Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

After fraudulent credit card charges: making sure bf's computer is malware-free


  • Please log in to reply
18 replies to this topic

#1 EsmeWeatherwax

EsmeWeatherwax

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 12 October 2016 - 03:31 PM

After discovering some fraudulent charges on my credit card, I became suspicious that it might have been caused by malware. I still don't know if that was the case, but in any case, BleepingComputer came to the rescue (again) and helped me clean my computer.

My boyfriend and I are on the same network and I'm a bit worried that a potential infection on his computer could spread to mine and vice versa. AVG detected Adware Generic on his computer. While I have only basic tech skills (it seems like I never improve), he has zero interest in doing any kind of computer maintenance ("it should just work"), so I would love some help making sure that there is in fact no malware on his computer.

 

We both run Windows 7 and have AVG AntiVirus Free (I'd quite like to use another antivirus program instead; I just can't figure out which one). 

 

Any help would be much appreciated :)



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,496 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:41 AM

Posted 12 October 2016 - 04:16 PM

Use programs below to clean, remove adware and remove malware.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
  • Click the Remove Selected button.
  • MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR  REVIEW.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 EsmeWeatherwax

EsmeWeatherwax
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 15 October 2016 - 05:00 AM

Here are the logs:

 

 

MBAM

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 13-10-2016
Scan Time: 22:14
Logfile: MBAMLog.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.10.13.10
Rootkit Database: v2016.09.26.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jak
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 420429
Time Elapsed: 54 min, 3 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 

 

(end)
 

I don't really understand this; When I look at the Protection Log, it states the following: "Scan, 13-10-2016 23:19, SYSTEM, JAKS, Manual, Start:13-10-2016 22:14, Duration:54 min 3 sec, Threat Scan, Completed, 1 Malware Detection, 1878 Non-Malware Detections," Yet, the scan log above seems to show nothing detected. 

 

 

 

 

AdwCleaner

 

# AdwCleaner v6.021 - Logfile created 14/10/2016 at 23:01:20
# Updated on 06/10/2016 by ToolsLib
# Database : 2016-10-14.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Jak - CYBERSTORM
# Running from : C:\Users\Jak\Desktop\AdwCleaner.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
[-] Service deleted: vToolbarUpdater17.1.2
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Program Files (x86)\Optimizer Pro
[-] Folder deleted: C:\ProgramData\Avg_Update_0116avz
[-] Folder deleted: C:\ProgramData\Avg_Update_1015av
[-] Folder deleted: C:\ProgramData\Avg_Update_1215av
[-] Folder deleted: C:\Users\Jak\AppData\Local\Bundled software uninstaller
[-] Folder deleted: C:\Users\Jak\AppData\Local\NativeMessaging
[-] Folder deleted: C:\Users\Jak\AppData\LocalLow\Toolbar4
[-] Folder deleted: C:\Users\Jak\AppData\Roaming\Uniblue
[-] Folder deleted: C:\ProgramData\Uniblue
[-] Folder deleted: C:\ProgramData\ytd video downloader
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Uniblue
[#] Folder deleted on reboot: C:\ProgramData\Application Data\ytd video downloader
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
[-] Folder deleted: C:\Program Files (x86)\Freecorder 6
[-] Folder deleted: C:\Program Files (x86)\GreenTree Applications
[-] Folder deleted: C:\Program Files (x86)\Mobogenie
[-] Folder deleted: C:\Program Files (x86)\Uniblue
[-] Folder deleted: C:\Program Files (x86)\Common Files\AVG Secure Search
[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG Secure Search
[-] Folder deleted: C:\Users\Jak\AppData\Local\Geckofx
 
