marieke Posted March 17, 2014 ID:804209 Share Posted March 17, 2014 Hi everyone, I really need help. A few weeks ago I noticed that I got referred to random websites so I downloaded Malwarebytes. It found 35 invested data. I was horrified and deleted the ones that I assumed were useless. I still have 25 left though that are in some registry keys. I am worried that if I delete them WIndows wont start up anymore. Can anyone help? Do I need to reinstall windows? I d really prefer not to. Many thanks already - here is the last log. Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2014.03.10.04 Windows 7 Service Pack 1 x86 NTFSInternet Explorer 11.0.9600.16521 [administrator] 16.03.2014 20:33:03MBAM-log-2014-03-16 (21-58-01).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 224653Time elapsed: 13 minute(s), 57 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 16HKCR\AppID\{562B9316-C08A-444A-9482-62080DD851AE} (PUP.Optional.SpeedAnalysis3.A) -> No action taken.HKCR\Speed Test 127.BackgroundHostObject (PUP.Optional.SpeedTest.A) -> No action taken.HKCR\Speed Test 127.BackgroundHostObject.1 (PUP.Optional.SpeedTest.A) -> No action taken.HKCR\Speed Test 127.Navbar (PUP.Optional.SpeedTest.A) -> No action taken.HKCR\Speed Test 127.Navbar.1 (PUP.Optional.SpeedTest.A) -> No action taken.HKCR\Speed Test 127.ScriptHostObject (PUP.Optional.SpeedTest.A) -> No action taken.HKCR\Speed Test 127.ScriptHostObject.1 (PUP.Optional.SpeedTest.A) -> No action taken.HKCR\Speed Test 127.Tool (PUP.Optional.SpeedTest.A) -> No action taken.HKCR\Speed Test 127.Tool.1 (PUP.Optional.SpeedTest.A) -> No action taken.HKLM\SOFTWARE\Google\Chrome\Extensions\jljheddigenhleadfofeccneimcmlefp (PUP.Optional.SpeedTest.A) -> No action taken.HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc (PUP.Optional.ConduitSearchProtect) -> No action taken.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} (PUP.Optional.SpeedTest.A) -> No action taken.HKCR\CLSID\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} (PUP.Optional.SpeedTest.A) -> No action taken.HKCR\TypeLib\{F2F1AE7C-149B-46D3-9498-12572C7AFE11} (PUP.Optional.SpeedTest.A) -> No action taken.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} (PUP.Optional.SpeedTest.A) -> No action taken.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} (PUP.Optional.SpeedTest.A) -> No action taken. Registry Values Detected: 1HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive (PUP.Optional.NextLive.A) -> Data: C:\windows\system32\rundll32.exe "C:\Users\Sylvia Dawson\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> No action taken. Registry Data Items Detected: 1HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit.A) -> Bad: (http://search.conduit.com/?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPF331D456-79B9-48F9-8067-C315ED760813&SSPV=) Good: (http://www.google.com) -> No action taken. Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end) Link to post Share on other sites More sharing options...
Psychotic Posted March 17, 2014 ID:804213 Share Posted March 17, 2014 Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding. You told us that you removed several items with Malwarebytes´ Antimalware. This tool creates a log on every run and we need to see them.The logs can be found here:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt Zip any and all of these logs and attach the file to your next reply. Scan with FRST in normal modePlease download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)Run FRST. Don´t change one of the checkboxes and hit Scan. Logfiles are created on your desktop. Poste the FRST.txt and (after the first scan only!) the Addition.txt. Scan with TDSS-KillerPlease read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.Download TDSSKiller.zip and extract to your desktopExecute TDSSKiller.exe by doubleclicking on it. Press Start ScanIf Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txtPlease post the contents of that log in your next reply. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 19, 2014 Root Admin ID:805212 Share Posted March 19, 2014 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 21, 2014 Root Admin ID:805678 Share Posted March 21, 2014 Topic reopened per request Link to post Share on other sites More sharing options...
marieke Posted March 24, 2014 Author ID:807017 Share Posted March 24, 2014 Thanks for reopening! I will add the log later today Link to post Share on other sites More sharing options...
Psychotic Posted March 24, 2014 ID:807220 Share Posted March 24, 2014 ok Link to post Share on other sites More sharing options...
marieke Posted March 25, 2014 Author ID:807833 Share Posted March 25, 2014 hier sind sie.. here they are mbam-log-2014-02-25 (23-50-42).txtmbam-log-2014-03-16 (19-59-00).txt Link to post Share on other sites More sharing options...
Psychotic Posted March 25, 2014 ID:807847 Share Posted March 25, 2014 Scan with FRST in normal modePlease download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)Run FRST. Don´t change one of the checkboxes and hit Scan. Logfiles are created on your desktop. Poste the FRST.txt and (after the first scan only!) the Addition.txt. Scan with TDSS-KillerPlease read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.Download TDSSKiller.zip and extract to your desktopExecute TDSSKiller.exe by doubleclicking on it. Press Start ScanIf Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txtPlease post the contents of that log in your next reply. Link to post Share on other sites More sharing options...
marieke Posted March 26, 2014 Author ID:808573 Share Posted March 26, 2014 HiI downloaded FRST and scanned the computer. 29 issues were found. I havent deleted these yet, waiting for instructions. However, it didnt create log files (addition and frst) anywhere. I couldnt find them, so I exported the log. Please find it attached in xml format. Also downloaded TSS and scanned computer. 0 Threads were found.Awaiting instructions. - Can I delete all the files found by FRST? And why did one find so many and the other one none? Thanks so much for your help. Marieke log.xml Link to post Share on other sites More sharing options...
