Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow computer after attempt of removing malware


  • Please log in to reply
7 replies to this topic

#1 HypoCore

HypoCore

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:11:46 PM

Posted 21 March 2016 - 12:59 AM

Hi, wanna thank anyone who is trying to help and is reading this before anything.

But I'm having an issue with my computer due to some malware I had or may still have, I was attempting to torrent a game and I didn't check if it had any malware or anything(My fault I know). Then as I didn't check it, malware ensued to install, I removed all I could manually then picked up malwarebytes and ran it a few times but my computer still is slow for some reason and was wondering if there was a way to solve that as it might still be infected possibly? Any and all help is appreciated!



BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,798 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:01:46 AM

Posted 21 March 2016 - 09:54 AM

HypoCore:
 
:welcome: to the Bleeping Computer Am I Infected? - What Do I Do? Forum.  My name is Phil.  If you would permit me, I would like to address you by your first name, since we will be working together to scan your computer.
 
Sorry to hear about your computer issues.
 
I think that we should run a few preliminary security scans on your computer and see what turns up.
 
 

 

:step1: ESET Online Scanner using Internet Explorer:
 
Note 1: These instructions are for Internet Explorer only! If you're using Chrome or Firefox, you will need to download and install the ESET Smart Installer tool before it can scan.  See instructions here.
Note 2: You will need to disable your currently installed Anti-Virus, how to do so can be found here.
 
*Click this link to open ESET OnlineScan.
* Place a checkmark next to "Yes, I accept the Terms of Use", then click the greenstart.png button.
* When prompted allow the Add-On/Active X to install.
* In the new window that opens, tic the radio button next to Enable detection of potentially unwanted applications.
* Then click "Advanced settings", and make sure there is a checkmark next to only the following items (uncheck everything else):

  • Remove found threats
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology

*Then click the shieldstart.png button and ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
*When the scan completes, click List Found Threats (only if anything is found).
*Then click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
*Click back.png, then click finish.png to exit ESET Online Scanner.
 
Don't forget to re-enable your antivirus when finished!
 
 
 

 

:step2: Download and install Malwarebytes Anti-Malware:
 
Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click mbam-setup-2.2.*.****.exe and follow the prompts to install the program ( * = program version numbers may vary - always get the latest version).
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard
  • Paste the contents of the clipboard into your next reply.

 

 

 

I would like you to paste the logs from both scans into your next reply.  I will examine those and determine what our next step should be.  If there is evidence of serious infection, you might have to open a new thread in the Virus, Trojan, Spyware and Malware Removal Logs Forum, but let's not get ahead of ourselves yet.  Many less serious issues can be solved right here, in this Forum.
 
If I haven't responded to your reply in 24 hours, please send me a personal message.
 
Have a great day.
 
Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#3 HypoCore

HypoCore
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:11:46 PM

Posted 22 March 2016 - 04:24 PM

 

Sorry for the late reply, have been super busy but yes it's completely fine to call me by my first name! I ran both and this is what turned up

Malwarebytes:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 3/22/2016
Scan Time: 8:23 AM
Logfile: 
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.03.22.05
Rootkit Database: v2016.03.12.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: HypoCore
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 636619
Time Elapsed: 1 hr, 9 min, 18 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
ESET Online Scanner:
 