 
***** [ Files ] *****
 
[-] File deleted: C:\Users\Jak\daemonprocess.txt
[-] File deleted: C:\Users\Jak\AppData\Roaming\LiveSupport.exe_log.txt
[-] File deleted: C:\Users\Jak\AppData\Roaming\regsvr32.exe_log.txt
[-] File deleted: C:\Users\Jak\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\driverscanner.lnk
[#] File deleted: C:\Users\Jak\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\DriverScanner.lnk
[-] File deleted: C:\END
[-] File deleted: C:\Program Files (x86)\Mozilla Firefox\avg-secure-search.xml
[-] File deleted: C:\Users\Jak\AppData\Roaming\Mozilla\Firefox\Profiles\vngk0sp5.default\invalidprefs.js
[-] File deleted: C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
[#] File deleted: C:\Program Files (x86)\Mozilla Firefox\avg-secure-search.xml
[#] File deleted: C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
[#] File deleted: C:\Program Files (x86)\Mozilla Firefox\avg-secure-search.xml
[#] File deleted: C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
[#] File deleted: C:\Program Files (x86)\Mozilla Firefox\avg-secure-search.xml
[-] File deleted: C:\Users\Jak\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKCU\Software\5f2d8dab73eef15
[-] Key deleted: HKLM\SOFTWARE\5f2d8dab73eef15
[-] Key deleted: HKLM\SOFTWARE\Classes\driverscanner
[-] Key deleted: HKLM\SOFTWARE\Classes\Office12.Excel.DataContainer.Phyical.Components.CSharedStringobject
[-] Key deleted: HKLM\SOFTWARE\Classes\Prod.cap
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\driverscanner
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Office12.Excel.DataContainer.Phyical.Components.CSharedStringobject
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Prod.cap
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6B34ACCF-1B63-4E1A-8633-461917C75544}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6B34ACCF-1B63-4E1A-8633-461917C75544}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6B34ACCF-1B63-4E1A-8633-461917C75544}
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6B34ACCF-1B63-4E1A-8633-461917C75544}]
[-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{6B34ACCF-1B63-4E1A-8633-461917C75544}]
[#] Key deleted on reboot: HKU\S-1-5-21-463331000-3288923065-226677190-1000\Software\AVG Secure Search
[-] Key deleted: HKU\S-1-5-21-463331000-3288923065-226677190-1002\Software\APN PIP
[-] Key deleted: HKU\S-1-5-21-463331000-3288923065-226677190-1002\Software\AVG Secure Search
[-] Key deleted: HKU\S-1-5-21-463331000-3288923065-226677190-1002\Software\BI
[-] Key deleted: HKU\S-1-5-21-463331000-3288923065-226677190-1002\Software\Solvusoft
[-] Key deleted: HKU\S-1-5-21-463331000-3288923065-226677190-1002\Software\GreenTree Applications
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-463331000-3288923065-226677190-1002\Software\AVG Secure Search
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-463331000-3288923065-226677190-1002\Software\SweetIM
[#] Key deleted on reboot: HKCU\Software\APN PIP
[#] Key deleted on reboot: HKCU\Software\AVG Secure Search
[#] Key deleted on reboot: HKCU\Software\BI
[#] Key deleted on reboot: HKCU\Software\Solvusoft
[#] Key deleted on reboot: HKCU\Software\GreenTree Applications
[-] Key deleted: HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key deleted: HKLM\SOFTWARE\AVG Security Toolbar
[-] Key deleted: HKLM\SOFTWARE\PIP
[-] Key deleted: HKLM\SOFTWARE\Solvusoft
[-] Key deleted: HKLM\SOFTWARE\Uniblue
[#] Key deleted on reboot: HKLM\SOFTWARE\Uniblue\DriverScanner
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-463331000-3288923065-226677190-1002\Software\AVG Secure Search
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-463331000-3288923065-226677190-1002\Software\SweetIM
[#] Key deleted on reboot: [x64] HKCU\Software\APN PIP
[#] Key deleted on reboot: [x64] HKCU\Software\AVG Secure Search
[#] Key deleted on reboot: [x64] HKCU\Software\BI
[#] Key deleted on reboot: [x64] HKCU\Software\Solvusoft
[#] Key deleted on reboot: [x64] HKCU\Software\GreenTree Applications
[-] Value deleted: HKU\S-1-5-21-463331000-3288923065-226677190-1002\Software\Microsoft\Windows\CurrentVersion\Run [DriverScanner]
[#] Value deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [DriverScanner]
[#] Value deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [DriverScanner]
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
 
