pjkaf Posted August 19, 2013 ID:717477 Share Posted August 19, 2013 Hi guys. I was wondering if anyone can explain this. I paid for Norton when I first got my computer in December. It is windows 8 and I thought it was fine. I heard malwarebytes was better so I downloaded it and after a full scan it just told me I have 18 viruses. I regularly bank and share deal on this computer so now im worried about email passwords, bank passwords ect. Do i need to cancel all these accounts? And can I ever trust my computer again? Heres a log of the viruses; Thanks for reading. Also, I am off to bed now but will be back on tomorrow and have not removed anything until I see what you guys think. Thanks again. Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2013.08.19.06 Windows 8 x64 NTFSInternet Explorer 10.0.9200.16660Patrick :: PJ [administrator] 19/08/2013 23:23:39MBAM-log-2013-08-20 (00-03-28).txt Scan type: Full scan (C:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 385189Time elapsed: 31 minute(s), 19 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 3HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA} (PUP.Optional.WebCake.A) -> No action taken.HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8} (PUP.Optional.MySearchDial.A) -> No action taken.HKLM\SOFTWARE\InstallCore\mysearchdial (PUP.Optional.MySearchDial.A) -> No action taken. Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 1HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.MySearchDial.A) -> Bad: (http://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0E0C0AzzyC0ByC0BzyyDtA0BzyyBzz0FtN0D0Tzu0CyDyCyCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=55764134&ir=) Good: (http://www.google.com) -> No action taken. Folders Detected: 6C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> No action taken.C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> No action taken.C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> No action taken.C:\Users\Patrick\AppData\Roaming\mysearchdial (PUP.Optional.MySearchDial.A) -> No action taken.C:\Users\Patrick\AppData\Roaming\mysearchdial\icons_2.2.4.731 (PUP.Optional.MySearchDial.A) -> No action taken.C:\Users\Patrick\AppData\Roaming\mysearchdial\UpdateProc (PUP.Optional.MySearchDial.A) -> No action taken. Files Detected: 8C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> No action taken.C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> No action taken.C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> No action taken.C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> No action taken.C:\Users\Patrick\AppData\Roaming\mysearchdial\icons_2.2.4.731\magnifying.ico (PUP.Optional.MySearchDial.A) -> No action taken.C:\Users\Patrick\AppData\Roaming\mysearchdial\icons_2.2.4.731\star2.ico (PUP.Optional.MySearchDial.A) -> No action taken.C:\Users\Patrick\AppData\Roaming\mysearchdial\UpdateProc\config.dat (PUP.Optional.MySearchDial.A) -> No action taken.C:\Users\Patrick\AppData\Roaming\mysearchdial\UpdateProc\TTL.DAT (PUP.Optional.MySearchDial.A) -> No action taken. (end) Link to post Share on other sites More sharing options...
MrCharlie Posted August 19, 2013 ID:717483 Share Posted August 19, 2013 Welcome to the forum.There's no viruses on the system, those are Potetionally Unwanted Programs (PUP) (adware/foistware). Your system is secure.Not all programs detect them, Malwarebytes just started an aggressive PUP Policy:http://forums.malwarebytes.org/index.php?showtopic=130156&p=708324Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.Make sure that everything is checked, and click Remove Selected.Then.......Please download AdwCleaner from here and save it on your Desktop. AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.AdwCleaner is a tool that deletes :· Adwares (software ads)· PUP/LPI (Potentially Undesirable Program)· Toolbars· Hijacker (Hijack of the browser's homepage)It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode.Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.Now click on the Search tab.Please post the contents of the log-file created in your next post.Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.Note:Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:/DisableAskDetection - This option disables Ask Toolbar detection.MrC Link to post Share on other sites More sharing options...
pjkaf Posted August 20, 2013 Author ID:717862 Share Posted August 20, 2013 Hi appreciate the reply very much. Doing the quick scan now then will download and post the next log as requested! Thanks alot I really really appreciate the help Link to post Share on other sites More sharing options...
