Optimus

Hi Ron, Computer is running great now. Here is the log: Results of screen317's Security Check version 1.009 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Webroot SecureAnywhere Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Adobe Reader XI Google Chrome (47.0.2526.106) Google Chrome (47.0.2526.80) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` Do you think the issue is solved now? Thanks,Emil

Hi Ron, Did both steps. Here is the log: Fix result of Farbar Recovery Scan Tool (x64) Version:23-12-2015Ran by New User (2016-01-02 11:51:54) Run:1Running from C:\Users\New User\DesktopLoaded Profiles: New User & MSSQL$SQLEXPRESS2012 & MSSQLFDLauncher$SQLEXPRESS2012 (Available Profiles: New User & MSSQL$SQLEXPRESS2012 & MSSQLFDLauncher$SQLEXPRESS2012 & Classic .NET AppPool & DefaultAppPool & MelonLMS_50)Boot Mode: Normal============================================== fixlist content:*****************Task: {5ECB1D9F-5D27-4255-9DB0-86A77162EA3B} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-17] (AVAST Software)Task: {9FEFDA85-8598-479F-B6F6-8412D21DFB45} - System32\Tasks\{A62D43AD-15DA-4275-84A9-A0966A9CC799} => pcalua.exe -a "C:\Users\New User\AppData\Roaming\webssearches\UninstallManager.exe" -c -ptid=tugs <==== ATTENTIONShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No FileC:\Users\New User\Downloads\avast-browser-cleanup.exeC:\Windows\System32\Tasks\AVAST SoftwareC:\ProgramData\AVAST SoftwareEmptyTemp:Reboot: ***************** "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{5ECB1D9F-5D27-4255-9DB0-86A77162EA3B}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5ECB1D9F-5D27-4255-9DB0-86A77162EA3B}" => key removed successfullyC:\Windows\System32\Tasks\AVAST Software\Avast settings backup => moved successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Avast settings backup" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9FEFDA85-8598-479F-B6F6-8412D21DFB45}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9FEFDA85-8598-479F-B6F6-8412D21DFB45}" => key removed successfullyC:\Windows\System32\Tasks\{A62D43AD-15DA-4275-84A9-A0966A9CC799} => moved successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A62D43AD-15DA-4275-84A9-A0966A9CC799}" => key removed successfully"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfullyHKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. C:\Users\New User\Downloads\avast-browser-cleanup.exe => moved successfullyC:\Windows\System32\Tasks\AVAST Software => moved successfully"C:\ProgramData\AVAST Software" => not found.EmptyTemp: => 1000.7 MB temporary data Removed. The system needed a reboot. ==== End of Fixlog 11:52:33 ====

Hi Ron, I ran the MBAM - no issues found (see attachment). I wish you too a very healthy and successful 2016! Best,Emil MBAM Log.txt

Hi Ron, I did the double restart and the scan - attached please find the results. FRST.txt Addition.txt

Hi Ron, Indeed the M51 issue has not appeared after I took the steps you advised. There is no trace of Avast in the procedure you described in the last post.

Hi Ron, I don't know why Avast data appears-I uninstalled the software before I started. I executed all steps as instructed. Here is the log file from JavaRa: JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Wed Dec 30 18:46:38 2015 There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124. Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/x-java-applet Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/x-java-jnlp-file Found and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.7.0.0 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects Found and removed: SOFTWARE\JavaSoft Found and removed: SOFTWARE\JreMetrics ------------------------------------ Finished reporting. What are the next steps (if any) to be done? Thanks,Emil