 
***** [ Web browsers ] *****
 
[-] Chrome preferences cleaned: "Smartbar.SearchFromAddressBarSavedUrl" -  ""
[-] Chrome preferences cleaned: "extensions.delta.admin" -  false
[-] Chrome preferences cleaned: "extensions.delta.aflt" -  "babsst"
[-] Chrome preferences cleaned: "extensions.delta.appId" -  "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"
[-] Chrome preferences cleaned: "extensions.delta.autoRvrt" -  "false"
[-] Chrome preferences cleaned: "extensions.delta.dfltLng" -  "en"
[-] Chrome preferences cleaned: "extensions.delta.excTlbr" -  false
[-] Chrome preferences cleaned: "extensions.delta.id" -  "4463323d000000000000100ba90f491d"
[-] Chrome preferences cleaned: "extensions.delta.instlDay" -  "15758"
[-] Chrome preferences cleaned: "extensions.delta.instlRef" -  "sst"
[-] Chrome preferences cleaned: "extensions.delta.newTab" -  false
[-] Chrome preferences cleaned: "extensions.delta.prdct" -  "delta"
[-] Chrome preferences cleaned: "extensions.delta.prtnrId" -  "delta"
[-] Chrome preferences cleaned: "extensions.delta.rvrt" -  "false"
[-] Chrome preferences cleaned: "extensions.delta.smplGrp" -  "none"
[-] Chrome preferences cleaned: "extensions.delta.tlbrId" -  "base"
[-] Chrome preferences cleaned: "extensions.delta.tlbrSrchUrl" -  ""
[-] Chrome preferences cleaned: "extensions.delta.vrsn" -  "1.8.10.0"
[-] Chrome preferences cleaned: "extensions.delta.vrsnTs" -  "1.8.10.020:25:50"
[-] Chrome preferences cleaned: "extensions.delta.vrsni" -  "1.8.10.0"
[-] Chrome preferences cleaned: "smartbar.machineId" -  "CP42IDOGPDXHMYJNKI8IJJEXLPEYLNEHPXIQQVGKQEEJQZF6ICW5TNVASBKDGRISDFWFIGXHWIOSAKV2PZ1KJW"
[-] Chrome preferences cleaned: "smartbar.originalHomepage" -  "about:home"
[-] Chrome preferences cleaned: "browser.startup.homepage" -  "hxxps://www.malwarebytes.org/restorebrowser//?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP733C66A1-00F8-4E5A-A1F4-7DB8EAFE8974&SSPV="
[-] Chrome preferences cleaned: "browser.search.selectedEngine" -  "Conduit Search"
[-] [C:\Users\Jak\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: booedmolknjekdopkepjjeckmjkdpfgl
[-] [C:\Users\Jak\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: flpcjncodpafbgdpnkljologafpionhb
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [11051 Bytes] - [14/10/2016 23:01:20]
C:\AdwCleaner\AdwCleaner[S0].txt - [12288 Bytes] - [14/10/2016 22:59:27]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [11199 Bytes] ##########
 
 

 

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 7 Home Premium x64 
Ran by Jak (Administrator) on 14-10-2016 at 23:08:04,83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 36 
 
Failed to delete: C:\Users\Jak\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gkojfkhlekighikafcpjkiklfbnlmeio (Folder) 
Successfully deleted: C:\Users\Jak\AppData\Local\{5D57DA18-D4A3-4AAD-8BD3-ED176C9BDF58} (Empty Folder)
Successfully deleted: C:\Users\Jak\AppData\Local\{7DB344F8-49EC-46DF-85B7-2F48902AFC0A} (Empty Folder)
Successfully deleted: C:\Users\Jak\AppData\Local\{8AECB641-BAE3-48BB-BA3E-677B4989943F} (Empty Folder)
Successfully deleted: C:\Users\Jak\AppData\Local\{8B18347A-774F-4FB4-B00F-8FD222B46518} (Empty Folder)
Successfully deleted: C:\Users\Jak\AppData\Local\{9E20C82F-0FB3-4091-BAB2-046E6338FB86} (Empty Folder)
Successfully deleted: C:\Users\Jak\AppData\Local\{D7F52D5C-8ADC-48A9-BBF9-9FE2770659D9} (Empty Folder)
Successfully deleted: C:\Users\Jak\AppData\Local\{D87889F0-2A27-4507-A35D-0E75801F6C75} (Empty Folder)
Successfully deleted: C:\Users\Jak\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio (Folder) 
Successfully deleted: C:\Users\Jak\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gkojfkhlekighikafcpjkiklfbnlmeio_0.localstorage-journal (File) 
Successfully deleted: C:\Users\Jak\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gkojfkhlekighikafcpjkiklfbnlmeio_0.localstorage (File) 
Successfully deleted: C:\Users\Jak\AppData\Roaming\Mozilla\Firefox\Profiles\vngk0sp5.default\extensions\{132E58DE-22BF-44CA-A061-7FCE1E8BA1EC} (Folder) 
Successfully deleted: C:\Windows\wininit.ini (File) 
Successfully deleted: C:\Users\Jak\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Jak\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Jak\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Jak\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4G3ZL8O (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Jak\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GURT3R2F (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Jak\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HREKY2VR (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Jak\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KW0EJ1HF (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Jak\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Jak\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P08QGTM3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Jak\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RGQ68UT1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Jak\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VAOJMU0A (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\prefetch\TOOLBARUPDATER.EXE-403DEDAE.pf (File) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4G3ZL8O (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GURT3R2F (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HREKY2VR (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KW0EJ1HF (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P08QGTM3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RGQ68UT1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VAOJMU0A (Temporary Internet Files Folder) 
 
 
 
Registry: 3 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) 
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14-10-2016 at 23:12:06,41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

ESET

 

C:\AdwCleaner\quarantine\files\kbqrufimunqnyiamcprsprlckiabmzmj\tbcore3.dll a variant of Win32/Toolbar.Softomate.A potentially unwanted application cleaned by deleting
C:\Users\Jak\AppData\Roaming\Mozilla\Firefox\Profiles\vngk0sp5.default\prefs.js JS/SecurityDisabler.A.Gen potentially unwanted application cleaned by deleting
C:\Users\Jak\Desktop\Misc\Programs\cbsidlm-cbsi145-DAEMON_Tools_Lite-ORG-10778842 (1).exe a variant of Win32/CNETInstaller.B potentially unwanted application cleaned by deleting
C:\Users\Jak\Documents\Quizzer\Assorterede filer\loaristrojanremover.exe a variant of Win32/1AntiVirus potentially unwanted application deleted
C:\Users\Jak\Videos\Videos\DivXInstaller.exe a variant of Win32/CnsMin.AD potentially unwanted application deleted


#4 buddy215

buddy215

  • Moderator
  • 13,496 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:41 AM

Posted 15 October 2016 - 06:54 AM

In reference to your scan history....have you scanned using MBAM more than once? Was MBAM installed on the 13th of Oct. or previously?

 

As you can see in the other scan logs, AVG Free installs adware. It may attempt to install again during updates or upgrades. AVG adware was removed

along with a few others.

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 EsmeWeatherwax

EsmeWeatherwax
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 15 October 2016 - 11:48 AM

CCleaner lists

 

Windows startups

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run Google Update Google Inc. "C:\Users\Jak\AppData\Local\Google\Update\GoogleUpdate.exe" /c
Yes HKCU:Run Skype Skype Technologies S.A. "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
No HKCU:Run Skype Skype Technologies S.A. "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
Yes HKCU:Run Steam Valve Corporation "C:\Program Files (x86)\Steam\Steam.exe" -silent
Yes HKLM:Run ArcadeMovieService CyberLink Corp. "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
Yes HKLM:Run ArcSoft Connection Service ArcSoft Inc. C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
Yes HKLM:Run AVG_UI AVG Technologies CZ, s.r.o. "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=av
Yes HKLM:Run AvgUi AVG Technologies CZ, s.r.o. "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
Yes HKLM:Run BackupManagerTray NTI Corporation "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
Yes HKLM:Run Dolby Advanced Audio v2 Dolby Laboratories Inc. "C:\Dolby PCEE4\pcee4.exe" -autostart
Yes HKLM:Run ETDCtrl ELAN Microelectronics Corp. %ProgramFiles%\Elantech\ETDCtrl.exe
Yes HKLM:Run HotKeysCmds Intel Corporation C:\Windows\system32\hkcmd.exe
Yes HKLM:Run IgfxTray Intel Corporation C:\Windows\system32\igfxtray.exe
Yes HKLM:Run IntelPAN Intel® Corporation "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
Yes HKLM:Run IntelTBRunOnce Microsoft Corporation wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
Yes HKLM:Run LManager Dritek System Inc. C:\Program Files (x86)\Launch Manager\LManager.exe
Yes HKLM:Run LogMeIn GUI LogMeIn, Inc. "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
Yes HKLM:Run Norton Online Backup Symantec Corporation C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
Yes HKLM:Run NUSB3MON Renesas Electronics Corporation "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
Yes HKLM:Run Persistence Intel Corporation C:\Windows\system32\igfxpers.exe
Yes HKLM:Run Power Management Acer Incorporated C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
Yes HKLM:Run RtHDVBg_Dolby Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 
Yes HKLM:Run RtHDVCpl Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
Yes HKLM:Run SuiteTray Egis Technology Inc. "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
Yes Startup Common McAfee Security Scan Plus.lnk McAfee, Inc. C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe
Yes Startup User Send to OneNote.lnk Microsoft Corporation C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
Yes Startup User TotalVPN.lnk PSEUDiO Ltd C:\Users\Jak\AppData\Local\TotalVPN\TotalVPN.exe
 
 
Scheduled tasks
Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task AVG-Secure-Search-Update_JUNE2013_HP_rmv C:\Windows\TEMP\{BAC26436-D5B4-4B5C-8ECD-110AAC9E74EE}.exe --uninstall=1
Yes Task AVG-Secure-Search-Update_JUNE2013_TB_rmv C:\Windows\TEMP\{BD4EB2EE-BF0B-45DF-8827-6CF4E03C1CD4}.exe --uninstall=1
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task CreateChoiceProcessTask Microsoft Corporation C:\Windows\System32\browserchoice.exe /launch
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskUserS-1-5-21-463331000-3288923065-226677190-1002Core Google Inc. C:\Users\Jak\AppData\Local\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskUserS-1-5-21-463331000-3288923065-226677190-1002UA Google Inc. C:\Users\Jak\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task {DFBAC86B-A6C9-45A8-840E-AE270FB6F06C} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\Jak\Desktop\Works\MSWorks\Setup.exe -d C:\Users\Jak\Desktop\Works\MSWorks
 
