Jump to content
OneLoneRogue

Malwarebytes Not Installing | Possible Virus

Recommended Posts

Ok, so after tyring to install MalwareBytes and the program not installing, I found the necessary instructions and am now posting the results for review..been seeing a high CPU useage and thought it might be 'virus related' and wanted to get a 2nd opinion, seeing as I don't always trust Avast and so I wanted to use MalwareBytes.

 

Thanks for any help!

 

Martin

 

attach.txt

dds.txt

Share this post


Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Post those logs..

Share this post


Link to post
Share on other sites

You`ve posted a log from DDS (attach.txt) I wanted to see the second one from FRST (addition.txt)

Share this post


Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.


The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

Please download RogueKiller from here:

 

http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe  <- 32 bit version

 

http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe  <- 64 bit version

                                     

  • Make sure to get the correct version for your system.
  • Quit all running programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • Wait until Prescan has finished...
  • The following EULA will appear, please select accept
     
    RKLicence.png
     
  • Ensure MBR scan, Check faked and AntiRootkit are checked
  • Select Scan
     
    RK1A.png
     
  • When the scan completes select Report, copy and paste that to your reply.
     
    RK2A.png
     
  • The log should be found in RKreport[?].txt on your Desktop
  • Exit/Close RogueKiller


     
    Next,
     
    Download Security Check by screen317 from either of the following:
    http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe
    Save it to your Desktop.
    Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.
     
    Let me see those logs...
     
    Kevin
     
     
     
    fixlist.txt

Share this post


Link to post
Share on other sites

You do not include Fixlog.txt from FRST fix, can I see that log. RogueKiller shows no infection, is your system responding OK, see if you can install/run Malwarebyes:

 

Download Malwarebytes from the following link and save it to your desktop.:

 

 

http://www.malwarebytes.org/mbam.php 

 

Double Click mbam-setup.exe to install the application.


Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Share this post


Link to post
Share on other sites

Still can NOT install MalwareBytes..

 

Here is the 'fixlog':

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-10-2013 01
Ran by Annette at 2013-10-26 13:18:24 Run:1
Running from C:\Users\Ray\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKCU\...\Run: [Wisdom-soft ScreenHunter 6.0 Free] - 0
MountPoints2: {03662bf7-acc8-11e2-99b8-88ae1d4cf0fb} - F:\TL_Bootstrap.exe
MountPoints2: {f8c45d30-33f1-11e3-a644-88ae1d4cf0fb} - F:\SETUP.EXE
C:\Users\Annette\AppData\Roaming\Camdata.ini
C:\Users\Annette\AppData\Roaming\CamLayout.ini
C:\Users\Annette\AppData\Roaming\CamShapes.ini
End



*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Wisdom-soft ScreenHunter 6.0 Free => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03662bf7-acc8-11e2-99b8-88ae1d4cf0fb} => Key deleted successfully.
HKCR\CLSID\{03662bf7-acc8-11e2-99b8-88ae1d4cf0fb} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8c45d30-33f1-11e3-a644-88ae1d4cf0fb} => Key deleted successfully.
HKCR\CLSID\{f8c45d30-33f1-11e3-a644-88ae1d4cf0fb} => Key not found.
C:\Users\Annette\AppData\Roaming\Camdata.ini => Moved successfully.
C:\Users\Annette\AppData\Roaming\CamLayout.ini => Moved successfully.
C:\Users\Annette\AppData\Roaming\CamShapes.ini => Moved successfully.

==== End of Fixlog ====

Share this post


Link to post
Share on other sites

1.Download Malwarebytes Anti-Rootkit from this link:

 

 http://www.malwarebytes.org/products/mbar/

 

2. Unzip the File to a convenient location. (Recommend the Desktop)

3. Open the folder where the contents were unzipped to run mbar.exe

 

Image1.png

 

4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

 

mbarwm.png

 

5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

 

6. The following image opens, select Next.

 

Image2.png

 

7. The following image opens, select Update

 

Image3.png

 

8. When the update completes select Next.

 

Image4.png

 

9. In the following window ensure "Targets" are ticked. Then select "Scan"

 

Image5.png

 

10. If an infection is found select the "Cleanup Button" to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed.

 

MBAntiRKcleanA.png

 

11. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click "Cleanup Button" once more and repeat the process.