Hi Ron, Thanks a lot for the very detailed instructions. I did all this and here are the results (the FRST and Addition file are attached as otherwise the message content becomes too long). Thanks for taking a look and letting me know what the next steps would be. JRT.txt ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by MalwarebytesVersion: 8.0.1 (11.24.2015)Operating System: Windows 7 Professional x64 Ran by New User (Administrator) on 29/12/2015 at 21:30:16.53~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 6 Successfully deleted: C:\Users\New User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage-journal (File) Successfully deleted: C:\Users\New User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage (File) Successfully deleted: C:\Users\New User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\goodgame empire.lnk (Shortcut) Successfully deleted: C:\Users\New User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\goodgame empire.lnk (Shortcut) Successfully deleted: C:\Users\New User\AppData\Roaming\tencent (Folder) Successfully deleted: C:\Program Files (x86)\tencent (Folder) Registry: 1 Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_DAC62E1DF9428531B98EE6591C69814E (Registry Value) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 29/12/2015 at 21:34:53.14End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ADWCleaner.txt# AdwCleaner v5.026 - Logfile created 29/12/2015 at 21:59:38# Updated 21/12/2015 by Xplode# Database : 2015-12-29.1 [server]# Operating system : Windows 7 Professional Service Pack 1 (x64)# Username : New User - X230# Running from : C:\Users\New User\Desktop\AdwCleaner.exe# Option : Cleaning# Support : http://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** ***** [ Files ] ***** ***** [ DLLs ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** [-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Wechat][-] Key Deleted : HKLM\System\CurrentControlSet\Services\Eventlog\Application\Update Fortunitas[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}][-] Key Deleted : HKCU\Software\OCS[-] Key Deleted : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\MediaPlayerplus ***** [ Web browsers ] ***** ************************* :: "Tracing" keys removed:: Winsock settings cleared ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1361 bytes] ########## Malwarebytes LogMalwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 29/12/2015Scan Time: 22:04Logfile: Malwarebytes log.txtAdministrator: Yes Version: 2.2.0.1024Malware Database: v2015.12.29.06Rootkit Database: v2015.12.26.01License: TrialMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: New User Scan Type: Threat ScanResult: CompletedObjects Scanned: 550516Time Elapsed: 30 min, 5 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 2PUP.Optional.OpenCandy, C:\Users\New User\AppData\Local\Temp\HYDD163.tmp.1451420740\HTA\install.1451420740.zip, Quarantined, [83571a90b2d91026b09b89948a78fd03], PUP.Optional.OpenCandy, C:\Users\New User\AppData\Local\Temp\HYDD163.tmp.1451420740\HTA\3rdparty\OCSetupHlp.dll, Quarantined, [57831e8cc1ca46f039b20e9ff311867a], Physical Sectors: 0(No malicious items detected) (end) ESET LogC:\Users\New User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EGUBYDVP\KMPConnectSetup[1].exe a variant of Win32/MiniUPnP.C potentially unsafe applicationC:\Users\New User\AppData\LocalLow\Sun\Java\jre1.7.0_60\java_sp.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe applicationC:\Users\New User\AppData\LocalLow\Sun\Java\jre1.7.0_67\java_sp.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe applicationC:\Users\New User\Documents\Books\Travel Guides\Baja & Los Cabos 7th Edition, August 2007 [PDF]\baja--southern-baja.pdf JS/Trackware.ReadNotify.A potentially unwanted applicationC:\Users\New User\Documents\Books\Travel Guides\Baja & Los Cabos 7th Edition, August 2007 [PDF]\baja-directory-transport.pdf JS/Trackware.ReadNotify.A potentially unwanted applicationC:\Users\New User\Documents\Books\Travel Guides\Baja & Los Cabos 7th Edition, August 2007 [PDF]\baja-health.pdf JS/Trackware.ReadNotify.A potentially unwanted applicationC:\Users\New User\Documents\Books\Travel Guides\Baja & Los Cabos 7th Edition, August 2007 [PDF]\baja-language.pdf JS/Trackware.ReadNotify.A potentially unwanted applicationC:\Users\New User\Documents\Books\Travel Guides\Baja & Los Cabos 7th Edition, August 2007 [PDF]\baja-los-cabos-planning-information.pdf JS/Trackware.ReadNotify.A potentially unwanted applicationC:\Users\New User\Documents\Books\Travel Guides\Baja & Los Cabos 7th Edition, August 2007 [PDF]\baja-los-cabos.pdf JS/Trackware.ReadNotify.A potentially unwanted applicationC:\Users\New User\Downloads\saa_setup.exe Win32/BundleLoader.B potentially unwanted applicationC:\Users\New User\Downloads\Wondershare\mobilego_full818.exe Android/Exploit.Lotoor.EZ trojan Addition.txt FRST.txt

Help...anybody?!?

Can somebody help with this issue? FRST.txt and Addition.txt files are attached. Thanks very much in advance! FRST.txt Addition.txt

Hi guys, I have an issue (a quite common one it seems) with the m51.dnsqa.me malware. The issue is exactly the same as in this post (https://forums.malwarebytes.org/index.php?/topic/175951-dns-unblocker-m51dnsqame-problems/). I am running Chrome and Win 7 (64 bit) I have also run the FRST64 and attach here the Addition.txt and FRST.txt files. It would be really, really great if you help me with the fixlist.txt file. This nasty little virus is getting on my nerves indeed. Thanks very much in advance and have a great Christmas! Best regards,Emil Addition.txt FRST.txt