 
List of installed programs
Acer Backup Manager NTI Corporation 13-10-2011 336 MB 3.0.0.99
Acer Crystal Eye Webcam CyberLink Corp. 03-01-2012 33,7 MB 1.0.1904
Acer ePower Management Acer Incorporated 03-01-2012 6.00.3008
Acer eRecovery Management Acer Incorporated 13-10-2011 5.00.3504
Acer Games WildTangent 14-10-2011 1.0.2.5
Acer Registration Acer Incorporated 04-01-2012 1.04.3504
Acer ScreenSaver Acer Incorporated 04-01-2012 1.1.0519.2011
Adobe AIR Adobe Systems Incorporated 11-02-2015 16.0.0.245
Adobe Flash Player 23 ActiveX Adobe Systems Incorporated 11-10-2016 5,36 MB 23.0.0.185
Adobe Flash Player 23 NPAPI Adobe Systems Incorporated 11-10-2016 5,89 MB 23.0.0.185
Adobe Reader X (10.1.16) MUI Adobe Systems Incorporated 15-10-2015 482 MB 10.1.16
Amazon Kindle Amazon 23-11-2014
Amnesia: A Machine for Pigs The Chinese Room 10-11-2014
ArcSoft WebCam Companion 3 ArcSoft 01-02-2013 3.0.15.182
AVG AVG Technologies 30-09-2016 1.101.2.40207
AVG Protection AVG Technologies 10-10-2016 2016.121.7858
Battle.net Blizzard Entertainment 02-05-2014
Broadcom Card Reader Driver Installer Broadcom Corporation 13-10-2011 2,76 MB 14.8.2.2
Broadcom NetLink Controller Broadcom Corporation 13-10-2011 508 KB 14.8.4.1
CCleaner Piriform 13-10-2016 5.22
clear.fi CyberLink Corp. 03-01-2012 167 MB 1.0.2024.00
clear.fi Client Acer Incorporated 03-01-2012 1.00.3500
Diablo III Blizzard Entertainment 14-05-2014
Dolby Advanced Audio v2 Dolby Laboratories Inc 03-01-2012 12,9 MB 7.2.7000.7
ESET Online Scanner v3 15-10-2016
ETDWare PS/2-X64 8.0.6.3_WHQL ELAN Microelectronic Corp. 04-01-2012 8.0.6.3
Evernote v. 4.5.1 Evernote Corp. 13-10-2011 151 MB 4.5.1.5451
FileZilla Client 3.9.0.2 Tim Kosse 05-08-2014 21,8 MB 3.9.0.2
FLV to MP3 Converter 2.2.0.0 AbyssMedia.com 08-08-2012 10,7 MB 2.2.0.0
Fona fotoservice CEWE Stiftung u Co. KGaA 17-03-2015 276 MB 5.1.8
Fooz Kids FUHU, Inc. 14-10-2011 3.0.8
Fooz Kids Platform FUHU, Inc. 13-10-2011 2.1
Freecorder 6 Applian Technologies Inc. 08-08-2012 2.1.10
Freecorder 6 Add-on for Firefox Applian Technologies, Inc. 08-08-2012 2.1.9
Freecorder 6 Applications (6.0.0.37) Applian Technologies 08-08-2012 6.0.0.37
Game Channels WildTangent, Inc. 02-02-2014 6.1.0.5
GetTextSize_PC UNKNOWN 10-02-2015 1.0
Google Chrome Google Inc. 30-10-2012 53.0.2785.143
Google Photos Backup Google, Inc. 13-04-2016 7,51 MB 1.1.2.13
Hearthstone Blizzard Entertainment 21-05-2014
HitmanPro 3.7 SurfRight B.V. 29-11-2013 3.7.8.208
Identity Card Acer Incorporated 04-01-2012 1.00.3501
Intel® Control Center Intel Corporation 06-07-2012 1.2.1.1007
Intel® Management Engine Components Intel Corporation 06-07-2012 7.0.0.1144
Intel® Processor Graphics Intel Corporation 06-07-2012 8.15.10.2418
Intel® PROSet/Wireless WiFi Software Intel Corporation 03-01-2012 148 MB 14.01.1000
Intel® Rapid Storage Technology Intel Corporation 06-07-2012 10.5.0.1026
Intel® Turbo Boost Technology Monitor 2.0 Intel 03-01-2012 13,2 MB 2.1.23.0
Intel® WiDi Intel Corporation 03-01-2012 139 MB 2.1.41.0
Java 7 Update 67 Oracle 26-08-2014 118 MB 7.0.670
Java™ 6 Update 24 Oracle 10-07-2014 96,9 MB 6.0.240
JavaFX 2.1.1 Oracle Corporation 08-08-2012 20,8 MB 2.1.1
Launch Manager Acer Inc. 04-01-2012 5.1.7
LogMeIn LogMeIn, Inc. 03-08-2014 79,1 MB 4.1.4408
LogMeIn Client LogMeIn, Inc. 12-12-2015 12,6 MB 1.3.1675
Malwarebytes Anti-Malware version 2.2.1.1043 Malwarebytes 13-10-2016 66,8 MB 2.2.1.1043
McAfee Security Scan Plus McAfee, Inc. 23-08-2016 10,2 MB 3.11.376.2
Memsource Editor Memsource 30-06-2014 23,1 MB 4.151
Microsoft .NET Framework 4.6.1 Microsoft Corporation 02-03-2016 38,8 MB 4.6.01055
Microsoft Office 2007 Primary Interop Assemblies Microsoft Corporation 12-07-2014 11,2 MB 12.0.4518.1014
Microsoft Office Click-to-Run 2010 Microsoft Corporation 26-12-2012 14.0.4763.1000
