Malware won't budge, mysearch.com homepage, flashing pointer

Hi, 

Yesterday I tried to open a video file and somehow installed a bundle of malware on my computer. In the past 24 hours, I have gotten rid of TTwifi 1.0.0.1, Primary colors, GameCenter, and a gagillion other things that I can't remember the name of right now. I got rid of the most debilitating items in Safe Mode by just uninstalling them, running a full scan using McAfee, and running 2 (updated) Malwarebytes scans. I am now able to start my computer normally, but the Malware keep coming back. McAfee found and deleted 4 more trojans, and Malwarebytes finds like 15-85 pups every time I run it. I have been quarantining all of the results every time it runs. 

My homepage when I open Chrome is now mysearch.com, and I can't find a way to uninstall it. Also, my pointer is now blinking continually. 

I've obviously got something stubborn. Please help me get rid of it! I am using Windows 7. 

Thanks in advance! 

Welcome to BC...

Please post the last MBAM scan results. You can find that by clicking on the History button.....not the update history....scan results.

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

Download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

• download Junkware Removal Tool to your desktop.
• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message

Thank you. Should I post the log files here or in another forum? I'm kind of confused about what is allowed to be posted where. 

Post the results in this topic...

More info for posting MBAM scan log...

• Click on the History tab >> Application Logs.
• Double click on the scan log which shows the Date and time of the scan that showed the infections.
• Click 'Copy to Clipboard'
• Paste the contents of the clipboard into your reply.

I tried to do Esets twice. Both times it took 2.5 hours to get to 90%, found 36 infected files, and then the computer froze and I lost the logs. 

As you can see....a ton of crapola was found and removed.

It is likely that most of what Eset was identifying was in the Quarantine folder of AdwCleaner. Run AdwCleaner

one more time as it often finds more on the second scan. Be sure to click on Clean when the scan finishes. Then

after reboot if it asks you to, open AdwCleaner and click on Uninstall.

After doing the above, close all other programs, browsers, etc.  Disable all real time security program

you have running such as antivirus programs. Then attempt to run the Eset scan.

If still unsuccessful, scan using Emsisoft.

You didn't post the results of the MBAM scan that you ran before starting this topic. Please do that per instructions in my post #5.

• Download the Emsisoft Emergency Kit and execute it. From there, click on the Extract button to extract the program in the EEK folder
• Once the extraction is complete, Emsisoft Emergency Kit will open, and suggest you to run an online update before using the program. Click on Yes to launch it.
• After the update, click on Malware Scan under 2. Scan and accept to let Emsisoft Emergency Kit detect PUPs (click on Yes).
• Once the scan is complete, make sure that every item in the list is checked, and click on Quarantine selected
• If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
• After the restart, click on the Start Emsisoft Emergency Kit icon again on your desktop to open it
• This time, click on Logs
• From there, go under the Quarantine Log tab, and click on the Export button
• Save the log on your desktop, then open it, and copy/paste its content in your next reply

From Eset: 

This was the original MBAM log. After that, the subsequent scans did not leave a log that I can find either in the program or navigating into the program folders. 

I'm having a  kind of major issue with Albireo adware right now, which is why I keep posting everything piecemeal. The pop-ups keep screwing up the window and redirecting me. 

The www-mysearch.com homepage is resolved though. 

Thank you so much for your help! 

Eset found remnants of 2 trojans that were likely responsible for much of the adware being downloaded to your computer.

Reset Google Chrome

You can reset your browser settings in Chrome any time. You might need to do this if apps or extensions you installed changed your settings without your knowledge. Your saved bookmarks and passwords won't be cleared or changed.

1. Open Chrome.
2. In the top right, click the Chrome menu
3. Click Settings.
4. At the bottom, click Show advanced settings.
5. Under the section "Reset settings,” click Reset settings.
6. In the box that appears, click Reset.

Run CCleaner to clean up the computer. Then.....

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.

Hi! 

First off, let me say that my computer is running SO MUCH BETTER TODAY! The last thing I did yesterday was the Eset scan. Today, no pop-ups, faster startup, no rapidly blinking pointer. I'm sure there could still be something lurking, but it is really running a million times better. 

I reset Chrome and ran CClean. 

Here are the CClean lists you asked for: 

Startup Windows: 

Startup Scheduled Tasks: 

Need to submit conhost.exe  to VirusTotal - Free Online Virus and Malware Scan

It's in your Windows Startups and I'm not sure it should be there. Post the link to the scan results and be sure to have it scanned and not

accept any previous scan results.

Yes HKCU:Run conhost C:\Users\Hayley\AppData\Roaming\Microsoft\conhost.exe

Disable these Windows Startups: Use CCleaner by clicking on each item and then choose Disable on the right.

Hi! 

I was unable to scan the conhost.exe file because I couldn't find it. I went to C:\Users\Hayley\AppData\Roaming\Microsoft, searched "conhost" and "conhost,exe", and there were no matching results. It does still appear in CCleaner though. 

I disabled all of the startup windows you listed, uninstalled all of the programs you listed, and updated adobe reader. The exception to that was McAfee. I would like to replace it and think I should have something else running before I get rid of it. Sophos was recommended to me--is this a good alternative or would you recommend something else? Once I have something else running, I'll give McAfee the ax. 

I was not able to disable any of the startup scheduled tasks. For each one I selected, I got an error that says "Failed to enable/disable startup item: Transaction support within the specified resource manager is not started or was shut down due to an error."