12. If no threats were found you will see the following image, Select Exit:

 

Image6.png

 

13. Verify that your system is now running normally, making sure that the following items are functional:

 


  •      
  • Internet access
         
  • Windows Update
         
  • Windows Firewall

 

14.  If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included within Malwarebytes Anti-Rootkit folder.

 

15. Select "Y" from your Keyboard, tap Enter.

 

16. The fix will be applied, select any key to Exit.

 

17. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder:

 

System - log

Mbar - log   Date and time of scan will also be shown

 

Thanks,

 

Kevin...

Share this post


Link to post
Share on other sites

No threats found..but still can't install the basic Malwarebytes software..

 

following video shows the install process...

 

 

As of right now, I'm not seeing the high CPU usage I was the other night..when it was up over 90%...not having any other issues, so I guess the laptop is fine for now...unless there's another suggestion you can think of as to why Malwarebytes is not installing...Avast isnt' even catching it, so I can't assume it's related to that!

 

 

mbar-log-2013-10-26 (17-47-46).txt

system-log.txt

Share this post


Link to post
Share on other sites

Please download Portable Windows Repair (all in one) from one of the following:

http://www.tweaking.com/content/page/windows_repair_all_in_one.html
http://www.majorgeeks.com/Tweaking.com_-_Windows_Repair_Portable_d7222.html
http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/

Unzip the contents into a newly created folder on your desktop.

Open the folder, run the tool by right click on Repair_Windows (icon with red briefcase) select "Run as Administrator"


Tweak1_zps10f67b3e.jpg


From the main GUI do the following:


Select Tab 4 and Create System Restore Point


Tweak4_zps98ef6707.jpg


Select Repairs tab => Click the Start


Tweak5_zps71b85f1c.jpg


The repairs window will open, Check the boxes as indicated, also the "Restart" options, the select Start...


Tweak6_zpsd6411a53.jpg


DON'T use the computer while each scan is in progress.

Post the log, to access select "settings" tab > "open log folder" tab

 

Try Malwarebytes again after completion...

Share this post


Link to post
Share on other sites

Regarding 'settings' > "Log file"....

 

There's 20 files listed...which one you want?

 

 

 

 

Please download Portable Windows Repair (all in one) from one of the following:

http://www.tweaking.com/content/page/windows_repair_all_in_one.html
http://www.majorgeeks.com/Tweaking.com_-_Windows_Repair_Portable_d7222.html
http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/

Unzip the contents into a newly created folder on your desktop.

Open the folder, run the tool by right click on Repair_Windows (icon with red briefcase) select "Run as Administrator"


Tweak1_zps10f67b3e.jpg


From the main GUI do the following:


Select Tab 4 and Create System Restore Point


Tweak4_zps98ef6707.jpg


Select Repairs tab => Click the Start


Tweak5_zps71b85f1c.jpg


The repairs window will open, Check the boxes as indicated, also the "Restart" options, the select Start...


Tweak6_zpsd6411a53.jpg


DON'T use the computer while each scan is in progress.

Post the log, to access select "settings" tab > "open log folder" tab

 

Try Malwarebytes again after completion...

 

 

 

post-147321-0-78090000-1382905461_thumb.

Share this post


Link to post
Share on other sites

Here you go:

PS: Installing MalwareBytes still doesn't go all the way through...just like the video above! :D

 

 

 

 

Starting Repairs...
   Start (10/27/2013 12:34:17 PM)

01 - Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (10/27/2013 12:34:17 PM)
   Running Repair Under Current User Account
   Done (10/27/2013 12:34:35 PM)

01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (10/27/2013 12:34:35 PM)
   Running Repair Under System Account
   Done (10/27/2013 12:36:47 PM)

01 - Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (10/27/2013 12:36:47 PM)
   Running Repair Under System Account
   Done (10/27/2013 12:38:04 PM)

02 - Reset File Permissions 01/09
   C:\AdwCleaner & Sub Folders
   Start (10/27/2013 12:38:04 PM)
   Running Repair Under System Account
   Done (10/27/2013 12:38:06 PM)

02 - Reset File Permissions 02/09
   C:\FRST & Sub Folders
   Start (10/27/2013 12:38:06 PM)
   Running Repair Under System Account
   Done (10/27/2013 12:38:09 PM)

02 - Reset File Permissions 03/09
   C:\MSOCache & Sub Folders
   Start (10/27/2013 12:38:09 PM)
   Running Repair Under System Account
   Done (10/27/2013 12:38:13 PM)

