Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hidden virus that no scanner will find?


  • Please log in to reply
20 replies to this topic

#1 Zylorarchy

Zylorarchy

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 06 December 2014 - 09:24 PM

Recently I have had to deal with many Malware due to one download, Pivot 4 Animator. 

I have seemingly managed to remove:

  • Faster Lights adware
  • Vosteran browser/hijacker
  • BrowseFox
  • Generic Adware (That is what AVG called it)
  • Conduit
  • PUP.Optional.BPlug (Adware)
  • Various other adware

No matter what I do, things continue to return. For example earlier today Malwarebytes said this laptop was clean, yet after several reboots later found PUP.Optional.BPlug. In order to get rid of (or attempt to) I have conducted a Factory Reset (which seemed to work on Faster Lights), but one website still had adware on but just one (odd I know). After shredding several recent files including BSI.exe and running CCleaner that website was finally free of ads.

 

But as I say, Malwarebytes later still found PUP.Optional.BPlug despite the fact all other virus scanners claiming no Malware is left. These include AVG, Avast, BitDefender, Hitmanpro (though yet to scan with Hitmanpro since reset). 

 

Almost everything does seemingly work now except... Runescape. An online game I play constantly freezes for reasons I do not know of, and has lower FPS than before, ever since I conducted the Factory Reset. Also, YouTube stopped functioning completely for unknown reasons too and finally the internet completely disconnected at one point stating I needed to re-enter the password.

 

I am thinking that there is some sort of Malware that is producing all of this, the continuous Adware, these strange problems. Yet nothing can find it! 

 

As I say, if it is any help... This all occurred as a result of downloading Pivot 4 (which came with a load of other rubbish). Pivot 4 itself is safe, its the other stuff like Vosteran, and Faster Lights and whatever else that came with it that has caused this. After the Factory Reset I put some data back on, but this only consists of Word Documents and a PP presentation. I have since tried to put Pivot 4 back on and before you think (what the hell???) I opted out of the free software that came with it, until I came to a part of the installation where there was no opt out function, at which point I exited the installer, not wanting to re-gain all I had removed thus far. And yes... the first time I did fail to opt out of the other software which did cause this... 

 

Any help? Urgently needed to be honest... Any other information I shall be very happy to provide.  :clapping:



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:44 PM

Posted 06 December 2014 - 10:29 PM

Hello, what is your operating system and browser?

ADW Cleaner

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).


    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • .

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Zylorarchy

Zylorarchy
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 07 December 2014 - 08:48 AM

Hello, what is your operating system and browser?

ADW Cleaner

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).


    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • .

 

 

 

Hello, I would first like to thank you for your response :) Especially during a time when university deadlines loom and this merely adds considerable stress. 

 

Anyway, if it is of any relevance before I downloaded Adwcleaner and JRT I tested Runescape and it still froze a lot, more than before and just before I attempted the download  itself the internet connection died, I had to manually disconnect and re-connect.

 

Results from Adwcleaner:

 

# AdwCleaner v4.104 - Report created 07/12/2014 at 13:27:37
# Updated 05/12/2014 by Xplode
# Database : 2014-12-03.1 [Live]
# Operating System : Windows 8.1  (64 bits)
# Username : Ollie - OLZ
# Running from : C:\Users\Ollie\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\SecTaskMan
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17037
 
 
-\\ Google Chrome v39.0.2171.71
 
 
*************************
 
AdwCleaner[R0].txt - [1307 octets] - [06/12/2014 17:58:24]
AdwCleaner[R1].txt - [876 octets] - [07/12/2014 13:25:06]
AdwCleaner[S0].txt - [1341 octets] - [06/12/2014 18:02:13]
AdwCleaner[S1].txt - [800 octets] - [07/12/2014 13:27:37]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [859 octets] ##########
 
Results from JRT:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 8.1 x64
Ran by Ollie on 07/12/2014 at 13:35:16.10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\windows\prefetch\DRIVERCTRL.EXE-01D4CB91.pf
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07/12/2014 at 13:38:58.79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Note, while I turned off BitDefender there seemed to be no option for this on Adwcleaner and to uninstall it would release the contents of the quarantine vault which contains "C:\ProgramData\SecTaskMan"
 
Again, thanks for the help :)


#4 Zylorarchy

Zylorarchy
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 07 December 2014 - 03:26 PM

Hello, I did another scan with Hitmanpro and this was the result...