Microsoft Office Starter 2010 - English Microsoft Corporation 26-12-2012 14.0.5131.5000
Microsoft Office Word 2007 Microsoft Corporation 28-11-2013 12.0.6612.1000
Microsoft OneDrive Microsoft Corporation 16-06-2014 26,7 MB 17.0.4023.1211
Microsoft OneNote 2013 - en-us Microsoft Corporation 20-09-2016 15.0.4859.1002
Microsoft Silverlight Microsoft Corporation 12-10-2016 596 MB 5.1.50901.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 13-10-2011 1,69 MB 3.1.0000
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 07-07-2012 300 KB 8.0.56336
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 03-01-2012 788 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 07-07-2012 788 KB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 13-10-2011 240 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 13-10-2011 596 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 07-07-2012 600 KB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 12-02-2015 13,8 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 12-02-2015 12,2 MB 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 12-02-2015 10.0.50903
Microsoft WSE 2.0 SP3 Runtime Microsoft Corp. 10-07-2014 711 KB 2.0.5050.0
Microsoft XNA Framework Redistributable 4.0 Refresh Microsoft Corporation 10-07-2013 8,03 MB 4.0.30901.0
Mobile Broadband HL Service Huawei Technologies Co.,Ltd 05-10-2014 22.001.25.00.03
Mozilla Firefox 39.0 (x86 en-GB) Mozilla 08-08-2016 84,1 MB 39.0
Mozilla Maintenance Service Mozilla 14-05-2014 341 KB 29.0.1
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 24-02-2013 1,27 MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 25-02-2013 1,33 MB 4.20.9876.0
MSXML4 Parser Microsoft Game Studios 22-02-2013 1,24 MB 1.0.0
MyWinLocker Suite Egis Technology Inc. 03-01-2012 2,63 MB 4.0.14.19
newsXpresso esobi Inc. 13-10-2011 7,34 MB 1.0.0.40
Norton Online Backup Symantec Corporation 13-10-2011 6,19 MB 2.1.17869
NTI Media Maker 9 NTI Corporation 03-01-2012 0,96 GB 9.0.2.9002
NVIDIA Graphics Driver 285.64 NVIDIA Corporation 03-01-2012 285.64
NVIDIA PhysX NVIDIA Corporation 03-01-2012 78,9 MB 9.10.0514
Open XML SDK 2.0 for Microsoft Office Microsoft Corporation 10-07-2014 19,1 MB 2.0.5022
Race The Sun Flippfly LLC 19-01-2014
RarZilla Free Unrar Philipp Winterberg 03-08-2012 4.80
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 03-01-2012 6.0.1.6438
Renesas Electronics USB 3.0 Host Controller Driver Renesas Electronics Corporation 03-01-2012 1,01 MB 2.0.34.0
Rogue Legacy Cellar Door Games 10-07-2013
SDL Passolo Essential 2011 SP6 SDL 10-07-2014 41,1 MB 11.6.0.0
SDL Trados 2011 SP2R - Remove suite of products SDL 10-07-2014 2.2.3046
SDL Trados Compatibility module SDL 10-07-2014 83,7 MB 1.0.72
SDL Trados Studio 2011 SP2R SDL 10-07-2014 797 MB 2.2.3123
Shadowrun Returns Harebrained Schemes 10-11-2014
Shovel Knight Yacht Club Games 18-08-2015
Skype Click to Call Microsoft Corporation 26-05-2016 25,0 MB 8.3.0.9150
Skype™ 7.28 Skype Technologies S.A. 29-09-2016 236 MB 7.28.101
Star Realms version 2.22 White Wizard Games 27-06-2015 162 MB 2.22
Steam Valve Corporation 10-07-2013 1,77 MB 1.0.0.0
The Binding Of Isaac version 1.5 Headup Games GmbH & Co. KG 05-11-2012 37,7 MB 1.5
TotalVPN 1.2.51 TotalVPN 30-04-2016 1.2.51
Unity Web Player Unity Technologies ApS 05-03-2013 12,0 MB
Visual Studio 2010 x64 Redistributables AVG Technologies 06-12-2012 12,4 MB 13.0.0.1
Visual Studio 2012 x64 Redistributables AVG Technologies 14-03-2014 12,9 MB 14.0.0.1
Visual Studio 2012 x86 Redistributables AVG Technologies CZ, s.r.o. 14-03-2014 10,5 MB 14.0.0.1
VLC media player VideoLAN 11-05-2015 2.2.1
Welcome Center Acer Incorporated 04-01-2012 1.02.3504
Windows Live Essentials Microsoft Corporation 13-10-2011 15.4.3538.0513
 

