 18 October 2013 - 03:41 PM.
moved from Windows 7 to the appropriate forum


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:46 PM

Posted 18 October 2013 - 06:43 PM

Hello Mr Knightmare -

Please read all instructions first, and always ask if you are not sure

I will attempt to add descriptions of what we are doing as we move on .........

Note that PUP = Potentially Unwanted Program, and not always a major infection.

 

First - Please read and follow How to uninstall | Spybot

Next -
You need a minimum of I.E. 9 or 10 installed, but you only have I.E. 8 which is very outdated.
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514

 

 

Next - Make sure Wordwrap and Quote are disabled from Notepad
Please download AdwCleaner by Xplode to your desktop.
* Close all open programs and internet browsers.
* Double click on adwcleaner.exe to run the tool.
* Click on Scan. (Only Once)
* Check the listed items and untick any you do not want removed (ask me if you are not sure)
* Click on Clean (Only Once) and confirm with OK if asked
* NOTE : Your computer will be rebooted automatically. A text file will open after the restart.
* Please post the contents of that logfile with your next reply.
* You can find the logfile at C:\AdwCleaner[S0].txt as well.

 

Next -
Update your Malwarebytes Anti-Malware to current and run a Quick scan with it.
Post the log back here.

 

Next -

Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.

 

Next -

Download MiniToolBox, Save it to your desktop and run it.
Close any Firefox browsers you may have open
Checkmark the following boxes:
• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• Report FF Proxy Settings
• Reset FF Proxy Settings
• List content of Hosts
• List last 10 Event Viewer log
• List Installed Programs
• List Users, Partitions and Memory size.
• List Minidump Files
 Click Go and copy / paste the result (Result.txt).

 

Finally -

Please post a snapshot with Speccy for more system details -
How to Publish a snapshot with Speccy <<-- Full Directions Here

 

You can spread these over a couple of posts if you prefer ........

 

Thank You -



#3 MrKnightmare

MrKnightmare
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 19 October 2013 - 06:31 AM

# AdwCleaner v3.008 - Report created 19/10/2013 at 12:29:21 # Updated 17/10/2013 by Xplode # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits) # Username : jon - STROPPY-PC # Running from : C:\Users\jon\Downloads\AdwCleaner(1).exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.7601.17514 -\\ Mozilla Firefox v24.0 (en-US) [ File : C:\Users\jon\AppData\Roaming\Mozilla\Firefox\Profiles\a0kxafpb.default\prefs.js ] -\\ Google Chrome v30.0.1599.101 [ File : C:\Users\jon\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [7411 octets] - [18/10/2013 23:11:16] AdwCleaner[R1].txt - [1173 octets] - [18/10/2013 23:38:21] AdwCleaner[R2].txt - [1127 octets] - [18/10/2013 23:51:33] AdwCleaner[R3].txt - [1332 octets] - [19/10/2013 12:28:52] AdwCleaner[S0].txt - [7555 octets] - [18/10/2013 23:11:36] AdwCleaner[S1].txt - [1241 octets] - [18/10/2013 23:38:58] AdwCleaner[S2].txt - [1189 octets] - [18/10/2013 23:52:51] AdwCleaner[S3].txt - [1255 octets] - [19/10/2013 12:29:21] ########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1315 octets] ##########

#4 MrKnightmare

MrKnightmare
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 19 October 2013 - 06:35 AM

Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2013.10.19.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 jon :: STROPPY-PC [administrator] Protection: Enabled 19/10/2013 12:32:49 mbam-log-2013-10-19 (12-32-49).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 230408 Time elapsed: 1 minute(s), 32 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

#5 MrKnightmare

MrKnightmare
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 19 October 2013 - 06:36 AM

Results of screen317's Security Check version 0.99.74
Windows 7 Service Pack 1 x64 (UAC is enabled)
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java™ 6 Update 33
Java 7 Update 45
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.9.900.117
Mozilla Firefox (for.)
Mozilla Thunderbird 13.0.1 Thunderbird out of Date!
Google Chrome 30.0.1599.101
Google Chrome 30.0.1599.69
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 27% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````


#6 MrKnightmare

MrKnightmare
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 19 October 2013 - 06:38 AM

