Jump to content

Multiple failures - make sure laptop is not infected


Recommended Posts

I did not see the option Remove found threats.  I did restore all items in quarantine.  All items found were on my E data partition.  I look forward to your comments.  Thanks.

 

E:\Lloyd's Stuff\Downloads 0002 Software\Adobe Shockwave Installer v12-0-4-144 2013-10-21\Shockwave_Installer_Slim.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
E:\Lloyd's Stuff\Downloads 0002 Software\Auslogics DiskDefrag v3-4-2-5 2012-04-11\disk-defrag-setup.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
E:\Lloyd's Stuff\Downloads 0002 Software\Avery Wizard v4-0-1-2814 2011-12-09\Avery Wizard 4.0.1.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
E:\Lloyd's Stuff\Downloads 0002 Software\CCleaner v3-15-1643 2012-01-31\ccsetup315.exe    Win32/Bundled.Toolbar.Google.E potentially unsafe application    deleted - quarantined
E:\Lloyd's Stuff\Downloads 0002 Software\CCleaner v3-16-1666 2012-03-25\ccsetup316.exe    Win32/Bundled.Toolbar.Google.E potentially unsafe application    deleted - quarantined
E:\Lloyd's Stuff\Downloads 0002 Software\CCleaner v3-17-1689 2012-04-08\ccsetup317.exe    Win32/Bundled.Toolbar.Google.E potentially unsafe application    deleted - quarantined
E:\Lloyd's Stuff\Downloads 0002 Software\CCleaner v3-18 2012-05-05\ccsetup318.exe    Win32/Bundled.Toolbar.Google.E potentially unsafe application    deleted - quarantined
E:\Lloyd's Stuff\Downloads 0002 Software\CCleaner v3-19 2012-06-08\ccsetup319.exe    Win32/Bundled.Toolbar.Google.E potentially unsafe application    deleted - quarantined
E:\Lloyd's Stuff\Downloads 0002 Software\CCleaner v3-21-1767 2012-08-22\ccsetup321.exe    Win32/Bundled.Toolbar.Google.E potentially unsafe application    deleted - quarantined
E:\Lloyd's Stuff\Downloads 0002 Software\CCleaner v3-25-1872 2012-11-29\ccsetup325.exe    Win32/Bundled.Toolbar.Google.E potentially unsafe application    deleted - quarantined
E:\Lloyd's Stuff\Downloads 0002 Software\CCleaner v3-26-1888 2013-01-15\ccsetup326.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
E:\Lloyd's Stuff\Downloads 0002 Software\CCleaner v4-01-4093 2013-05-03\ccsetup401.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
E:\Lloyd's Stuff\Downloads 0002 Software\CCleaner v4-03-4151 2013-07-05\ccsetup403.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
E:\Lloyd's Stuff\Downloads 0002 Software\CCleaner v4-05-4250 2013-09-07\ccsetup405.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
E:\Lloyd's Stuff\Downloads 0002 Software\CCleaner v4-06-4324 2013-10-21\ccsetup406.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
E:\Lloyd's Stuff\Downloads 0002 Software\CCleaner v4-10-4570 2014-02-01\ccsetup410.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
E:\Lloyd's Stuff\Downloads 0002 Software\CCleaner v4-11-0-4619 2014-03-01\ccsetup411.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
E:\Lloyd's Stuff\Downloads 0002 Software\CCleaner v4-12-4657 2014-04-01\ccsetup412.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
E:\Lloyd's Stuff\Downloads 0002 Software\CCleaner v4-7-0-4369 2013-10-26\ccsetup407.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
E:\Lloyd's Stuff\Downloads 0002 Software\CDBurnerXP v4-4-1-3341 2012-08-22\cdbxp_setup_4.4.1.3341.exe    Win32/OpenCandy potentially unsafe application    deleted - quarantined
E:\Lloyd's Stuff\Downloads 0002 Software\Driver Robot 2009_09_19\DriverRobot_Setup.exe    Win32/Adware.DriverRobot application    cleaned by deleting - quarantined
E:\Lloyd's Stuff\Downloads 0002 Software\DVDVideoSoft FreeVideoFlipAndRotate v2-0-3-412 2012-04-14\FreeVideoFlipAndRotate.exe    Win32/Toolbar.Conduit potentially unwanted application    deleted - quarantined
E:\Lloyd's Stuff\Downloads 0002 Software\Foxit Reader v5-1-3-1201 2011-12-08\FoxitReader513.1201_enu_Setup.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
E:\Lloyd's Stuff\Downloads 0002 Software\Foxit Reader v5-1-4-0104 2012-01-06\FoxitReader514.0104_enu_Setup.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
E:\Lloyd's Stuff\Downloads 0002 Software\Foxit Reader v5-3 2012-06-08\FoxitReader530.0423_enu_Setup.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
E:\Lloyd's Stuff\Downloads 0002 Software\Foxit Reader v5-3-1-606 2012-06-13\FoxitReader531.0606_enu_Setup.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