 

Regarding MBAM: I installed it on the 13th of October and only ran the scan once. Afterwards, it said that it had detected 1879 items and sure enough, when I click on History -> Quarantine, I see a ton of files listed (various PUPs), in line with the Protection Log also saying "1 Malware Detection, 1878 Non-Malware Detections". But as shown above, those numbers aren't listed in the Scan Log. Do you know why that is or what it means?



#6 buddy215

buddy215

  • Moderator
  • 13,496 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:41 AM

Posted 15 October 2016 - 12:05 PM

Change the settings in MBAM to allow it to remove PUPS. Then rerun MBAM.

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn (Change to Enabled)
PUM: Enabled

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 buddy215

buddy215

  • Moderator
  • 13,496 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:41 AM

Posted 15 October 2016 - 12:34 PM

Suggest to Disable these Windows Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

Yes HKCU:Run Skype Skype Technologies S.A. "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

Yes HKCU:Run Steam Valve Corporation "C:\Program Files (x86)\Steam\Steam.exe" -silent
Yes HKLM:Run ArcadeMovieService CyberLink Corp. "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
Yes HKLM:Run ArcSoft Connection Service ArcSoft Inc. C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
Yes HKLM:Run IgfxTray Intel Corporation C:\Windows\system32\igfxtray.exe
Yes HKLM:Run Norton Online Backup Symantec Corporation C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
Yes Startup Common McAfee Security Scan Plus.lnk McAfee, Inc. C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe
Yes Startup User Send to OneNote.lnk Microsoft Corporation C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
Yes Startup User TotalVPN.lnk PSEUDiO Ltd C:\Users\Jak\AppData\Local\TotalVPN\TotalVPN.exe
 
Disable these Tasks: Use CCleaner by clicking on each item and choosing Disable on the right.
Yes Task CreateChoiceProcessTask Microsoft Corporation C:\Windows\System32\browserchoice.exe /launch
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task GoogleUpdateTaskUserS-1-5-21-463331000-3288923065-226677190-1002Core Google Inc. C:\Users\Jak\AppData\Local\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskUserS-1-5-21-463331000-3288923065-226677190-1002UA Google Inc. C:\Users\Jak\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task {DFBAC86B-A6C9-45A8-840E-AE270FB6F06C} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\Jak\Desktop\Works\MSWorks\Setup.exe -d C:\Users\Jak\Desktop\Works\MSWorks
 
Delete these Tasks: Use CCleaner by clicking on each item and choosing Delete on the right.
Yes Task AVG-Secure-Search-Update_JUNE2013_HP_rmv C:\Windows\TEMP\{BAC26436-D5B4-4B5C-8ECD-110AAC9E74EE}.exe --uninstall=1
Yes Task AVG-Secure-Search-Update_JUNE2013_TB_rmv C:\Windows\TEMP\{BD4EB2EE-BF0B-45DF-8827-6CF4E03C1CD4}.exe --uninstall=1
 
Uninstall these programs:
Acer Games WildTangent 14-10-2011 1.0.2.5
Adobe AIR Adobe Systems Incorporated 11-02-2015 16.0.0.245 (Old/ unsecured Adobe products are malware magnets) Update or Uninstall...your choice.
Adobe Reader X (10.1.16) MUI Adobe Systems Incorporated 15-10-2015 482 MB 10.1.16
ESET Online Scanner v3 15-10-2016
Game Channels WildTangent, Inc. 02-02-2014 6.1.0.5
Java 7 Update 67 Oracle 26-08-2014 118 MB 7.0.670
Java™ 6 Update 24 Oracle 10-07-2014 96,9 MB 6.0.240
JavaFX 2.1.1 Oracle Corporation 08-08-2012 20,8 MB 2.1.1
McAfee Security Scan Plus McAfee, Inc. 23-08-2016 10,2 MB 3.11.376.2
Mozilla Firefox 39.0 (x86 en-GB) Mozilla 08-08-2016 84,1 MB 39.0 (Uninstall or Update...your choice)
Mozilla Maintenance Service Mozilla 14-05-2014 341 KB 29.0.1
Skype Click to Call Microsoft Corporation 26-05-2016 25,0 MB 8.3.0.9150
 
 
 
 
 
 
 

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 EsmeWeatherwax

EsmeWeatherwax
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 16 October 2016 - 02:35 AM

About MBAM, I ran the scan again and it didn't find anything, but the 1879 files are all already in Quarantine. Should I "unquarantine" (if that's possible), scan again and then post the log so you can see or is that unnecessary?

