Jump to content

beatboy79

Members
  • Posts

    8
  • Joined

  • Last visited

Everything posted by beatboy79

  1. You are very welcome! I would have been lost without your expert guidance.
  2. By jolly, I think we've cracked it! I can't see any problems now and I have ran a Avast and Malwarebytes scan and both have come back without threats. Thank you so much for all your help, I really appreciate it!
  3. Hi Kevin - thanks. Yes I think Chrome is working OK now. Below is the ZOEK script. I've also realised that earlier this afternoon I sent you the wrong JRT text file (what I sent you was empty). For some reason two had been created and the one I only discovered accidentally about 20 minutes seems to be most relevant as it contains the name of the file that I know infected my computer "FREE_GO_TO_MARKET_STRATEGY_TE-A544C871.pf". I'm really sorry about that - I've posted this JRT below as well after ZOEK. Thanks again for all your help. ZOEK oek.exe v5.0.0.1 Updated 19-September-2016 Tool run by James Hudson on 29/09/2016 at 21:48:16.02. Microsoft Windows 10 Home 10.0.10586 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\James Hudson\Desktop\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 29/09/2016 21:49:01 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~3\Canon IJ Network Tool deleted successfully C:\PROGRA~3\Comms deleted successfully C:\PROGRA~3\SoftwareDistribution deleted successfully C:\PROGRA~3\SUPPORTDIR deleted successfully C:\PROGRA~3\Webitar Production Inc deleted successfully C:\Users\James Hudson\AppData\Local\ActiveSync deleted successfully C:\Users\James Hudson\AppData\Local\CyberLink deleted successfully C:\Users\James Hudson\AppData\Local\FluxSoftware deleted successfully C:\Users\James Hudson\AppData\Local\NetworkTiles deleted successfully C:\Users\James Hudson\AppData\Local\VirtualStore deleted successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\NetworkTiles deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Batch Command(s) Run By Tool====================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ==== Deleting Files \ Folders ====================== C:\PROGRA~3\Package Cache deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\WINDOWS\SysWow64\AI_RecycleBin deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [26/09/2016 08:41] [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [26/09/2016 08:41] ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions eofcbnmajmjmplflapaojjnihcjkigck - No path found[] gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[] Full Page Screen Capture - James Hudson\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl censoreding Work - James Hudson\AppData\Local\Google\Chrome\User Data\Default\Extensions\hibmkkpfegfiinilnlabbfnjcopdiiig Chrome Media Router - James Hudson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm ==== Chromium Fix ====================== C:\Users\James Hudson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully C:\Users\James Hudson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\James Hudson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully C:\Users\James Hudson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://lenovo15.msn.com/?pc=LCTE" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{4186F5E9-53A3-4DCA-A992-FD7F81E39D86}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4186F5E9-53A3-4DCA-A992-FD7F81E39D86}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://lenovo15.msn.com/?pc=LCTE" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{4186F5E9-53A3-4DCA-A992-FD7F81E39D86}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\SearchScopes\{4186F5E9-53A3-4DCA-A992-FD7F81E39D86} - http://www.bing.com/search?q={searchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE HKLM\Wow6432Node\SearchScopes "DefaultScope"="{4186F5E9-53A3-4DCA-A992-FD7F81E39D86}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes\{4186F5E9-53A3-4DCA-A992-FD7F81E39D86} - http://www.bing.com/search?q={searchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 ==== Reset Google Chrome ====================== C:\Users\James Hudson\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\James Hudson\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\James Hudson\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\James Hudson\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki deleted successfully ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\James Hudson\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\James Hudson\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\James Hudson\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\James Hudson\AppData\Local\Microsoft\Windows\INetCache\IE\3WMW4EHQ will be deleted at reboot C:\Users\James Hudson\AppData\Local\Microsoft\Windows\INetCache\IE\4NFNDT8W will be deleted at reboot C:\Users\James Hudson\AppData\Local\Microsoft\Windows\INetCache\IE\5GSP51OQ will be deleted at reboot C:\Users\James Hudson\AppData\Local\Microsoft\Windows\INetCache\IE\9I1YS6YB will be deleted at reboot C:\Users\James Hudson\AppData\Local\Microsoft\Windows\INetCache\IE\F799G69O will be deleted at reboot C:\Users\James Hudson\AppData\Local\Microsoft\Windows\INetCache\IE\GB6AZCJZ will be deleted at reboot C:\Users\James Hudson\AppData\Local\Microsoft\Windows\INetCache\IE\HPPLH8ML will be deleted at reboot C:\Users\James Hudson\AppData\Local\Microsoft\Windows\INetCache\IE\MT7V9PX0 will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\James Hudson\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=33 folders=34 31054963 bytes) ==== Empty Temp Folders ====================== C:\WINDOWS\Temp will be emptied at reboot JRT Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.8 (09.20.2016) Operating System: Windows 10 Home x64 Ran by James Hudson (Administrator) on 29/09/2016 at 14:34:15.41 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 2 Successfully deleted: C:\WINDOWS\prefetch\AVAST_FREE_ANTIVIRUS_SETUP_ON-E7EEBB05.pf (File) Successfully deleted: C:\WINDOWS\prefetch\FREE_GO_TO_MARKET_STRATEGY_TE-A544C871.pf (File) Registry: 1 Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4186F5E9-53A3-4DCA-A992-FD7F81E39D86} (Registry Key)
  4. Hi Kevin. I've managed to restore Google Chrome as my default browser. However when I did it my default apps starting playing havoc again with Windows telling me an app was changing my default settings. Also, I just ran a Malwarebytes scan and it says I still have the PUP.Optional.Yourconnectivity.ShrtCln as an unwanted threat.
  5. Hi Kevin. Thank you. Attached the Fixlog.txt. Sophos showed no viruses. Please find below my other logs. AdwCleaner(C*) ***** [ Services ] ***** ***** [ Folders ] ***** ***** [ Files ] ***** ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Registry ] ***** [-] Data restored: HKU\S-1-5-21-4025617602-131566914-3426664648-1001\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages] [-] Data restored: HKU\S-1-5-21-4025617602-131566914-3426664648-1001\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL] [-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages] [-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL] [-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages] [-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL] ***** [ Web browsers ] ***** ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [1412 Bytes] - [29/09/2016 14:28:54] C:\AdwCleaner\AdwCleaner[S0].txt - [1900 Bytes] - [29/09/2016 14:28:06] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1558 Bytes] ########## JRT: Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.8 (09.20.2016) Operating System: Windows 10 Home x64 Ran by James Hudson (Administrator) on 29/09/2016 at 14:36:52.51 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 0 Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 29/09/2016 at 14:38:26.08 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Fixlog.txt
  6. Thank you so much Kevin. Please find attached the logs as requested and the Malwarebytes log below this post. ************************ Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 29/09/2016 Scan Time: 11:41 Logfile: Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.09.29.05 Rootkit Database: v2016.09.26.02 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 10 CPU: x64 File System: NTFS User: James Hudson Scan Type: Threat Scan Result: Completed Objects Scanned: 325471 Time Elapsed: 10 min, 43 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 1 PUP.Optional.YourConnectivity.ShrtCln, C:\Users\James Hudson\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (yourconnectivity.net), Replaced,[b3366d0a3b5fd75ff613b64492727987] Physical Sectors: 0 (No malicious items detected) (end) Addition.txt FRST.txt Rkill.txt
  7. Hi Last week I stupidly tried downloading some online books for my university studies and have ended up getting my computer infected with this malware. Malwarebytes does quarantine it for me but it always comes back. Originally I had issues booting up the Google homepage but I have fixed that via a post I read on about "resetting" my Chrome account. The issue I have now a slow running computer; I can't make Chrome my default browser; and the malware seems to be causing havoc with my automatic program opening settings. I would be really grateful for some help to fix this. Thank you!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.