Psychotic Posted March 26, 2014 ID:808575 Share Posted March 26, 2014 Ich weiß nicht, WAS du runtergeladen und gestartet hast, aber ganz bestimmt nicht FRST.Nimm den Link aus meiner letzten Antwort. Link to post Share on other sites More sharing options...
marieke Posted March 26, 2014 Author ID:808576 Share Posted March 26, 2014 Ich hab den link genommen! Link to post Share on other sites More sharing options...
marieke Posted March 26, 2014 Author ID:808577 Share Posted March 26, 2014 32 bit version Link to post Share on other sites More sharing options...
Psychotic Posted March 26, 2014 ID:808581 Share Posted March 26, 2014 WinZip Malware Protector© 2013 WinZip International Das ist nicht FRST. FRST löscht auch nicht sondern erstellt lediglich log files. Link to post Share on other sites More sharing options...
marieke Posted March 26, 2014 Author ID:808584 Share Posted March 26, 2014 ja komisch. Weiss nicht wo das her kommt. soll ichs wieder runter werfen? oder nutzen um die infizierten daten zu loeschen? hier ist rest log und addition log.FRST.txtAddition.txt Link to post Share on other sites More sharing options...
marieke Posted March 26, 2014 Author ID:808587 Share Posted March 26, 2014 ich hoffe es ist ncihts schlimmes Link to post Share on other sites More sharing options...
Psychotic Posted March 27, 2014 ID:808945 Share Posted March 27, 2014 Fix with FRST (normal mode)WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Download the attached fixlist.txt and save it to the location where FRST is saved to.Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply. Full System Scan with Malwarebytes Antimalware If not existing, please download Malwarebytes Anti-Malware to your desktop.Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.At the end, be sure a checkmark is placed next to the following:Launch Malwarebytes Anti-MalwareA 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.Click Finish.If the program is already installed:Run Malwarebytes AntimalwareOn the Dashboard, click the 'Update Now >>' linkAfter the update completes, click the 'Scan Now >>' button.Or, on the Dashboard, click the Scan Now >> button.If an update is available, click the Update Now button.A Threat Scan will begin.When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.In most cases, a restart will be required.Wait for the prompt to restart the computer to appear, then click on Yes.After the restart once you are back at your desktop, open MBAM once more.Click on the History tab > Application Logs.Double click on the scan log which shows the Date and time of the scan just performed.Click 'Copy to Clipboard'Paste the contents of the clipboard into your reply. fixlist.txt Link to post Share on other sites More sharing options...
marieke Posted March 29, 2014 Author ID:810105 Share Posted March 29, 2014 HiAlso habe mit RST gefixt und file angehängt. Dann mit Malware Bytes full system scan gemacht - nichts wurde angezeigt. heisst das es ist jetzt alles wieder ok? würdest du empfehlen windows neu zu installieren oder ist es nicht nötig? Und kann ich wieder sicher online banken? vielen dank marieke Link to post Share on other sites More sharing options...
marieke Posted March 29, 2014 Author ID:810106 Share Posted March 29, 2014 Fixlog.txt Link to post Share on other sites More sharing options...
Psychotic Posted March 31, 2014 ID:810976 Share Posted March 31, 2014 Scan with ESET Online ScanPlease go to here to run the online scannner from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activex control to installClick StartMake sure that the option Remove found threats is unticked Click on Advanced Settings and ensure these options are ticked:Scan for potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth Technology[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic. Link to post Share on other sites More sharing options...
marieke Posted April 3, 2014 Author ID:812606 Share Posted April 3, 2014 5 Threads found eset.txt Link to post Share on other sites More sharing options...
marieke Posted April 3, 2014 Author ID:812608 Share Posted April 3, 2014 C:\Users\Sylvia Dawson\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe a variant of Win32/Mobogenie.A potentially unwanted applicationC:\Users\Sylvia Dawson\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe a variant of Win32/Mobogenie.A potentially unwanted applicationC:\Users\Sylvia Dawson\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe a variant of Win32/Mobogenie.A potentially unwanted applicationC:\Users\Sylvia Dawson\Desktop\wzmp_8.exe a variant of MSIL/AdvancedSystemProtector.A potentially unwanted applicationC:\Users\Sylvia Dawson\Desktop\Adobe CS5.5 Master Collection (PC)\Crack\disable_activation.cmd BAT/HostsChanger.A potentially unsafe application Link to post Share on other sites More sharing options...
Psychotic Posted April 3, 2014 ID:812728 Share Posted April 3, 2014 Fix with FRST (normal mode)WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Download the attached fixlist.txt and save it to the location where FRST is saved to.Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply. Then we can do the cleanup - if you are facing any issues, report that immediately.Delete junk with adwCleanerPlease download AdwCleaner to your desktop. Run adwcleaner.exeHit Scan and wait for the scan to finish.Confirm the message but don´t uncheck anything.Hit CleanWhen the run is finished, it will open up a text filePlease post its contents within your next replyYou´ll find the log file at C:\AdwCleaner[s1].txt alsoDelete junk with JRT Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.SecurityCheckReboot your system before starting!Please download SecurityCheck: LINK1 LINK2Save it to your desktop, start it and follow the instructions in the window.After the scan finished the (checkup.txt) will open. Copy its content to your thread. fixlist.txt Link to post Share on other sites More sharing options...
marieke Posted April 4, 2014 Author ID:813147 Share Posted April 4, 2014 Fixlog.txt starting the cleanup now Link to post Share on other sites More sharing options...
marieke Posted April 4, 2014 Author ID:813150 Share Posted April 4, 2014 Its pending for some reason?! Link to post Share on other sites More sharing options...
marieke Posted April 4, 2014 Author ID:813161 Share Posted April 4, 2014 AdwCleanerS0.txt Link to post Share on other sites More sharing options...
Recommended Posts