pjkaf Posted August 20, 2013 Author ID:717865 Share Posted August 20, 2013 # AdwCleaner v3.000 - Report created 20/08/2013 at 20:10:11# Updated 20/08/2013 by Xplode# Operating System : Windows 8 (64 bits)# Username : Patrick - PJ# Running from : C:\Users\Patrick\Desktop\adwcleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXEKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCSKey Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKCU\Software\InstallCoreKey Deleted : HKCU\Software\mysearchdialKey Deleted : HKLM\Software\InstallCoreKey Deleted : [x64] HKLM\SOFTWARE\Tarma Installer ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16660 Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] -\\ Google Chrome v28.0.1500.95 [ File : C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [2119 octets] - [20/08/2013 20:09:16]AdwCleaner[s0].txt - [1799 octets] - [20/08/2013 20:10:11] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1859 octets] ########## Link to post Share on other sites More sharing options...
MrCharlie Posted August 20, 2013 ID:717940 Share Posted August 20, 2013 OK...let me know...MrC Link to post Share on other sites More sharing options...
pjkaf Posted August 21, 2013 Author ID:718351 Share Posted August 21, 2013 # AdwCleaner v3.000 - Report created 20/08/2013 at 20:10:11# Updated 20/08/2013 by Xplode# Operating System : Windows 8 (64 bits)# Username : Patrick - PJ# Running from : C:\Users\Patrick\Desktop\adwcleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXEKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCSKey Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKCU\Software\InstallCoreKey Deleted : HKCU\Software\mysearchdialKey Deleted : HKLM\Software\InstallCoreKey Deleted : [x64] HKLM\SOFTWARE\Tarma Installer ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16660 Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] -\\ Google Chrome v28.0.1500.95 [ File : C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [2119 octets] - [20/08/2013 20:09:16]AdwCleaner[s0].txt - [1799 octets] - [20/08/2013 20:10:11] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1859 octets] ########## Link to post Share on other sites More sharing options...
MrCharlie Posted August 21, 2013 ID:718375 Share Posted August 21, 2013 Lets check your computers security before you go and we have a little cleanup to do also: Download Security Check by screen317 from HERE or HERE.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.If you get Unsupported operating system. Aborting now, just reboot and try again.A Notepad document should open automatically called checkup.txt.Please Post the contents of that document.Do Not Attach It!!!MrC Link to post Share on other sites More sharing options...
pjkaf Posted August 21, 2013 Author ID:718379 Share Posted August 21, 2013 hey heres the next log Results of screen317's Security Check version 0.99.72 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Defender Norton 360 WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Visual Studio Extensions for Windows Library for JavaScript Java 7 Update 25 JavaScript Tooling Google Chrome 28.0.1500.72 Google Chrome 28.0.1500.95 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` thanks Link to post Share on other sites More sharing options...
pjkaf Posted August 21, 2013 Author ID:718414 Share Posted August 21, 2013 do u think my pc is rock solid secure then? thanks Link to post Share on other sites More sharing options...
MrCharlie Posted August 21, 2013 ID:718416 Share Posted August 21, 2013 do u think my pc is rock solid secure then? thanksYes it isJust get rid of the old version of Chrome:Google Chrome 28.0.1500.72 <-----OLDGoogle Chrome 28.0.1500.95 <-----OKYou have old versions of Google Chrome on the system.Please download and run OldChromeRemover.@Windows Vista/Windows 7-8 users must use “Run As Administrator.”-----------------------------------A little clean up to do....Please download OTC to your desktop.http://oldtimer.geekstogo.com/OTC.exeDouble-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")Click on the CleanUp! button and follow the prompts.(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)You will be asked to reboot the machine to finish the Cleanup process, choose Yes.After the reboot all the tools we used should be gone.Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.Any other programs or logs you can manually delete.IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.-------------------------------Any questions...please post back.If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.Take a look at My Preventive Maintenance to avoid being infected again.Good Luck and Thanks for using the forum, MrC Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 23, 2013 ID:719341 Share Posted August 23, 2013 Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you. Link to post Share on other sites More sharing options...
Recommended Posts