 

 

HitmanPro 3.7.9.232
www.hitmanpro.com
 
   Computer name . . . . : OLZ
   Windows . . . . . . . : 6.3.0.9600.X64/4
   User name . . . . . . : OLZ\Ollie
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (29 days left)
 
   Scan date . . . . . . : 2014-12-07 20:12:41
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 2m 59s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 2
   Traces  . . . . . . . : 42
 
   Objects scanned . . . : 1,301,873
   Files scanned . . . . : 26,648
   Remnants scanned  . . : 296,297 files / 978,928 keys
 
Malware _____________________________________________________________________
 
   C:\windows\Temp\nsdDC31.exe -> Quarantined
      Size . . . . . . . : 191,901 bytes
      Age  . . . . . . . : 1.3 days (2014-12-06 12:24:10)
      Entropy  . . . . . : 5.5
      SHA-256  . . . . . : 60DAEBF4BDC332333656FFE38CA2D6F9D816BBC579E2CC8D1CA68C7D69D1200B
      Product  . . . . . : Lenovo Browser Guard
      Publisher  . . . . : ClientConnect LTD
      Description  . . . : SP Usage Sender
      Version  . . . . . : 1.0.0.0
      LanguageID . . . . : 0
    > Kaspersky  . . . . : not-a-virus:WebToolbar.NSIS.Agent.k
      Fuzzy  . . . . . . : 102.0
 
   C:\windows\Temp\nsg3C15.exe -> Quarantined
      Size . . . . . . . : 191,901 bytes
      Age  . . . . . . . : 1.3 days (2014-12-06 12:24:35)
      Entropy  . . . . . : 5.5
      SHA-256  . . . . . : 60DAEBF4BDC332333656FFE38CA2D6F9D816BBC579E2CC8D1CA68C7D69D1200B
      Product  . . . . . : Lenovo Browser Guard
      Publisher  . . . . : ClientConnect LTD
      Description  . . . : SP Usage Sender
      Version  . . . . . : 1.0.0.0
      LanguageID . . . . : 0
    > Kaspersky  . . . . : not-a-virus:WebToolbar.NSIS.Agent.k
      Fuzzy  . . . . . . : 102.0
 
 
Suspicious files ____________________________________________________________
 
   C:\Users\Ollie\Downloads\MiniToolBox.exe
      Size . . . . . . . : 401,920 bytes
      Age  . . . . . . . : 0.8 days (2014-12-07 02:07:18)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 520E765E9043243127BE3D7B7210D32E2D1994866DC7A0F57EC05FA480D6D062
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
 
 
Cookies _____________________________________________________________________
 
   C:\Users\Ollie\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\Ollie\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.mlnadvertising.com
   C:\Users\Ollie\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
   C:\Users\Ollie\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.mediade.sk
   C:\Users\Ollie\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net
   C:\Users\Ollie\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
   C:\Users\Ollie\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.servebom.com
   C:\Users\Ollie\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.stickyadstv.com
   C:\Users\Ollie\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
   C:\Users\Ollie\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\Ollie\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\Ollie\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Users\Ollie\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Ollie\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Users\Ollie\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Users\Ollie\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\Ollie\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Users\Ollie\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Ollie\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleadservices.com
   C:\Users\Ollie\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com
   C:\Users\Ollie\AppData\Local\Google\Chrome\User Data\Default\Cookies:kontera.com
   C:\Users\Ollie\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\Ollie\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\Ollie\AppData\Local\Google\Chrome\User Data\Default\Cookies:msnbc.112.2o7.net
   C:\Users\Ollie\AppData\Local\Google\Chrome\User Data\Default\Cookies:pcworldcommunication.122.2o7.net
   C:\Users\Ollie\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\Ollie\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\Ollie\AppData\Local\Google\Chrome\User Data\Default\Cookies:server.cpmstar.com
   C:\Users\Ollie\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\Ollie\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\Ollie\AppData\Local\Google\Chrome\User Data\Default\Cookies:stat.komoona.com
   C:\Users\Ollie\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Users\Ollie\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.at.atwola.com
   C:\Users\Ollie\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
   C:\Users\Ollie\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
   C:\Users\Ollie\AppData\Local\Google\Chrome\User Data\Default\Cookies:uk.at.atwola.com
   C:\Users\Ollie\AppData\Local\Google\Chrome\User Data\Default\Cookies:ww251.smartadserver.com
   C:\Users\Ollie\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
   C:\Users\Ollie\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
 