C:\AdwCleaner\Quarantine\C\Program Files\SOUND+\idscservice.exe.vir a variant of MSIL/Injector.OHM trojan cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files\SOUND+\Sound+.exe.vir a variant of Win32/BubbleSound.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files\SOUND+\SoundP.dll.vir a variant of Win64/BubbleSound.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files\SOUND+\uninstaller.exe.vir a variant of MSIL/Injector.OHM trojan cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Consumer Input\CIuninstall.exe.vir a variant of Win32/Compete.C potentially unwanted application deleted
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Consumer Input\Firefox\uninstall.exe.vir a variant of Win32/Compete.C potentially unwanted application deleted
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Consumer Input\InternetExplorer\cpturlpassthru.dll.vir a variant of Win32/Compete.D potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Consumer Input\InternetExplorer\dca-bho.dll.vir a variant of Win32/Compete.D potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Consumer Input\InternetExplorer\uninstall.exe.vir a variant of Win32/Compete.C potentially unwanted application deleted
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe.vir a variant of Win32/Compete.C potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Consumer Input\Monitoring\uninstall.exe.vir a variant of Win32/Compete.C potentially unwanted application deleted
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Consumer Input\Update\1.3.25.309\goopdate.dll.vir a variant of Win32/Compete.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Consumer Input\Update\1.3.25.309\psmachine.dll.vir a variant of Win32/Compete.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Consumer Input\Update\1.3.25.309\psuser.dll.vir a variant of Win32/Compete.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Consumer Input\Update\Download\{1138A907-2253-45D6-99C1-843A0AC58730}\0.0.0.0\ciie-3.2.0-12477.exe.vir a variant of Win32/Compete.C potentially unwanted application deleted
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Consumer Input\Update\Download\{B3F80DB8-951F-4A2A-BE2F-ED6F4FF63B98}\0.0.0.0\cimt-3.2.1-1146.exe.vir a variant of Win32/Compete.C potentially unwanted application deleted
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Consumer Input\Update\Download\{C7B061F6-380E-4545-86E3-400E3156FD28}\0.0.0.0\ciff-3.2.0-12263.exe.vir a variant of Win32/Compete.C potentially unwanted application deleted
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ORBTR\orbiter.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ORBTR\uninstall.exe.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application deleted
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll.vir a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir a variant of Win32/ClientConnect.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.pun.vir a variant of Win32/ClientConnect.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\RN32.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPtool64.exe.vir a variant of Win32/ClientConnect.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ttwifi\IDH.dll.vir a variant of Win32/Adware.Agent.NPN application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ttwifi\tiantianwifi.exe.vir a variant of Win32/Adware.Agent.NPN application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Web Amplified\updateWebAmplified.exe.vir a variant of MSIL/BrowseFox.G potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Web Amplified\WebAmplifiedbho.dll.vir a variant of Win32/BrowseFox.AE potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Web Amplified\WebAmplifiedUninstall.exe.vir Win32/BrowseFox.DC potentially unwanted application deleted