02 - Reset File Permissions 04/09
   C:\PerfLogs & Sub Folders
   Start (10/27/2013 12:38:13 PM)
   Running Repair Under System Account
   Done (10/27/2013 12:38:16 PM)

02 - Reset File Permissions 05/09
   C:\Program Files & Sub Folders
   Start (10/27/2013 12:38:16 PM)
   Running Repair Under System Account
   Done (10/27/2013 12:38:49 PM)

02 - Reset File Permissions 06/09
   C:\Program Files (x86) & Sub Folders
   Start (10/27/2013 12:38:49 PM)
   Running Repair Under System Account
   Done (10/27/2013 12:40:14 PM)

02 - Reset File Permissions 07/09
   C:\ProgramData & Sub Folders
   Start (10/27/2013 12:40:14 PM)
   Running Repair Under System Account
   Done (10/27/2013 12:40:56 PM)

02 - Reset File Permissions 08/09
   C:\Recovery & Sub Folders
   Start (10/27/2013 12:40:56 PM)
   Running Repair Under System Account
   Done (10/27/2013 12:40:58 PM)

02 - Reset File Permissions 09/09
   C:\Windows & Sub Folders
   Start (10/27/2013 12:40:58 PM)
   Running Repair Under System Account
   Done (10/27/2013 12:46:36 PM)

02 - Reset File Permissions: Cleanup
    & Sub Folders
   Start (10/27/2013 12:46:36 PM)
   Running Repair Under System Account
Processing ACL of: <\\?\C:\Documents and Settings>

SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Application Data>

SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Desktop>

SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Documents>

SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Favorites>

SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Start Menu>

SetACL finished successfully.
Processing ACL of: <\\?\C:\ProgramData\Templates>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Application Data>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Desktop>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Documents>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Favorites>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Start Menu>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\All Users\Templates>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default User>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Application Data>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Cookies>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Local Settings>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\My Documents>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\NetHood>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\PrintHood>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Recent>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\SendTo>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Start Menu>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Templates>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\AppData\Local\Application Data>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\AppData\Local\History>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\AppData\Local\Temporary Internet Files>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Documents\My Music>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Documents\My Pictures>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\Default\Documents\My Videos>

SetACL finished successfully.
Processing ACL of: <\\?\C:\Users\SIXFIVE$\Application Data>
Reading the SD from <\\?\C:\Users\SIXFIVE$\Application Data> failed with: The system cannot find the path specified.


SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the path specified.

Processing ACL of: <\\?\C:\Users\SIXFIVE$\Cookies>
Reading the SD from <\\?\C:\Users\SIXFIVE$\Cookies> failed with: The system cannot find the path specified.


SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the path specified.

Processing ACL of: <\\?\C:\Users\SIXFIVE$\Local Settings>
Reading the SD from <\\?\C:\Users\SIXFIVE$\Local Settings> failed with: The system cannot find the path specified.


SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the path specified.

Processing ACL of: <\\?\C:\Users\SIXFIVE$\My Documents>
Reading the SD from <\\?\C:\Users\SIXFIVE$\My Documents> failed with: The system cannot find the path specified.


SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the path specified.

Processing ACL of: <\\?\C:\Users\SIXFIVE$\NetHood>
Reading the SD from <\\?\C:\Users\SIXFIVE$\NetHood> failed with: The system cannot find the path specified.


SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the path specified.

Processing ACL of: <\\?\C:\Users\SIXFIVE$\PrintHood>
Reading the SD from <\\?\C:\Users\SIXFIVE$\PrintHood> failed with: The system cannot find the path specified.


SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the path specified.

Processing ACL of: <\\?\C:\Users\SIXFIVE$\Recent>
Reading the SD from <\\?\C:\Users\SIXFIVE$\Recent> failed with: The system cannot find the path specified.


SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the path specified.

Processing ACL of: <\\?\C:\Users\SIXFIVE$\SendTo>
Reading the SD from <\\?\C:\Users\SIXFIVE$\SendTo> failed with: The system cannot find the path specified.


SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the path specified.

Processing ACL of: <\\?\C:\Users\SIXFIVE$\Start Menu>
Reading the SD from <\\?\C:\Users\SIXFIVE$\Start Menu> failed with: The system cannot find the path specified.


SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the path specified.

Processing ACL of: <\\?\C:\Users\SIXFIVE$\Templates>
Reading the SD from <\\?\C:\Users\SIXFIVE$\Templates> failed with: The system cannot find the path specified.


SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the path specified.

Processing ACL of: <\\?\C:\Users\SIXFIVE$\AppData\Local\Application Data>
Reading the SD from <\\?\C:\Users\SIXFIVE$\AppData\Local\Application Data> failed with: The system cannot find the path specified.


SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the path specified.

Processing ACL of: <\\?\C:\Users\SIXFIVE$\AppData\Local\History>
Reading the SD from <\\?\C:\Users\SIXFIVE$\AppData\Local\History> failed with: The system cannot find the path specified.


SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the path specified.

Processing ACL of: <\\?\C:\Users\SIXFIVE$\AppData\Local\Temporary Internet Files>
Reading the SD from <\\?\C:\Users\SIXFIVE$\AppData\Local\Temporary Internet Files> failed with: The system cannot find the path specified.


SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the path specified.

Processing ACL of: <\\?\C:\Users\SIXFIVE$\Documents\My Music>
Reading the SD from <\\?\C:\Users\SIXFIVE$\Documents\My Music> failed with: The system cannot find the path specified.


SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the path specified.

Processing ACL of: <\\?\C:\Users\SIXFIVE$\Documents\My Pictures>
Reading the SD from <\\?\C:\Users\SIXFIVE$\Documents\My Pictures> failed with: The system cannot find the path specified.


SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the path specified.

Processing ACL of: <\\?\C:\Users\SIXFIVE$\Documents\My Videos>
Reading the SD from <\\?\C:\Users\SIXFIVE$\Documents\My Videos> failed with: The system cannot find the path specified.


SetACL finished with error(s):
SetACL error message: The call to GetNamedSecurityInfo () failed
Operating system error message: The system cannot find the path specified.

   Done (10/27/2013 12:46:43 PM)

03 - Register System Files
   Start (10/27/2013 12:46:43 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2013 12:47:29 PM)

04 - Repair WMI
   Start (10/27/2013 12:47:29 PM)
   Running Repair Under Current User Account
   Done (10/27/2013 12:51:44 PM)

05 - Repair Windows Firewall
   Start (10/27/2013 12:51:44 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2013 12:52:22 PM)

06 - Repair Internet Explorer
   Start (10/27/2013 12:52:22 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2013 12:53:07 PM)

07 - Repair MDAC/MS Jet
   Start (10/27/2013 12:53:07 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2013 12:53:27 PM)

08 - Repair Hosts File
   Start (10/27/2013 12:53:27 PM)
   Running Repair Under System Account
   Done (10/27/2013 12:53:29 PM)

09 - Remove Policies Set By Infections
   Start (10/27/2013 12:53:29 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2013 12:53:34 PM)

11 - Repair Icons
   Start (10/27/2013 12:53:34 PM)
   Running Repair Under System Account
   Done (10/27/2013 12:53:36 PM)

12 - Repair Winsock & DNS Cache
   Start (10/27/2013 12:53:36 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2013 12:53:55 PM)

14 - Repair Proxy Settings
   Start (10/27/2013 12:53:55 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2013 12:54:00 PM)

16 - Repair Windows Updates
   Start (10/27/2013 12:54:00 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2013 12:54:34 PM)

17 - Repair CD/DVD Missing/Not Working
   Start (10/27/2013 12:54:34 PM)
   Done (10/27/2013 12:54:34 PM)

18 - Repair Volume Shadow Copy Service
   Start (10/27/2013 12:54:34 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2013 12:54:47 PM)

20 - Repair MSI (Windows Installer)
   Start (10/27/2013 12:54:47 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2013 12:55:00 PM)

22.01 - Repair bat Association
   Start (10/27/2013 12:55:00 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2013 12:55:05 PM)

22.02 - Repair cmd Association
   Start (10/27/2013 12:55:05 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2013 12:55:10 PM)

22.03 - Repair com Association
   Start (10/27/2013 12:55:10 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2013 12:55:14 PM)

22.04 - Repair Directory Association
   Start (10/27/2013 12:55:14 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2013 12:55:19 PM)

22.05 - Repair Drive Association
   Start (10/27/2013 12:55:19 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2013 12:55:24 PM)