 
 
 
Despite all this, Runescape continues to be slower than it should. I am considering a refresh but it would remove some of the downloaded software and Adwclear clearly stated and uninstall would result in all quarantined data being essentially let loose.

 



#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:44 PM

Posted 08 December 2014 - 04:20 PM

Hi.. You can Uninstall the files will go with.. They will not be restored to the system..

Empty your temp folders using TFC (Temporary File Cleaner)
  • Please download TFC by Old Timer and save it to your desktop.
    alternate download link
  • Save any unsaved work. (TFC will close ALL open programs including your browser!)
  • Double-click on TFC.exe to run it. (If you are using Vista, right-click on the file and choose "Run As Administrator".)
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally (not into Safe Mode) to ensure a complete clean.
>>>>

run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.
  • >>>

    Please download Rkill by Grinler and save it to your desktop.
    • Link 1
    • Link 2
      • Double-click on the Rkill desktop icon to run the tool.
      • If using Vista, right-click on it and Run As Administrator.
      • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
      • If not, delete the file, then download and use the one provided in Link 2.
      • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
      • If the tool does not run from any of the links provided, please let me know.
    • Do not reboot the computer, you will need to run the application again.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Zylorarchy

Zylorarchy
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 11 December 2014 - 11:27 AM

 
Hello, thank you for your help thus far, I really appreciate. Sorry for the late response as coursework deadlines have come and gone and I had to work late into the night for about a week. I ran TFC though no report is produced... So nothing to post about that I guess. I ran it again and copied what was cleaned if you want me to post that though. 
 
I ran ESET and these are the results:
 
C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\cltmng.exe a variant of Win32/Conduit.SearchProtect.I potentially unwanted application deleted - quarantined
C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPTool64.exe a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined
C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32.dll a variant of Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32Loader.dll a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined
C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64.dll a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined
C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64Loader.dll a variant of Win64/Conduit.SearchProtect.A potentially unwanted application deleted - quarantined
C:\Program Files (x86)\LenovoBrowserGuard\UI\bin\cltmngui.exe a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined
C:\Users\Ollie\Downloads\Pivot_v4-1.exe a variant of Win32/InstallCore.RZ potentially unwanted application deleted - quarantined
 
Good old Conduit... I am skeptical though about both Conduit and InstallCore being found, for Malwarebytes should have easily have found these Malware, but never did. I did go on a potentially suspicious website yesterday (don't judge me please) which was called DragonBallClub. On this site you can watch Dragon Ball Z episodes. However, Google diagnostics and AVG both class this site as perfectly safe, and I have used it in the past with NO issues. I just thought I'd highlight it in case it is relevent, because even if it is not... I am shocked that Malwarebytes would miss those Malware, for it has found them in the past (on a different laptop for InstallCore, it has found Conduit before which I shall explain below). Also, though a browser hijacker, Conduit did not actually "hijack" the browser at all. I would not have known it was there unless I had scanned with ESET.
Regarding Conduit, I do have another issue to draw your attention to. Believe it or not, this laptop seemingly came infected (despite it being new). Malwarebytes was one of the first things I installed on the laptop. I had not done anything at all, not visisted any suspisious sites. The only websites I had visited was (obviously) Malwarebytes to download it, Facebook, Youtube, Runescape and Debate.org. I had not (I do not think anyway) that I had at that point, put any external data onto my laptop. Yet upon the very first scan on the very first day upon receiving this new laptop, Malwarebytes found Conduit (again it had not actually hijacked anything). I think it is just worth a mention, do you know what could have caused this? How can a laptop come already infected?
 