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Web Amplified\bin\502a.dll.vir a variant of Win32/BrowseFox.M potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Web Amplified\bin\502a64.dll.vir a variant of Win64/BrowseFox.CK potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Web Amplified\bin\502a644187.dll.vir a variant of Win32/BrowseFox.N potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Web Amplified\bin\502a64418764.dll.vir a variant of Win64/BrowseFox.CI potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Web Amplified\bin\utilWebAmplified.exe.vir a variant of MSIL/BrowseFox.G potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Web Amplified\bin\WebAmplified.BrowserAdapter.exe.vir a variant of Win32/BrowseFox.AX potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Web Amplified\bin\WebAmplified.BrowserAdapter64.exe.vir a variant of Win64/BrowseFox.CP potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Web Amplified\bin\WebAmplified.expext.exe.vir a variant of Win32/BrowseFox.CA potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Web Amplified\bin\WebAmplified.PurBrowse64.exe.vir a variant of Win64/BrowseFox.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Web Amplified\bin\plugins\WebAmplified.BrowserAdapter.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Web Amplified\bin\plugins\WebAmplified.CompatibilityChecker.dll.vir a variant of MSIL/BrowseFox.N potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Web Amplified\bin\plugins\WebAmplified.ExpExt.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Web Amplified\bin\plugins\WebAmplified.FFUpdate.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Web Amplified\bin\plugins\WebAmplified.GCUpdate.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Web Amplified\bin\plugins\WebAmplified.Plinx.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Web Amplified\bin\plugins\WebAmplified.PurBrowseG.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Web Amplified\bin\plugins\WebAmplified.Recheck.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\ProgramData\NavRight\NSISHelper.dll.vir a variant of Win32/Adware.CouponMarvel.Q application cleaned by deleting
C:\AdwCleaner\Quarantine\C\ProgramData\NavRight\QPZD32.dll.vir a variant of Win32/Adware.CouponMarvel.U application cleaned by deleting
C:\AdwCleaner\Quarantine\C\ProgramData\NavRight\QPZD64.dll.vir a variant of Win64/Adware.CouponMarvel.L application cleaned by deleting
C:\AdwCleaner\Quarantine\C\ProgramData\NavRight\uninstall.exe.vir a variant of Win32/Adware.CouponMarvel.Q.gen application cleaned by deleting
C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMsg\osmsg.exe.vir a variant of Win32/Adware.Agent.NPK application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jomjgajeboepmccckpkanpjlcfkdjifn\5.14\EwtSlFvT1D.js.vir JS/Kryptik.ATL trojan cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jomjgajeboepmccckpkanpjlcfkdjifn\5.14\EwtSlFvT1D.js.vir JS/Kryptik.ATL trojan cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Helio Account\AppData\Local\Google\Chrome\User Data\Default\Extensions\jomjgajeboepmccckpkanpjlcfkdjifn\5.14\EwtSlFvT1D.js.vir JS/Kryptik.ATL trojan cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\HypoCore\AppData\Local\bvxvcyxvyy\bvxvcyxvyy.exe.vir a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\HypoCore\AppData\Local\bvxvcyxvyy\pbqrmvbub.vir a variant of Win32/ClientConnect.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\HypoCore\AppData\Local\SearchModule\dblaunch.exe.vir a variant of Win32/Goobzo.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\HypoCore\AppData\Local\SearchModule\3.1.0.1865\DeskBar.exe.vir a variant of MSIL/Goobzo.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\HypoCore\AppData\Roaming\Nosibay\Bubble Dock\Bubble Dock Uninstall.exe.vir Win32/BubbleDock.C potentially unwanted application deleted
C:\AdwCleaner\Quarantine\C\Users\HypoCore\AppData\Roaming\Nosibay\Bubble Dock\Bubble Dock Update.exe.vir Win32/BubbleDock.C potentially unwanted application deleted