22.06 - Repair exe Association
   Start (10/27/2013 12:55:24 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2013 12:55:29 PM)

22.07 - Repair Folder Association
   Start (10/27/2013 12:55:29 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2013 12:55:33 PM)

22.08 - Repair inf Association
   Start (10/27/2013 12:55:33 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2013 12:55:38 PM)

22.09 - Repair lnk (Shortcuts) Association
   Start (10/27/2013 12:55:38 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2013 12:55:43 PM)

22.10 - Repair msc Association
   Start (10/27/2013 12:55:43 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2013 12:55:47 PM)

22.11 - Repair reg Association
   Start (10/27/2013 12:55:48 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2013 12:55:52 PM)

22.12 - Repair scr Association
   Start (10/27/2013 12:55:52 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2013 12:55:57 PM)

23 - Repair Windows Safe Mode
   Start (10/27/2013 12:55:57 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2013 12:56:02 PM)

24 - Repair Print Spooler
   Start (10/27/2013 12:56:02 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2013 12:56:19 PM)

25 - Restore Important Windows Services
   Start (10/27/2013 12:56:19 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2013 12:56:28 PM)

26 - Set Windows Services To Default Startup
   Start (10/27/2013 12:56:28 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/27/2013 12:56:41 PM)

Cleaning up empty logs...

All Selected Repairs Done.
   Done (10/27/2013 12:56:41 PM)
   Total Repair Time: 00:22:24


...YOU MUST RESTART YOUR SYSTEM...
   Running Repair Under Current User Account
 

Share this post


Link to post
Share on other sites

Finally got Malwarebytes installed...and after an hour waiting for the 'scan' to complete....MB came back with a few entries being found...used the "Remove" option and this is what was spitted out after it was done:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.27.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Annette :: SIXFIVE [administrator]

10/27/2013 2:10:14 PM
mbam-log-2013-10-27 (14-10-14).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 373442
Time elapsed: 1 hour(s), 2 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCB24E92-62C4-4C53-95D2-65F9EED476BC} (PUP.Optional.VMNToolBar.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3C5B1EF0-AB72-F9FB-CC26-F54BB5DCB26F} (PUP.Optional.Tarma.A) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\$Recycle.Bin\S-1-5-21-1487196741-4284413883-682844012-1000\$R4F7OEB.exe (PUP.Optional.InstallIQ) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-1487196741-4284413883-682844012-1000\$R4RLNUK.exe (PUP.Optional.InstallIQ) -> No action taken.
C:\ProgramData\InstallMate\{6526E141-3880-48BC-AA57-70A2BEC5C3B7}\Setup.exe (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\InstallMate\{6526E141-3880-48BC-AA57-70A2BEC5C3B7}\TsuDll.dll (PUP.Optional.Tarma.A) -> No action taken.
C:\Users\Annette\Downloads\FreemakeVideoConverterSetup.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Annette\Downloads\SoftonicDownloader_for_my-video-converter.exe (PUP.Optional.Softonic) -> No action taken.
C:\Users\Ray\Downloads\Setup.exe (PUP.Optional.iBryte) -> No action taken.

(end)
 

 

As far as I can see on my end, all seems to be OK for the time being!

 

Thanks KevinF80 for all the help....this place ROCKS!...

Share this post


Link to post
Share on other sites

Run the following;

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Share this post


Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.74  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 45  
 Java version out of Date!
 Adobe Flash Player 11.9.900.117  
 Adobe Reader XI  
 Mozilla Firefox (24.0)
 Mozilla Thunderbird (24.0.1)
 Google Chrome 30.0.1599.101  
 Google Chrome 30.0.1599.69  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````
 

Share this post


Link to post
Share on other sites

Avast requires on access protection turning on, The alert for Java is incorrect, you have the latest version.

 

Next,

 

We need to remove FRST, first it is very important to deal with its Quarantine folder using FRST itself..

OK, we continue:

Delete any fixlist.txt file previously used, continue:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful. 

 

Next,

 

Uninstall adwcleaner.exe

  •   Please close all open programs and internet browsers.
  •   Double click on adwcleaner.exe to run the tool.
  •   Click on Uninstall
  • Click Yes at Would you like to Uninstall Adwcleaner

 

Next,

 

  • Download OTC by OldTimer from here http://oldtimer.geekstogo.com/OTC.exe or here http://www.itxassociates.com/OT-Tools/OTC.exe and save to your Desktop.
  • Double click OTC_Icon.jpg icon to start the program.
    If you are using Vista or Windows 7 accept UAC
  • Then Click the big CleanUp.jpg button.
  • You will get a prompt saying "Begining Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
  • This will remove tools we have used and itself.