MiniToolBox by Farbar Version: 13-07-2013 Ran by jon (administrator) on 19-10-2013 at 12:38:13 Running from "C:\Users\jon\Desktop" Microsoft Windows 7 Ultimate Service Pack 1 (X64) Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is not enabled. No Proxy Server is set. "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= FF Proxy Settings: ============================== "Reset FF Proxy Settings": Firefox Proxy settings were reset. ========================= Hosts content: ================================= 127.0.0.1 localhost ========================= Event log errors: =============================== Application errors: ================== Error: (10/19/2013 00:31:49 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/19/2013 00:30:03 PM) (Source: Winlogon) (User: ) Description: Windows license activation failed. Error 0x80070005. Error: (10/19/2013 00:30:00 PM) (Source: NvStreamSvc) (User: ) Description: NvStreamSvcUnregistering VAD endpoint [0] Error: (10/19/2013 00:29:58 PM) (Source: NvStreamSvc) (User: ) Description: NvStreamSvcNvVAD endpoint registered successfully [0] Error: (10/19/2013 00:29:58 PM) (Source: ISCT Agent) (User: ) Description: CAgentService::AgentServiceInit Error: CDriverApi::CreateInstance() Failed : 0, thermal driver inaccessible. Error: (10/19/2013 00:29:58 PM) (Source: ISCT Agent) (User: ) Description: CISCTPnpDriverApi::CreateInstance *****Unable to open the ISCT device driver Error: (10/19/2013 00:27:50 PM) (Source: Winlogon) (User: ) Description: Windows license activation failed. Error 0x80070005. Error: (10/19/2013 00:27:48 PM) (Source: NvStreamSvc) (User: ) Description: NvStreamSvcUnregistering VAD endpoint [0] Error: (10/19/2013 00:27:46 PM) (Source: NvStreamSvc) (User: ) Description: NvStreamSvcNvVAD endpoint registered successfully [0] Error: (10/19/2013 00:27:46 PM) (Source: ISCT Agent) (User: ) Description: CAgentService::AgentServiceInit Error: CDriverApi::CreateInstance() Failed : 0, thermal driver inaccessible. System errors: ============= Error: (10/19/2013 00:29:59 PM) (Source: Service Control Manager) (User: ) Description: The NTIOLib_1_0_3 service failed to start due to the following error: %%183 Error: (10/19/2013 00:29:59 PM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (10/19/2013 00:29:59 PM) (Source: Service Control Manager) (User: ) Description: The vToolbarUpdater17.0.12 service failed to start due to the following error: %%2 Error: (10/19/2013 00:27:47 PM) (Source: Service Control Manager) (User: ) Description: The NTIOLib_1_0_3 service failed to start due to the following error: %%183 Error: (10/19/2013 00:27:47 PM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (10/19/2013 00:27:47 PM) (Source: Service Control Manager) (User: ) Description: The vToolbarUpdater17.0.12 service failed to start due to the following error: %%2 Error: (10/19/2013 00:27:14 PM) (Source: DCOM) (User: ) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (10/19/2013 00:24:52 PM) (Source: Service Control Manager) (User: ) Description: The NTIOLib_1_0_3 service failed to start due to the following error: %%183 Error: (10/19/2013 00:24:52 PM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (10/19/2013 00:24:52 PM) (Source: Service Control Manager) (User: ) Description: The vToolbarUpdater17.0.12 service failed to start due to the following error: %%2 Microsoft Office Sessions: ========================= Error: (10/19/2013 00:31:49 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/19/2013 00:30:03 PM) (Source: Winlogon)(User: ) Description: 0x800700050x00000000 Error: (10/19/2013 00:30:00 PM) (Source: NvStreamSvc)(User: ) Description: NvStreamSvcUnregistering VAD endpoint [0] Error: (10/19/2013 00:29:58 PM) (Source: NvStreamSvc)(User: ) Description: NvStreamSvcNvVAD endpoint registered successfully [0] Error: (10/19/2013 00:29:58 PM) (Source: ISCT Agent)(User: ) Description: CAgentService::AgentServiceInit Error: CDriverApi::CreateInstance() Failed : 0, thermal driver inaccessible. Error: (10/19/2013 00:29:58 PM) (Source: ISCT Agent)(User: ) Description: CISCTPnpDriverApi::CreateInstance *****Unable to open the ISCT device driver Error: (10/19/2013 00:27:50 PM) (Source: Winlogon)(User: ) Description: 