C:\AdwCleaner\Quarantine\C\Users\HypoCore\AppData\Roaming\Nosibay\Bubble Dock\Bubble Dock.exe.vir a variant of Win32/BubbleDock.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\HypoCore\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe.vir a variant of Win32/BubbleDock.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\HypoCore\AppData\Roaming\Store\WindApp\WindApp Uninstall.exe.vir Win32/BubbleDock.C potentially unwanted application deleted
C:\AdwCleaner\Quarantine\C\Users\HypoCore\AppData\Roaming\Store\WindApp\WindApp Update.exe.vir Win32/BubbleDock.C potentially unwanted application deleted
C:\AdwCleaner\Quarantine\C\Users\HypoCore\AppData\Roaming\WTools\Selection Tools\Selection Tools Uninstall.exe.vir Win32/BubbleDock.C potentially unwanted application deleted
C:\AdwCleaner\Quarantine\C\Users\HypoCore\AppData\Roaming\WTools\Selection Tools\Selection Tools Update.exe.vir Win32/BubbleDock.C potentially unwanted application deleted
C:\AdwCleaner\Quarantine\C\WINDOWS\apppatch\apppatch64\vcldr64.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\WINDOWS\apppatch\nbin\VC32Loader.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\WINDOWS\System32\drivers\{502a6441-8726-4c62-b1b7-0adf4211318f}Gw64.sys.vir a variant of Win64/NetFilter.A potentially unsafe application cleaned by deleting
C:\Games\Dark Souls II\Game\steam_api.dll a variant of Win32/HackTool.Crack.DW potentially unsafe application cleaned by deleting
C:\Games\Mortal Kombat X Premium Edition\Binaries\Retail\steam_api64.dll a variant of Win64/HackTool.Crack.F potentially unsafe application cleaned by deleting
C:\Games\Outlast\Binaries\Win32\steam_api.dll a variant of Win32/HackTool.Crack.DW potentially unsafe application cleaned by deleting
C:\Games\Outlast\Binaries\Win64\steam_api64.dll a variant of Win64/HackTool.Crack.D potentially unsafe application cleaned by deleting
C:\Games\Thief\Binaries\Win32\steam_api.dll Win32/HackTool.Crack.DW potentially unsafe application cleaned by deleting
C:\Games\Ultimate Ninja Storm Revolution\steam_api.dll a variant of Win32/HackTool.Crack.DW potentially unsafe application cleaned by deleting
C:\Program Files (x86)\Cheat Engine 6.3\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application cleaned by deleting
C:\Program Files (x86)\Cheat Engine 6.3\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application cleaned by deleting
C:\Program Files (x86)\R.G. Mechanics\Outlast\Binaries\Win32\steam_api.dll a variant of Win32/HackTool.Crack.CS potentially unsafe application cleaned by deleting
C:\Program Files (x86)\R.G. Mechanics\Outlast\Binaries\Win64\steam_api64.dll a variant of Win64/HackTool.Crack.F potentially unsafe application cleaned by deleting
C:\Users\HypoCore\AppData\Local\Microsoft\Windows\INetCache\IE\CR62BC35\downloader.64470[1].exe Win32/BubbleDock.D potentially unwanted application deleted
C:\Users\HypoCore\AppData\Local\Microsoft\Windows\INetCache\IE\F1JEQ43X\SFSetup[1].exe a variant of Win32/Adware.ConvertAd.AER.gen application cleaned by deleting
C:\Users\HypoCore\AppData\Local\Microsoft\Windows\INetCache\IE\KJUBUHO7\dskb_leg2[1].exe a variant of Win32/Goobzo.A potentially unwanted application deleted
C:\Users\HypoCore\AppData\Local\Microsoft\Windows\INetCache\IE\KYPVHE4D\ci_setup_s[1].exe a variant of Win32/Compete.C potentially unwanted application deleted
C:\Users\HypoCore\AppData\Local\Microsoft\Windows\INetCache\IE\LOT6OXH8\CN3[1].exe a variant of Win32/BitCoinMiner.BY potentially unsafe application deleted
C:\Users\HypoCore\AppData\Local\Microsoft\Windows\INetCache\IE\P5US6HOT\JOSrv[1].exe a variant of Win32/Adware.ConvertAd.ABN application cleaned by deleting
C:\Users\HypoCore\AppData\Local\Microsoft\Windows\INetCache\IE\P5US6HOT\OrbiterInstaller[1].exe a variant of Win32/Conduit.SearchProtect.N potentially unwanted application deleted
C:\Users\HypoCore\AppData\Local\Microsoft\Windows\INetCache\IE\PB2BBMYM\Stub[1].exe a variant of Win32/ClientConnect.A potentially unwanted application cleaned by deleting
C:\Users\HypoCore\AppData\Local\Microsoft\Windows\INetCache\IE\PB2BBMYM\Update_Notifier[1].exe Win32/Adware.ConvertAd.AGE application cleaned by deleting
