Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adware/Malware Running On This Computer?


  • Please log in to reply
12 replies to this topic

#1 Sloshyyy

Sloshyyy

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 05 August 2015 - 02:55 PM

So I downloaded a program which was bundled with adware, I did some scans with EEK, MBAM, Zemana Anti Malware and Hitman Pro I just want to make sure I'm 100% secure/clean

 

Thanks in advance!



BC AdBot (Login to Remove)

 


#2 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:33 AM

Posted 05 August 2015 - 03:01 PM

Hello,
 
please download MiniToolBox by Farbar and save it to your desktop.
 
Run tool as Administrator and make sure that these options are checked :
 

  • Flush DNS
  • Reset IE Proxy Settings
  • Reset FF Proxy Settings
  • List Installed Programs

Post log here .



#3 Sloshyyy

Sloshyyy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 05 August 2015 - 03:02 PM

MiniToolBox by Farbar  Version: 25-07-2015 01
Ran by Sloshy (administrator) on 05-08-2015 at 21:02:41
Running from "C:\Users\Expodia\Downloads"
Microsoft Windows 10 Home  (X64)
Model: Z97-HD3 Manufacturer: Gigabyte Technology Co., Ltd.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
=========================== Installed Programs ============================
 
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Dragon NaturallySpeaking 11 (HKLM-x32\...\{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}) (Version: 11.50.100 - Nuance Communications Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.125 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.28.1 - Google Inc.) Hidden
Gyazo 3.1.5 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Intel Driver Update Utility (HKLM-x32\...\{ca4bc3a8-b99c-4416-90d8-351a8ceab458}) (Version: 2.2.0.2 - Intel)
Intel® Chipset Device Software (HKLM-x32\...\{e48a2f61-851a-4155-82f9-af1b04db8c3b}) (Version: 10.0.13 - Intel® Corporation) Hidden
Intel® Driver Update Utility 2.2 (HKLM-x32\...\{3EE9923D-3045-46AB-9CAA-E375993AEB4A}) (Version: 2.2.0.1 - Intel) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4256 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.3.1001 - Intel Corporation)
Kaspersky Total Security (HKLM-x32\...\{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4737.1003 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSI Afterburner 4.1.1 (HKLM-x32\...\Afterburner) (Version: 4.1.1 - MSI Co., LTD)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.12.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.12.11 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 353.62 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.26914 - Razer Inc.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
RivaTuner Statistics Server 6.2.0 (HKLM-x32\...\RTSS) (Version: 6.2.0 - Unwinder)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.5.12.11 - NVIDIA Corporation) Hidden
Skype™ 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.103 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.45471 - TeamViewer)
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) (HKLM\...\{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}) (Version: 11.0.200 - Nuance Communications Inc.)
WinRAR 5.30 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.2 - win.rar GmbH)
 
**** End of log ****
 


#4 Sloshyyy

Sloshyyy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 05 August 2015 - 03:04 PM

Also may I add my processor is i7 4790k it's advertised to be running at a speed of 4GHz I only get 1.2GHz is this normal or malware related? Why is it running so slow at idle?



#5 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:33 AM

Posted 05 August 2015 - 03:05 PM

Download AdwCleaner by Xplode and save it to your desktop.
 
Run tool as Administrator, accept terms of usage, and wait while database is updating.
 
After it's done with updating, click Scan button and wait while it's scanning.
 
All found items remove by clicking on Cleaning button, and allow tool to restart.
 
After restart will make a log which you will attach or paste in your reply.

 

Step 2


Download JRT by Malwarebytes and save it to your desktop.

Run tool as Administrator,accept disclaimer by pressing Y, and wait while it's scanning system.

Tool will automatically scan and remove all found items, if tool requires restart, allow it to do so.

Attach log here.

 

Step 3

 

Scan with Malwarebytes AntiRootkit
 
Please download MBAR and save it to your desktop.
 
Run tool as Administrator, tool will extract itself, and then launch.
 
Click Next to accept terms and conditions, and click Update to obtain latest definitions.
 
If malware is found click on Cleanup button , but make sure that Create restore point option is checked before proceeding !
 
Program will ask you to restart, allow it to do so.

Note: If you're experiencing internet connection issues or other anomalies after running MBAR and removal of rootkits, it is recommended to run fixdamage.exe located inside mbar folder. Run it as Administrator and press Y if asks you do you want to continue.



#6 Sloshyyy

Sloshyyy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 05 August 2015 - 03:16 PM

AdwCleaner did not find anything so I have no log for that.

 

 

 

 

 

 

 

 

 

 

JRT Log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.4 (07.27.2015:1)
OS: Windows 10 Home x64
Ran by Sloshy on 05/08/2015 at 21:11:54.66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{3507FA00-ADA2-4A02-99B9-51AD26CA9120}
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3507FA00-ADA2-4A02-99B9-51AD26CA9120}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C66D064F-82FE-4E1A-B06A-B2490BA48B18}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C66D064F-82FE-4E1A-B06A-B2490BA48B18}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{C66D064F-82FE-4E1A-B06A-B2490BA48B18}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\users\Public\Documents\guid
Successfully deleted: [Folder] C:\users\Public\Documents\pc faster
 
 
 
~~~ Chrome
 
 
[C:\Users\Expodia\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Expodia\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Expodia\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Expodia\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05/08/2015 at 21:15:11.35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#7 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:33 AM

Posted 05 August 2015 - 03:17 PM

I will also need log from MBAR when done.



#8 Sloshyyy

Sloshyyy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 05 August 2015 - 03:25 PM

Scan finished no malware found,



#9 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:33 AM

Posted 05 August 2015 - 03:28 PM

Ok, let's do final check just to make sure that your PC is clean.

 

Scan with Zemana Antimalware
 
Download Zemana Antimalware and install it on your system.
 
Under Scan type choose Full Scan and let the tool scan system.
 
If malware is found click Next to remove it, if tool asks for restart, allow it .
 
If no malware is found , just exit program.
 
NOTE: Leave actions at default.

 

Attach log here.



#10 Sloshyyy

Sloshyyy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 05 August 2015 - 03:38 PM

Nothing detected



#11 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:33 AM

Posted 05 August 2015 - 03:40 PM

Your PC is clean,no worries.



#12 Sloshyyy

Sloshyyy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 05 August 2015 - 03:47 PM

Your PC is clean,no worries.

Thank you for helping me clean my computer :)



#13 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:33 AM

Posted 05 August 2015 - 03:52 PM

Glad i helped. Use Unchecky next time,it's useful against Adware / PUP (check my sig)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users