0x800700050x00000000 Error: (10/19/2013 00:27:48 PM) (Source: NvStreamSvc)(User: ) Description: NvStreamSvcUnregistering VAD endpoint [0] Error: (10/19/2013 00:27:46 PM) (Source: NvStreamSvc)(User: ) Description: NvStreamSvcNvVAD endpoint registered successfully [0] Error: (10/19/2013 00:27:46 PM) (Source: ISCT Agent)(User: ) Description: CAgentService::AgentServiceInit Error: CDriverApi::CreateInstance() Failed : 0, thermal driver inaccessible. CodeIntegrity Errors: =================================== Date: 2013-10-19 00:05:15.338 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-10-19 00:05:15.338 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. =========================== Installed Programs ============================ 50 FREE MP3s +1 Free Audiobook! (Version: 1.0.0.1) 7-Zip 9.20 (x64 edition) (Version: 9.20.00.0) Adobe Flash Media Live Encoder 3.2 (Version: 3.2.0) Adobe Flash Player 10 ActiveX (Version: 10.0.22.87) Adobe Flash Player 11 Plugin (Version: 11.9.900.117) Adobe Photoshop 7.0 (Version: 7.0) Adobe Shockwave Player 12.0 (Version: 12.0.4.144) AirMech Alien Swarm America's Army 3 Analogue: A Hate Story Antichamber Arma 2: British Armed Forces ARMA 2: British Armed Forces - Data cache removal Arma 2: DayZ Mod Arma 2: Operation Arrowhead Beta Arma 2: Private Military Company ARMA 2: Private Military Company - Data cache removal Asmedia ASM104x USB 3.0 Host Controller Driver (Version: 1.10.1.0) Asmedia ASM106x SATA Host Controller Driver (Version: 1.2.1.000) Audacity 2.0.3 (Version: 2.0.3) AudioGenie Bastion BattlEye for OA Uninstall BattlEye Uninstall Battlezone 1.5 version 1.3 (Version: 1.3) BioShock Infinite BIT.TRIP RUNNER Borderlands 2 CamStudio OSS Desktop Recorder (Version: 2.6 Beta r294) Capsized CCleaner (Version: 3.12) CDisplayEx 1.8 CLICKBIOSII (Version: 1.0.061) ClickTray Calendar ControlCenter (Version: 2.2.086) Cortex Command CPUID CPU-Z 1.61.3 Critical Mass Dead Space 2 Dear Esther Deus Ex New Vision (Version: 1.5) Deus Ex: Game of the Year Edition Deus Ex: Human Revolution Deus Ex: Nihilum (Version: 1.0.0.0) DivX Setup (Version: 2.6.1.22) EasyViewer (Version: 1.3.0.9) EDGE Egg Timer Egg Timer (Version: 2.2.0) ESET Online Scanner v3 Eufloria EVE Online (remove only) F.E.A.R. f.lux Facebook Video Calling 1.2.0.287 (Version: 1.2.287) FEZ FileZilla Client 3.5.3 (Version: 3.5.3) Fraps (remove only) Free Video to Flash Converter version 5.0.21.1212 (Version: 5.0.21.1212) Front Mission Evolved FTL: Faster Than Light GameMaker: Studio Gish Gnumeric Spreadsheet 1.10.13-20110202 (Version: 1.10.13-20110202) Google Chrome (Version: 30.0.1599.101) Google Drive (Version: 1.12.5329.1887) Google Update Helper (Version: 1.3.21.165) GridRunner Revolution Hammerwatch Hate Plus Hawken HitmanPro 3.7 (Version: 3.7.8.207) Homeworld Homeworld OEM Version Indie Game: The Movie InFlux Intel® Management Engine Components (Version: 8.0.0.1351) Intel® Network Connections 16.8.46.0 (Version: 16.8.46.0) Intel® Smart Connect Technology 2.0 x64 (Version: 2.0.1051.0) Intel® Trusted Connect Service Client (Version: 1.23.216.0) Java 7 Update 45 (Version: 7.0.450) Java Auto Updater (Version: 2.1.9.8) Java™ 6 Update 33 (Version: 6.0.330) Killing Floor K-Lite Codec Pack 8.9.2 (Full) (Version: 8.9.2) Legend of Grimrock LEGO Digital Designer Live Update 5 (Version: 5.0.081) Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300) Mark of the Ninja MechWarrior Online (Version: 1.2.0.0) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Silverlight (Version: 5.1.10411.0) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (Version: 11.0.51106.1) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (Version: 11.0.51106.1) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106) Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106) Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (Version: 11.0.51106) Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (Version: 11.0.51106) Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0) Microsoft XNA Framework Redistributable 4.0 Refresh (Version: 4.0.30901.0) MicroVolts Mozilla Firefox 24.0 (x86 en-US) (Version: 24.0) Mozilla Maintenance Service (Version: 24.0) Mozilla Thunderbird 13.0.1 (x86 