Jump to content

Sent here by Previous Support Agent.Says I have Infection.


Recommended Posts

Posted Today, 11:52 AM

rayny2e4034 ---

Never mind on the rest of the logs, after review what you have already posted, it seems you are either infected or have leftovers from a previous infection. You have failing services that are not loading and are required in order for Malwarebytes to function correctly. You will need to get help from our experts to get this resolved. But have no fear, its all done for free, you just have to do it at a different section of the forum. To do so please follow my instructions below.... (basically you will post all the requested logs I was asking for here in the other section)

Being that you are probably infected, feel free to follow the instructions below to receive free, one-on-one expert assistance in checking your system and clearing out any infections and correcting any damage done by the malware.

Please see the following pinned topic which has information on how to get help with this: Available Assistance for Possibly Infected Computers

Thank you

Link to post
Share on other sites

Welcome to the forum.

First thing:

Please disable Windows Defender, you have Avira running and having two anti-virus programs running on a system only causes poor performance, conflicts and spotty protection.

How to Disable Defender

Dangers of running 2 anti-virus programs

Then please uninstall Zynga Toolbar from your add/remove programs.

Then............

Please run a Quick Scan with Malwarebytes like this and post the log:
Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.
Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.
Make sure that everything is checked, and click Remove Selected.

If you're using Malwarebytes 2.0, please run a Threat Scan

---------------------

Then........

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:



1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
Failure to remove such software will result in your topic being closed and no further assistance being provided.


MrC


Note:
Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly


Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive


<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.


<+>The removal of malware isn't instantaneous, please be patient.


<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs


<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.


------->Your topic will be closed if you haven't replied within 3 days!<--------
(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

When i TRY to do a Scan using THREAT SCAN, It only gets to a certain point and stops! I Rebooted and tried again with the same exact Results. Here is where it Stops.

C:\PROGRAMFILES(x86)\InternetExplorer\plugins\npqtplugin2.dll 

 

I Had no trouble with your Previous Version and now i've spent all day Trying to get your Version 2.0 to work to no avail :(   I'm seeing other users with the same ORIGINAL concern i have. Not allowing website protection to be turned on.  I'm VERY Tired and VERY Unhappy right now! :(  Can i Revert BACK to the Previous Version until your company can sort this issue out..???? PLEASE HELP!! :(

Link to post
Share on other sites

First, it's not my program...I'm not part of the Malwarebytes Company
Like it says in my signature:
I volunteer my free time to help you

------------------------------------------------------

If you want to uninstall 2.0 and go back to 1.75

I zipped it up and attached it.

---------------------------------------------------------

Please do this.

Start with this: (make sure you have created a new system restore point)

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then if you installed the old version.......


Please run a Quick Scan with Malwarebytes like this:
Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.
Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.
Make sure that everything is checked, and click Remove Selected.

Let me know....MrC

Link to post
Share on other sites

Good Morning MrCharlie. First i have to apologize to you for mistakenly thinking you were with the Company of this software. I am sorry i didn't realize that and i want to thank you very much for giving your time trying to help me and others with these issues that surfaced right after the upgrade to version 2.0   I See you sent me the older version butt i have no program or knowledge on how to unzip it? My computer just says it can't open the file and i need to look for software to do this? Can you possibly help me with that, or maybe send the old version as an exe file or even a link to the old version? I Guess i have to un-install 2.0 first, THEN re-install the old version. Won't i lose my registration information by doing that???  I will do my best to try to follow along with your instructions again today and hope to get my computer working properly. I wonder how i got infected since i always had the paid version of Malwarebytes running? I Better get started by reading the instructions you sent over night for further cleaning. You didn't comment on the Rogue File Cleaner log i sent soo i don't know what to do about that one? Thank you again for your patience and you help.

Link to post
Share on other sites

Thank you. I Ran that Cleaner as you said and removed all that was found. I Just re-booted. I Still see the original concern of Malwarebytes protection Disabled and it is the same as when i started. FIX NOW doesn't help or Trying to manually Set website protection ON doesn't work. It immediatley jumps right back to Protection Off. In your opinion,do you feel i still have an infection issue even now, after all this cleaning? I was reading on a Forum while waiting for your reply and lots of people having issues with this update. I'm not sure where to go from here?? :(  Do you think reverting back to the previous Version will solve what is wrong? I am not even sure how to completely un-install malwarebytes? I think there might be a software tool for this but i'm not sure?? I do have (i think) my original License Key info here somewhere. I Hope it is correct or if not, can you help me get it replaced since you know i have version 2.0  licensed?  I Just don't know iff something is still truly wrong with my computer, OR iff perhaps the new version is giving me these problems? :(   I don't know if spending another day trying stuff will get version 2.0 working or not?? I'll await your reply. Thank you again.

AdwCleanerR0.txt

Link to post
Share on other sites

Thanks for your fast reply. I'm sitting right here for you. Yes, i always had the Paid Version of Malwarebytes here and that's why i'm  upset to be infected. I Found my ID and License Key. I did not un-install the program ever. I Upgraded from 1.75 without un-installing. What do i do now about being infected? :( Should i Un-install 2.0 ???  I'm getting a bit nervous now. :(

Link to post
Share on other sites

As long as you have your id and key, lets do this:

Uninstall 2.0

Download and run mbam-clean-2.0.2.0.exe (attached) REBOOT

Install 1.75 (attached in the other post)

Update the data base and run it like this:

Please run a Quick Scan with Malwarebytes like this:
Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.
Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.
Make sure that everything is checked, and click Remove Selected.

MrC

Link to post
Share on other sites

We just have to keep looking, we're not done yet....be patient.

Run these: (ComboFix and TDSSKiller)

Make sure you have created that system restore point before you continue!

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Please download the latest version of TDSSKiller from HERE and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. (Leave the KSN box checked)

    image000q.png

  • Put a checkmark beside loaded modules.

    2012081514h0118.png

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    clip.jpg

  • Click the Start Scan button.

    19695967.jpg

  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    67776163.jpg

    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

    If in doubt about an entry....please ask or choose Skip

  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    62117367.jpg

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

Then...........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

http://www.bleepingcomputer.com/download/combofix/dl/12/ <---ComboFix direct download

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

My instructions for ComboFix says to disable your anti-virus programs and as you can see they're both running????

The first thing I told you was to disable Defender and that's still running:

https://forums.malwarebytes.org/index.php?showtopic=145004&p=808628

You also have SUPERAntiSpyware on the system and running.

Disable Windows Defender and uninstall SuperAnti-Spyware.

How to Disable Defender

http://www.superantispyware.com/supportfaqdisplay.html?faq=47 <---uninstall SAS

---------------------------------------------------------------------------------------------------

Can you have a look in these 2 folders, let me know what's in them if anything and do you recognize them:

c:\users\Ray\AppData\Roaming\1319

c:\users\Ray\AppData\Roaming\26264

 

You may have to enable hidden files to see them:

http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/  

MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.