C:\Users\HypoCore\AppData\Local\Microsoft\Windows\INetCache\IE\VOMQFWY2\aff_setup[1].exe Win32/MyPCBackup.E potentially unwanted application deleted
C:\Users\HypoCore\AppData\Local\Microsoft\Windows\INetCache\IE\VOMQFWY2\smwdni6[1].exe a variant of Win64/SBWatchman.B potentially unwanted application deleted
C:\Users\HypoCore\AppData\Local\Temp\nsb3722.tmp a variant of Win32/Adware.ConvertAd.ADW application cleaned by deleting
C:\Users\HypoCore\AppData\Local\Temp\nsk5CB7.tmp a variant of Win32/Adware.ConvertAd.ADW application cleaned by deleting
C:\Users\HypoCore\AppData\Local\Temp\nszA6E2.tmp a variant of Win32/Adware.ConvertAd.ADW application cleaned by deleting
C:\Users\HypoCore\AppData\Local\Temp\setup_783.exe Win32/Adware.Navegaki.AZ application cleaned by deleting
C:\Users\HypoCore\AppData\Local\Temp\226443531\ic-0.27f0d1326d5f2.exe a variant of Win32/Amonetize.QQ potentially unwanted application cleaned by deleting
C:\Users\HypoCore\AppData\Local\Temp\226443531\ic-0.b60e5bec729fd8.exe multiple threats cleaned by deleting
C:\Users\HypoCore\AppData\Local\Temp\226443531\ic-0.bc9d6ba0f9af8.exe Win32/AdWare.Linkular.AH application cleaned by deleting
C:\Users\HypoCore\AppData\Local\Temp\is-3IH6V.tmp\prsetup.exe a variant of Win32/Adware.Agent.NOH application cleaned by deleting
C:\Users\HypoCore\AppData\Local\Temp\nsgF63C.tmp\Kiiciab.Wdu a variant of Win32/Toolbar.Perion.AB potentially unwanted application cleaned by deleting
C:\Users\HypoCore\AppData\Roaming\BitTorrent\updates\7.9.1_30889.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application cleaned by deleting
C:\Users\HypoCore\AppData\Roaming\BitTorrent\updates\7.9.2_38914.exe a variant of Win32/OpenCandy.A potentially unsafe application cleaned by deleting
C:\Users\HypoCore\AppData\Roaming\gplyra\gplyra\gplyra.exe a variant of Win32/BitCoinMiner.BY potentially unsafe application cleaned by deleting
C:\Users\HypoCore\AppData\Roaming\IDM2\Setup.exe a variant of Win32/Idmsq.A potentially unwanted application cleaned by deleting
C:\Users\HypoCore\Desktop\Games\[Fuwanovel] Ikinari Anata ni Koibleepeiru\1) Mount ISO and install game\ikikoi.iso a variant of Win32/Packed.Themida suspicious application deleted
C:\Users\HypoCore\Desktop\Games\[Fuwanovel] Ikinari Anata ni Koibleepeiru\4) Copy Folder contents into Game folder\config\cs2.exe a variant of Win32/Packed.Themida suspicious application cleaned by deleting
C:\Users\HypoCore\Desktop\Programs\FL Stuff\FL Studio Producer Edition 11.0.4+Plugins Bundle R2R [ChingLiu]\flstudio_11.0.4.exe Win32/OpenCandy potentially unsafe application deleted
C:\Users\HypoCore\Desktop\Trainers\The Witcher 3 Wild Hunt v1.02-v1.05 Plus 20 Trainer.exe a variant of Win64/GameHack.J potentially unsafe application cleaned by deleting
C:\Users\HypoCore\Downloads\Castle_Crashers_All_Version_Trainer_Plus_7.rar a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application deleted
C:\Users\HypoCore\Downloads\Castle_Crashers_All_Version_Trainer_Plus_7.zip a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application deleted
C:\Users\HypoCore\Downloads\ccrashers13promo-ch.rar a variant of Win32/GameHack.BE potentially unsafe application deleted
C:\Users\HypoCore\Downloads\DyingLight-patch-1.2.1-FIX.exe a variant of Win64/HackTool.Crack.D potentially unsafe application deleted
C:\Users\HypoCore\Downloads\eMu3Ds_Setup.exe multiple threats cleaned by deleting
C:\Users\HypoCore\Downloads\HSS-3.42-install-plain-701-plain (1).exe Win32/Bundled.Toolbar.Ask.L potentially unsafe application deleted
C:\Users\HypoCore\Downloads\HSS-3.42-install-plain-701-plain.exe Win32/Bundled.Toolbar.Ask.L potentially unsafe application deleted
C:\Users\HypoCore\Downloads\ppt-dasx.7z a variant of Win32/HackTool.Crack.CS potentially unsafe application deleted
C:\Users\HypoCore\Downloads\The.Witcher.3.Wild.Hunt.v1.02-v1.05.Plus.20.Trainer-FLiNG.rar a variant of Win64/GameHack.J potentially unsafe application deleted
C:\Windows\Temp\tmp9ED2.tmp a variant of MSIL/Toolbar.Linkury.AF potentially unwanted application deleted