en-US) (Version: 13.0.1) Mumble 1.2.3 (Version: 1.2.3) Mutant Storm Demo Mutant Storm Reloaded My Game Long Name Natural Selection 2 Nexus Mod Manager (Version: 0.18.9) Notepad++ (Version: 6.4.2) NVIDIA 3D Vision Controller Driver 320.49 (Version: 320.49) NVIDIA 3D Vision Driver 320.49 (Version: 320.49) NVIDIA Control Panel 320.49 (Version: 320.49) NVIDIA GeForce Experience 1.6 (Version: 1.6) NVIDIA Graphics Driver 320.49 (Version: 320.49) NVIDIA HD Audio Driver 1.3.24.2 (Version: 1.3.24.2) NVIDIA Install Application (Version: 2.1002.131.854) NVIDIA PhysX (Version: 9.13.0604) NVIDIA PhysX System Software 9.13.0604 (Version: 9.13.0604) NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.2049) NVIDIA Update 7.2.17 (Version: 7.2.17) NVIDIA Update Components (Version: 7.2.17) NVIDIA Virtual Audio 1.2.1 (Version: 1.2.1) OpenAL OpenSCAD (remove only) Organ Trail: Director's Cut Osmos OTPService (Version: 1.0.002) Painkiller: Redemption Papers, Please PowerISO (Version: 4.8) Puzzle Dimension Python 2.7.5 (64-bit) (Version: 2.7.5150) Q.U.B.E. Realtek Ethernet Controller Driver (Version: 1.00.0024) Realtek High Definition Audio Driver (Version: 6.0.1.6526) Realtek PCI Fast Ethernet Controller Driver For Vista and Win7 (Version: 1.00.0005) ReMouse Micro (Version: Micro V3.4) Rocketbirds: Hardboiled Chicken Rogue Legacy Sanctum Scrolls (Version: 1.0.0) Sherlock Holmes versus Jack the Ripper SHIELD Streaming (Version: 1.05.19) Skype Click to Call (Version: 6.13.13771) Skype 6.9 (Version: 6.9.106) Solar 2 Source SDK Base 2007 Space Pirates and Zombies Speccy (Version: 1.15) Spectraball Splashtop Connect for Firefox (Version: 1.1.8.4) Splashtop Connect IE (Version: 1.1.13.0) Spore Spore: Galactic Adventures Stacking StarCraft II (Version: 2.0.9.26147) Steam (Version: 1.0.0.0) Steam Marines version 0.6.2a (Version: 0.6.2a) Steel Storm: Burning Retribution SumatraPDF (Version: 2.1.1) SUPER © v2012.build.54 (Nov 18, 2012) version v2012.build.54 (Version: v2012.build.54) Super Laser Racer Superbrothers: Sword & Sworcery EP Super-Charger (Version: 1.2.006) swMSM (Version: 12.0.0.1) Sword of the Stars: The Pit Synergy Synergy (Version: 1.4.5) Team Fortress 2 TeamSpeak 3 Client (Version: 3.0.10) TeamViewer 7 (Version: 7.0.12979) Teleglitch: Die More Edition The Ball The Basement Collection The Binding of Isaac The Chronicles of Riddick: Assault on Dark Athena The Elder Scrolls V: Skyrim The Nameless Mod The Red Odyssey 1.3 version 1.3 (Version: 1.3) The Stanley Parable The Walking Dead The Wolf Among Us Thomas Was Alone THX TruStudio Pro (Version: 1.04.01) Torchlight II TRAUMA TrueCrypt (Version: 7.1a) Unity Web Player (Version: ) Universe Sandbox Vampire: The Masquerade - Bloodlines VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0) Ventrilo Client for Windows x64 (Version: 3.0.8.0) VH Toolkit 1.0.44.0 VideoGenie (Version: 1.0.0.12) Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2) Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1) Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1) Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1) Volgarr the Viking Warframe (Version: 1.0.0) Warhammer 40,000 Space Marine Warhammer® 40,000: Dawn of War® II Retribution Whilokii 1.0.0 (Version: 1.0.0) Winamp (Version: 5.63 ) Winamp Detector Plug-in (Version: 1.0.0.1) WinRAR 4.20 (64-bit) (Version: 4.20.0) WinX Free AVI to FLV Converter 4.1.11 WinZip 17.0 (Version: 17.0.10283) Workrave 1.10 XCOM: Enemy Unknown ========================= Memory info: =================================== Percentage of memory in use: 24% Total physical RAM: 8146.56 MB Available physical RAM: 6148.67 MB Total Pagefile: 16291.32 MB Available Pagefile: 14311.29 MB Total Virtual: 4095.88 MB Available Virtual: 3965.62 MB ========================= Partitions: ===================================== 1 Drive c: () (Fixed) (Total:223.47 GB) (Free:104.73 GB) NTFS 2 Drive d: (New Volume) (Fixed) (Total:1863.01 GB) (Free:1489.89 GB) NTFS ========================= Users: ======================================== User accounts for \\STROPPY-PC Administrator Guest jon UpdatusUser ========================= Minidump Files ================================== No minidump file found **** End of log ****