I then ran Rkill:
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * MsKeyboardFilter [Missing Service]
 * CSC [Missing Service]
 * E1G60 [Missing Service]
 * kbldfltr [Missing Service]
 * storvsp [Missing Service]
 * Vid [Missing Service]
 * vmbusr [Missing Service]
 * vpcivsp [Missing Service]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 12/11/2014 03:05:53 PM
Execution time: 0 hours(s), 0 minute(s), and 33 seconds(s)
 
Seeing as this software stops Malware from hiding from scanners, I assume by when you stated you run it twice, I do so after I scan with other scanners? Anything in particular that I should use? Or should I just got through every step so far again. 
 
Regarding problems solved:
Runescape runs faster but still has a lower FPS rate than it should
Youtube functions fine now
No Adware
No random internet connections at home
 
About the problems still here though. I only recently discovered this one. But at university, my laptop (after infection from Faster Light etc.) refused to connect to the university network meaning I had no internet access there. However it does now, but not quite as well as before. The connection is weaker, after reverting to "limited" and sometimes webpages take a long time to load. 
The laptop does mostly run ok again thanks to your assitance. My main issues lie now with (A) a poor connection when at university and (B) a lower FPS rate than usual on Runescape. I shall reinstall RS to see if any difference is made, as well as clearing out the cache. I shall probably  also get CCleaner. I did have it, but obviously with the Factory Reset it was wiped off.


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:44 PM

Posted 11 December 2014 - 11:41 PM

Hi we run RKill then which ever malware removal tool(s) we need to.
As long as we have NOT rebooted those will stay stopped for easier removal. Once a reboot occurs we need to rerun it to stop them again.

Is your MBAM the free version? If so then it is not active as an Antivirus would be to prevent malware from entering.

These RKill items should be fixed in tonight's update.
Checking Windows Service Integrity:



* MsKeyboardFilter [Missing Service]

* CSC [Missing Service]

* E1G60 [Missing Service]

* kbldfltr [Missing Service]

* storvsp [Missing Service]

* Vid [Missing Service]

* vmbusr [Missing Service]

* vpcivsp [Missing Service]

They are not issues.

I would like to update and run MBAM again though.

See how it is after the reinstall.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Zylorarchy

Zylorarchy
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 13 December 2014 - 05:04 PM

The Malwarebytes I have is the trail version of the paid version. I ran RKill and scanned with Malwarebytes, AVG, EST and AdwCleaner and all found nothing (except ESET thought CCleaner was a virus).



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:44 PM

Posted 13 December 2014 - 10:48 PM

So, do hey still return?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Zylorarchy

Zylorarchy
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 14 December 2014 - 06:40 AM

I'm sorry, what? Does what return? 



#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:44 PM

Posted 14 December 2014 - 02:48 PM

The items in your first post.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 Zylorarchy

Zylorarchy
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 14 December 2014 - 03:07 PM

The items in your first post.

 

No but I still have trouble with the game running slower than it should. System refresh?



#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:44 PM

Posted 14 December 2014 - 11:49 PM

Please run RKIll again. Download a new copy.

Edited by boopme, 14 December 2014 - 11:50 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 Zylorarchy

Zylorarchy
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 16 December 2014 - 02:37 PM

Please run RKIll again. Download a new copy.

 

Hello, I was going to do this (and still can). But I have discovered an additional problem. I noticed all of a sudden that the fan was making a very strange noise, after a while it stopped though. I downloaded Speccy to measure the internal temperatures of the laptop and when I do play Runescape, it is noticeable that the temperature of the CPU and Motherboard can reach up to the mid 70s (degress Celsius). Advice?

 

This occurred yesterday and today it tends to be in the mid 60s, but can easily reach up to 70 on occasion regarding the Motherboard temperature. 



#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:44 PM

Posted 16 December 2014 - 02:47 PM

Better to ask that question in INternal Hardware , not my Forte , I only know it does appear to be way high.

Edited by boopme, 16 December 2014 - 03:21 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users