 

Next,

 

Create a new restore point:

 

   1. Right-click on Computer and go to Properties.

   2. Next click on the System Protection link.

   3. The System Properties dialog screen opens up and you will want to click on Create.

   4. Type in a description for the restore point which will help you remember the point at which it was created. Click on create.

   5. You should see the message "The restore point was created successfully

 

To remove all but the most recent restore point do the following:

 

   1.      Open Disk Cleanup by clicking the Start button 4f6cbd09-148c-4dd8-b1f2-48f232a2fd33.jpg. In the search box, type Disk Cleanup, and then, in the list of results, click Disk Cleanup.

   2.      If prompted, select the drive that you want to clean up, and then click OK.

   3.      In the Disk Cleanup for (usually C:\) dialog box, click Clean up system files. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

   4.      If prompted, select the drive that you want to clean up, and then click OK.

   5.      Click the More Options tab, under System Restore and Shadow Copies, click Clean up.

   6.      In the Disk Cleanup dialog box, click Delete.

   7.      Click Delete Files, and then click OK. Re-Boot your PC.

 

Let me know if those steps complete ok, also if any remaining issues or concerns...

 

Kevin

 

 

 

 

 

 

 

 

   

 

 

 

 

fixlist.txt

Share this post


Link to post
Share on other sites

Followed all the steps...everything seems to be ok...though, not all the software I've installed in this thread was removed...but I'm sure a simple uninstall will suffice...unless otherwise stated? ;)

Share this post


Link to post
Share on other sites

What have you installed. Most tools and logs just need deleting, such as :-

 

RogueKiller and  folder RK_Quarantine

MBAR

Security Checks

Portable windows repair

DDS...

 

If all is ok with no issues here are some tips to reduce the potential for malware infection in the future:

 

Make proper use of your antivirus and firewall

 

Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

 

You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

 

Install and use WinPatrol from here http://www.winpatrol.com/download.html  This will inform you of any attempted unauthorized changes to your system.

 

WinPatrol features explained here http://www.winpatrol.com/features.html

 

Go here http://www.filehippo.com/updatechecker/ run the FileHippo Update Checker, update all applications as suggested by the Update Checker. Ignore any Beta updates. (Use stand alone version, not a full install)

If Java or Adobe are updated please check under Start > Control Panel > Add/Remove Programs, ensure any old versions are removed. <--- Very important

 

Use a safer web browser

 

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

 

FireFox http://www.mozilla.com/en-US/,

 

Opera http://www.opera.com/, and

 

Chrome http://www.google.com/chrome.

 

All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here http://www.bleepingcomputer.com/tutorials/tutorial102.html which will help you to make IE MUCH safer.

 

These browser add-ons will help to make your browser safer:

 

Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

 

Available for Firefox and Internet Explorer.

 

Green to go,

Yellow for caution, and

Red to stop.

 

 

Available for Firefox only. NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

 

These are just a couple of the most popular add-ons, if you're interested in more, take a look at this article:

http://browsers.about.com/od/addonsplugi2/tp/browser_security_privacy.htm

 

Here a couple of links by two security experts that will give some excellent tips and advice.

 

So how did I get infected in the first place by Tony Klein from here: http://www.spywareinfoforum.com/index.php?/topic/60955-so-how-did-i-get-infected-in-the-first-place/

 

How to prevent Malware by Miekiemoes from here: http://users.telenet.be/bluepatchy/miekiemoes/prevention.html

 

Finally this link http://www.geekstogo.com/forum/topic/38-free-antivirus-and-antispyware-software will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

 

Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

 

Let me know when its OK to close out your thread....

 

Take care,

 

Kevin

Share this post


Link to post
Share on other sites

You were right...I just deleted the folders regarding all the software you've had me install regarding this issue..

 

I've done what you said and just deleted the folders and what not..

 

Currently use Firefox, so I'll focus on the related tools/apps for keeping my online surfing 'safer'..

 

Much appreciate all the help!

 

Feel free to close this out now!

Share this post


Link to post
Share on other sites

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.