#7 MrKnightmare

MrKnightmare
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 19 October 2013 - 06:40 AM

http://speccy.piriform.com/results/5AuquRN5tJDKEIdRr0gIKCP

#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:46 PM

Posted 19 October 2013 - 06:54 AM

Hello -

Just a very quick question -

Did you edit any of those scan results, or is that how they came out -

 

Thank You -



#9 MrKnightmare

MrKnightmare
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 19 October 2013 - 07:25 AM

I just copy pasted them, the only thing i did was click 'remove' the re-appearing malware in malwarebytes before copy-pasting the log.

Well i tried running these programs before coming here....but since being asked i have only done what has been asked.

Edited by MrKnightmare, 19 October 2013 - 07:31 AM.


#10 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:46 PM

Posted 19 October 2013 - 07:46 AM

All that existed in MBAM scan -

(PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.

From Control Panel > Programs and Features Uninstall Adobe Flash Player 10
While there, please remove Java™ 6 Update 33 and any version earlier than V7 U45

Mozilla Thunderbird 13.0.1 Thunderbird out of Date! If you use this, please update it and then remove any older versions.

 

Installation Date: 21/06/2012 12:08:56 I do not think that there has been any Windows Updates since this time ........
Windows Security Center
User Account Control (UAC): Enabled
Notify level: 2 - Default
Firewall: Enabled
Antivirus: Disabled

Have you ever installed an Antivirus program ?

Windows Update
AutoUpdate: Not configured

Actual Power On Time: 252.5 days and no Windows Updates ??

 

 

Did you have any CDs or DVDs in your computer while the scans were running ?
Description: Windows license activation failed. - This is constant in your Errors ?



#11 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:46 PM

Posted 19 October 2013 - 08:04 AM

You need an Antivirus. Please use this as a basic guide to Free versions - Now go to Windows Updates and only select Important Updates (the top line) to install, and tell me how many are available for you -

Well i tried running these programs before coming here....but since being asked i have only done what has been asked.

No problems, but I must ask -

 

Free Antivirus programs: (choose and install only one).
- avast! Free Antivirus <- includes Google Chrome pre-checked by default during installation but gives you the option to uncheck
- Microsoft Security Essentials includes the option to join the customer experience improvement program
- BitDefender Antivirus Free Edition
- Avira Free Antivirus includes Ask.com Toolbar pre-checked by default during installation
- AVG Anti-Virus Free Edition <- includes AVG Security Toolbar - AVG Secure Search pre-checked by default during installation but gives you the option to uncheck


Edited by noknojon, 19 October 2013 - 08:06 AM.


#12 MrKnightmare

MrKnightmare
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 19 October 2013 - 08:40 AM

I had AVG installed but it did not detect this problem.