#9 buddy215

buddy215

  • Moderator
  • 13,496 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:41 AM

Posted 16 October 2016 - 04:35 AM

No that's not necessary and would reinfect the computer. There must have been two scans run. You can find the first scan log per directions below. 

Restart MBAM

  • Click on the History tab >> Application Logs.
  • Double click on the scan log which shows the Date and time of the scan that showed the infections.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

After doing the Disabling, Deleting and uninstalling........is the computer performing up to par?


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 EsmeWeatherwax

EsmeWeatherwax
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 17 October 2016 - 03:06 PM

1. Protection Log:
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Update, 13-10-2016 22:12, SYSTEM, JAKS, Manual, Remediation Database, 2016.2.12.1, 2016.9.21.1, 
Update, 13-10-2016 22:12, SYSTEM, JAKS, Manual, Rootkit Database, 2016.2.8.1, 2016.9.26.2, 
Update, 13-10-2016 22:12, SYSTEM, JAKS, Manual, IP Database, 2016.2.8.1, 2016.10.12.1, 
Update, 13-10-2016 22:12, SYSTEM, JAKS, Manual, Domain Database, 2016.2.16.8, 2016.10.13.6, 
Update, 13-10-2016 22:12, SYSTEM, JAKS, Manual, Malware Database, 2016.2.16.6, 2016.10.13.10, 
Scan, 13-10-2016 23:19, SYSTEM, JAKS, Manual, Start:13-10-2016 22:14, Duration:54 min 3 sec, Threat Scan, Completed, 1 Malware Detection, 1878 Non-Malware Detections, 
 
(end)
 
 
2. I couldn't uninstall Game Channels, Wild Tangent - got the message "Error 2 - The system cannot find the file specified".
3. Would like to keep Adobe Reader, so update instead?
4. Also, he needs Java, so just update instead?
5. Mozilla: If I choose to update, do I still uninstall Mozilla Maintenance Service?


#11 buddy215

buddy215

  • Moderator
  • 13,496 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:41 AM

Posted 17 October 2016 - 03:54 PM

Wild Tangent may be already uninstall and just the listing remains.

 

Yes, open Adobe Reader and update...

 

Uninstall the 2 old Java programs. Then go to java.com: Java + You to get the latest for Windows. Be sure to watch while installing

and not allow/ uncheck offers of toolbars or other junk that you may be offered to install.

 

You can keep Mozilla Maintenance Service after updating Firefox....it's optional...more info at What is the Mozilla Maintenance Service? | Mozilla Support

 

 

I don't know exactly what MBAM is reporting if you saw that result after a new install and first scan. So, I think it best to uninstall

MBAM. After uninstalling and rebooting the computer, I recommend reinstalling and running another scan. The free version should

be updated occassionally so it is ready for use when needed or an occassional scan.

 

To uninstall Malwarebytes Anti-Malware from your computer, please use our Malwarebytes Clean Uninstall Tool,  mbam-clean.exe. This tool was created to completely remove all traces of the program from your computer. 

To use the utility:

  1. Download and run mbam-clean.exe
  2. Restart your computer when prompted. 

Note: This tool will completely remove any settings you have configured, your license information, and anything else related to Malwarebytes Anti-Malware. If you need to save any of these, please do not run this tool.


Edited by buddy215, 17 October 2016 - 04:15 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#12 EsmeWeatherwax

EsmeWeatherwax
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 18 October 2016 - 08:40 AM

What happens to the quarantined files (the 1879 files) if I uninstall Malwarebytes?

#13 buddy215

buddy215

  • Moderator
  • 13,496 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:41 AM

Posted 18 October 2016 - 08:53 AM

All will be deleted.

 

I'm thinking that sometime in the past MBAM was used, not uninstalled completely and it is showing results from previous use.

That is why I ask it to be uninstalled using the tool provided by MBAM.


Edited by buddy215, 18 October 2016 - 09:00 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#14 buddy215

buddy215

  • Moderator
  • 13,496 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:41 AM

Posted 18 October 2016 - 09:02 AM

I edited my last post...


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#15 EsmeWeatherwax

EsmeWeatherwax
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 20 October 2016 - 03:15 PM

I disabled/uninstalled the tasks and programs. MBAM didn't find anything when I ran it again. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users