Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer running slow, internet search changed, pretty sure it's malware


  • This topic is locked This topic is locked
11 replies to this topic

#1 Coaxly

Coaxly

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 31 March 2014 - 08:02 AM

My computer is running slow and I'm pretty sure I have an infection of some kind but I'm not sure what it is.

 

Here are the logs

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:49 PM

Posted 31 March 2014 - 09:45 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please attach this file to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Coaxly

Coaxly
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 31 March 2014 - 10:44 AM

Thank you for your reply.

 

The log is attached.

Attached Files



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:49 PM

Posted 01 April 2014 - 02:24 AM

Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs

DefaultTab
Google Toolbar for Internet Explorer
McAfee Security Scan Plus


Close the window.

 

 

 

Combofix

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications


====================================================


Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RC_update.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


cfRC_screen_2.png


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 Coaxly

Coaxly
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 01 April 2014 - 10:15 AM

I had problems uninstalling

 

Google Toolbar for Internet Explorer
McAfee Security Scan Plus

 

The screen just blinked when I tried to uninstall Google Toolbar for Internet Explorer and nothing happened.

I got two error messages when I tried to uninstall McAfee Security Scan Plus. I have attached both (1.jpg and 2.jpg)

 

 

 

Combofix log attached.

Attached Files

  • Attached File  1.JPG   97.89KB   0 downloads
  • Attached File  2.JPG   95.65KB   0 downloads
  • Attached File  ComboFix.txt   37.16KB   3 downloads


#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:49 PM

Posted 01 April 2014 - 10:24 AM

Windows XP out of date

Your Microsoft Windows installation is out of date. Microsoft continually releases security and stability updates for its supported operating systems and you should always apply these to help keep your PC secure. Out-of-date Windows installations represent a risk to your system and are also a conduit for the spread of malware. You should visit Windows Update to check for the latest updates to your system. The latest service pack (SP3) can be obtained directly from Microsoft here.

 

 

 

 

Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs
 

 

Media View
Media Viewer
Media Watch


Close the window.

 

 

 

 

When finished, run combofix again and post the log.


Edited by TB-Psychotic, 01 April 2014 - 10:24 AM.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 Coaxly

Coaxly
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 02 April 2014 - 08:41 PM

Got an error when I tried to install the service pack.  Attached.

 

Removed the programs.


Running combo fix now.....

Attached Files



#8 Coaxly

Coaxly
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 02 April 2014 - 09:54 PM

combo

Attached Files



#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:49 PM

Posted 03 April 2014 - 04:40 AM

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:

    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, navigate to the Scan tab, select Custom Scan.
  • Click the Scan Now >> button.
  • Under 'Custom Scanning Options' uncheck all boxes.
  • Select only 'Scan for rootkits'.
  • Do not select any drive letter.
  • Click 'Start Scan'.
  • When the scan is complete, click on 'Cancel'.
  • Click Yes at the next message.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 Coaxly

Coaxly
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 04 April 2014 - 03:10 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 04/04/2014
Scan Time: 21:08:50
Logfile: 
Administrator: Yes
 
Version: 2.00.0.1000
Malware Database: v2014.04.04.04
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
 
OS: Windows XP Service Pack 2
CPU: x86
File System: NTFS
User: Carl
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 252188
Time Elapsed: 4 hr, 45 min, 30 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 10
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\CLASSES\APPID\{38495740-0035-4471-851E-F5BBB86AB085}, No Action By User, [f46059cd4536b77f48369579df23e31d], 
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\CLASSES\APPID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}, No Action By User, [9cb864c2611a83b3ea95c04ef111fb05], 
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\CLASSES\CLSID\{A1E28287-1A31-4b0f-8D05-AA8C465D3C5A}, No Action By User, [2c2859cd6a11a393008049c5f70bdc24], 
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\CLASSES\DefaultTabBHO.DefaultTabBrowserActiveX.1, No Action By User, [2c2859cd6a11a393008049c5f70bdc24], 
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\CLASSES\DefaultTabBHO.DefaultTabBrowserActiveX, No Action By User, [2c2859cd6a11a393008049c5f70bdc24], 
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}, No Action By User, [2c2859cd6a11a393008049c5f70bdc24], 
PUP.Optional.DefaultTab.A, HKU\S-1-5-21-1189184266-1014243840-1079021191-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, No Action By User, [084ce046c5b6d95d6d41bd516e9402fe], 
PUP.Optional.InboxToolBar.A, HKU\S-1-5-21-1189184266-1014243840-1079021191-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}, No Action By User, [ce86b4729be0df578803ad95639fdd23], 
PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}, No Action By User, [ce86b4729be0df578803ad95639fdd23], 
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\CLASSES\APPID\DefaultTabBHO.DLL, No Action By User, [4311a482dc9fee488217fb754db5c838], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 1
Redir.Qooqlle, HKU\S-1-5-21-1189184266-1014243840-1079021191-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.qooqlle.com/, Good: (http://www.google.com), Bad: (http://www.qooqlle.com/),No Action By User,[5bf9ef371a611a1c01a47a941ce8d927]
 
Folders: 1
Adware.InstallBrain, C:\Documents and Settings\All Users\Application Data\IBUpdaterService, No Action By User, [df75f92d2556e353a4eff66734cf30d0], 
 
Files: 8
PUP.BundleInstaller.IB, C:\Documents and Settings\Carl\Desktop\bundleSetup.exe, No Action By User, [252f2cfaef8c8fa7d1057b30f709629e], 
PUP.Optional.Inbox, C:\Documents and Settings\Carl\My Documents\Downloads\EmailNotifierSetup.exe, No Action By User, [2d27ad79cbb02511344eea177190c23e], 
PUP.Optional.PCPerformer.A, C:\WINDOWS\system32\roboot.exe, No Action By User, [292b49dd8bf0d2646961ce526997a65a], 
PUP.Optional.DefaultTab.A, C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\n0d9ausx.default\searchplugins\search-here.xml, No Action By User, [ff55e14579024fe74fc3ee73a959639d], 
PUP.Optional.Conduit.A, C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\n0d9ausx.default\searchplugins\conduit.xml, No Action By User, [bd97c56149329f97a9b6cd9522e010f0], 
PUP.Optional.DefaultTab.A, C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\n0d9ausx.default\extensions\addon@defaulttab.com.xpi, No Action By User, [92c29393bebd72c4402a7ee44cb650b0], 
Redir.Qooqlle, C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\qooqlle.xml, No Action By User, [163e4cda146769cdbda83764e71b867a], 
Adware.InstallBrain, C:\Documents and Settings\All Users\Application Data\IBUpdaterService\repository.xml, No Action By User, [df75f92d2556e353a4eff66734cf30d0], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:49 PM

Posted 07 April 2014 - 02:41 AM

The found threats have to be removed.

Please rescan and follow my instructions to remove anything found.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:49 PM

Posted 15 April 2014 - 08:46 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users