#13 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:46 PM

Posted 19 October 2013 - 09:00 AM

Ok -

AVG is no longer installed, so please select another one (even M/soft Security Essentials)

 

You have done an ESET Online scan already, so this will not take as long (between 1 to 2 hours)

Use  ESET Online Scanner

Tick the box next to YES, I accept the Terms of Use
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click on List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset doesn't find any threats it will often NOT produce any log.

 

Run the SAS scan and report on that -

 

Try for any Windows Updates, there will (should) be many. You NEED I.E. 9 or 10, even if you use Chrome etc.

 

Run a Disk Check on your C: drive in Windows Vista or Windws 7:
 • Click the Start button and select Computer

• Right-click on C: and select Properties

• Click on the Tools tab

• Under Error-checking click the Check Now... button and click Continue at the U A C prompt

• Mark the 2 boxes next to Automatically fix file system errors and Scan for and attempt recovery of bad sectors

• Click on the Start button

• When the message box pops up, click the Schedule disk check button and Restart your computer

• Once your computer restarts it will check the drive, don't press any keys so that it is allowed to do so

This will take (on average) 1 to 2 hours depending on your system, so please let it run

On a Laptop, make sure it is plugged into a reliable power source as batteries will fail

Do not Force a reboot as you will lose data and cause other damage ............

Once completed it will reboot your system back to normal mode -

 

 

Next - go Start > Programs > Accessories and find Command Prompt, but wait and read on. You Must Right click on command prompt and select Run as Administrator for this to work -

Type sfc /scannow and press Enter. Note the space between c and / as this is important.

This will (on average) take 15 to 20 minutes to run, and please let it Fully Finish -

 

 

Thank You -



#14 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:46 PM

Posted 19 October 2013 - 09:11 AM

Please note that I will not be back for about 7 or 8 hours.

 

This will give you time to finish all of the items -

 

Thank You -



#15 MrKnightmare

MrKnightmare
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 19 October 2013 - 03:02 PM

C:\Program Files (x86)\Mutant Storm Demo\eclms144.exe a variant of Win32/Keygen.DY application cleaned by deleting - quarantined

C:\Program Files (x86)\Mutant Storm Demo\Mutant.Storm.v1.44.Keygen.zip a variant of Win32/Keygen.DY application deleted - quarantined

C:\Users\jon\Downloads\adwareremover-setup (1).exe Win32/DownloadAdmin.G application cleaned by deleting - quarantinedC

C:\Users\jon\Downloads\adwareremover-setup.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined

C:\Users\jon\Downloads\Brothersoft_downloader_For_Homeworld.exe a variant of Win32/BSDownloader application cleaned by deleting - quarantined

C:\Users\jon\Downloads\cnet2_auto_zip.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined

C:\Users\jon\Downloads\cnet2_vac412_zip.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined

C:\Users\jon\Downloads\cnet_tweakslogon_zip.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined

C:\Users\jon\Downloads\cpu-z_1.61-setup-en.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined

C:\Users\jon\Downloads\Firefox_Setup.exe Win32/InstallCore.EL application cleaned by deleting - quarantined

C:\Users\jon\Downloads\FreeVideoToFlashConverter.exe Win32/OpenCandy application cleaned by deleting - quarantined

C:\Users\jon\Downloads\IE10_setup.exe Win32/InstallCore.EL application cleaned by deleting - quarantined

C:\Users\jon\Downloads\perfect-keyboard-pro_7.5.5_setup.exe a variant of Win32/InstallCore.AT application cleaned by deleting - quarantined

C:\Users\jon\Downloads\SkypeSetup(1).exe Win32/InstallCore.EL application cleaned by deleting - quarantined

C:\Users\jon\Downloads\WinZip170_1.exe a variant of Win32/OpenInstall application cleaned by deleting - quarantined

D:\stroppy\cnet2_VHCapture_inst_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined

D:\stroppy\EmulatorsRoms\Emulators and Roms.rar a variant of Win32/XbFake application deleted - quarantined

D:\stroppy\EmulatorsRoms\Emulators and Roms\emulators\install\Xbox_setup.exe a variant of Win32/XbFake application cleaned by deleting - quarantined

Now i'm running malwarebytes again.

Edited by MrKnightmare, 19 October 2013 - 03:11 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users