#4 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,798 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:01:46 AM

Posted 23 March 2016 - 08:05 AM

Hypocore:

 

Thank you for running the scans and for the logs.  ESET found a lot of PUPs (Potentially Unwanted Programs) and has quarantined them.  They could have a major impact on slowing down a computer.  How is your computer running now?

 

The logs do show a number of game cheat and hack programs.  As you discovered, these often come bundled with the latest malware.  You would be well advised to avoid downloading those in the future.

 

You might also want to consider a paid anti-malware product with real-time detection, to prevent infections in the first place.

 

Please let me know how your computer is running now and if you are seeing anything odd.  There are a couple of more scans we can run, if it is necessary.

 

Thank you and have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#5 HypoCore

HypoCore
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:11:46 PM

Posted 23 March 2016 - 09:13 PM

 

Currently my computer is running ok, still a bit slower than what it was before and randomly when I start the PC and i login the screen is entirely black and I have to force shutdown manually and restart to see my screen, (Happen about every other time I turn on the PC) And I see that many of the PUP were my cracked games I'll make sure to be on a lookout for that now, but as I don't work at the moment I can't really pay for an anti-malware product which is why I run malwarebytes and Adwarecleaner usually. If you'd like to see the previous logs of malwarebytes that I ran before the one I sent you I could send that as well to double check but besides the random black screens and my PC being a bit slower than before there is nothing else strange.


Edited by HypoCore, 23 March 2016 - 11:49 PM.


#6 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,798 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:01:46 AM

Posted 24 March 2016 - 10:20 AM

Hypocore:
 
Thank you for your post.  As you know, slow computers can result from a number of causes, not all related to malware.  Since you regularly run AdwCleaner and MBAM, I think we should scan your computer with the Junk Removal Tool, just to see if there is anything else, malware-related, that might be slowing down your computer.


Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

Please post the log in your next reply. Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#7 HypoCore

HypoCore
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:11:46 PM

Posted 25 March 2016 - 11:09 PM

 

I understand that but I just found it strange as it only began after the malware contamination but here is the log, not much came up.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 8.1 Pro x64 
Ran by HypoCore (Administrator) on 03/25/2016 Fri at 22:53:25.04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 14 
 
Failed to delete: C:\WINDOWS\Tasks\GNXUDMVQXCSIHLIB.job (Task) 
Successfully deleted: C:\ai_recyclebin (Folder) 
Successfully deleted: C:\ProgramData\12db864551ae4c578eb17db1a9f5d3cf (Folder) 
Successfully deleted: C:\ProgramData\esellerate (Folder) 
Successfully deleted: C:\ProgramData\productdata (Folder) 
Successfully deleted: C:\ProgramData\Start Menu\Programs\(default) (Folder) 
Successfully deleted: C:\Users\HypoCore\AppData\Local\crashrpt (Folder) 
Successfully deleted: C:\Users\HypoCore\Appdata\LocalLow\company (Folder) 
Successfully deleted: C:\WINDOWS\system32\Tasks\GNXUDMVQXCSIHLIB (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\SmartDefrag4_Startup (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\WANHQY1 (Task)
Successfully deleted: C:\WINDOWS\Tasks\WANHQY1.job (Task) 
Successfully deleted: C:\Program Files (x86)\ytd (Folder) 
Successfully deleted: C:\Users\HypoCore\AppData\Roaming\appdataFr2.bin (File) 
 
 
 
Registry: 5 
 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_91D7B817D0E0D9C882A4AAEA3B40255D (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Itibiti.exe (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\osmsg (Registry Value) 
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\win_en_77 (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\SearchAssistant (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03/25/2016 Fri at 23:06:12.43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#8 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,798 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:01:46 AM

Posted 26 March 2016 - 11:18 AM

Hypocore:

 

Thank you for your post.  You are right, JRT did find much to delete.  I can see no reason right now to attribute your computer symptoms to malware.  Coincidences do happen.

 

You could, if you wish to rule out malware conclusively, post the requested FRST logs over in the Virus, Trojan, Spyware and Malware Removal Logs Forum.  See this link to find out what, and how, to post there.  Bleeping Computer rules prohibit posting such logs in this Forum.

 

Please be advised that the "Logs" Forum is very, very busy and waits of up to five days to get an initial response are not uncommon..

 

Have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users