E:\Lloyd's Stuff\Downloads 0002 Software\Foxit Reader v5-4-2-901 2012-09-06\FoxitReader542.0901_enu_Setup.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
E:\Lloyd's Stuff\Downloads 0002 Software\Foxit Reader v5-4-3-920 2012-11-29\FoxitReader543.0920_enu_Setup.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
E:\Lloyd's Stuff\Downloads 0002 Software\Google Chrome v34 2014-02-14\GoogleChromeDevv34018382.exe    a variant of Win32/OpenInstall potentially unwanted application    deleted - quarantined
E:\Lloyd's Stuff\Downloads 0002 Software\ImgBurn v2-5-1-0 2010-05-07\SetupImgBurn_2.5.1.0.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
E:\Lloyd's Stuff\Downloads 0002 Software\ImgBurn v2-5-5 2011-08-08\SetupImgBurn_2.5.5.0.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
E:\Lloyd's Stuff\Downloads 0002 Software\ImgBurn v2-5-6 2012-01-02\SetupImgBurn_2.5.6.0.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
E:\Lloyd's Stuff\Downloads 0002 Software\ImgBurn v2-5-7 2012-04-08\SetupImgBurn_2.5.7.0.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
E:\Lloyd's Stuff\Downloads 0002 Software\Intel Control Center v1-2-1-1010 2013-07-21\intel-r-control-center.exe    Win32/InstallCore.BL potentially unwanted application    deleted - quarantined
E:\Lloyd's Stuff\Downloads 0002 Software\PhotoFiltre v7-0-0 2012-06-07\pf7-setup-en.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
E:\Lloyd's Stuff\Downloads 0002 Software\PhotoFiltre v7-0-1 2012-08-22\pf7-setup-en.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
E:\Lloyd's Stuff\Downloads 0002 Software\PhotoScape v3-6-2 2012-06-09\PhotoScape_V3.6.2.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
E:\Lloyd's Stuff\Downloads 0002 Software\PicPick v2-3-1 2010-07-05\picpick_inst.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
E:\Lloyd's Stuff\Downloads 0002 Software\PicPick v2-3-2 2010-07-14\picpick_inst.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
E:\Lloyd's Stuff\Downloads 0002 Software\PicPick v2-3-3 2010-07-29\picpick_inst.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
E:\Lloyd's Stuff\Downloads 0002 Software\SIW v3-2011-10-29 2012-03-25\siw-setup.exe    a variant of Win32/RemoteAdmin.RemoteExec.AA potentially unsafe application    deleted - quarantined
E:\Lloyd's Stuff\Downloads 0002 Software\Speccy v1-15-309 2012-01-31\spsetup115.exe    Win32/Bundled.Toolbar.Google.E potentially unsafe application    deleted - quarantined
E:\Lloyd's Stuff\Downloads 0002 Software\Speccy v1-16-317 2012-03-25\spsetup116.exe    Win32/Bundled.Toolbar.Google.E potentially unsafe application    deleted - quarantined
E:\Lloyd's Stuff\Downloads 0002 Software\Speccy v1-17 2012-08-22\spsetup117.exe    Win32/Bundled.Toolbar.Google.E potentially unsafe application    deleted - quarantined
E:\Lloyd's Stuff\Downloads 0002 Software\Speccy v1-19-411 2012-11-29\spsetup119.exe    Win32/Bundled.Toolbar.Google.E potentially unsafe application    deleted - quarantined
E:\Lloyd's Stuff\Downloads 0002 Software\Speccy v1-20-446 2013-01-23\spsetup120.exe    Win32/Bundled.Toolbar.Google.E potentially unsafe application    deleted - quarantined
E:\Lloyd's Stuff\Downloads 0002 Software\Speccy v1-21-491 2013-04-14\spsetup121.exe    Win32/Bundled.Toolbar.Google.E potentially unsafe application    deleted - quarantined
E:\Lloyd's Stuff\Downloads 0002 Software\Speccy v1-25-674 2014-02-19\spsetup125.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
E:\Lloyd's Stuff\Downloads 0002 Software\The KMPlayer v2-9-4-1435 2010-10-31\The_KMPlayer_1435.exe    a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application    deleted - quarantined
E:\Lloyd's Stuff\Downloads 0002 Software\VideoPad VideoEditor vx 2012-07-06\vpsetup.exe    a variant of Win32/Toolbar.Conduit.J potentially unwanted application    deleted - quarantined
 

Link to post
Share on other sites

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.





SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Link to post
Share on other sites

From AdwCleaner:

 

# AdwCleaner v3.023 - Report created 09/04/2014 at 14:30:52
# Updated 01/04/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Lloyd - LLOYD
# Running from : E:\Lloyd's Stuff\Downloads 0002 Software\AdwCleaner 2014-04-09 vx\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
File Deleted : C:\Users\Lloyd\AppData\Roaming\Mozilla\Firefox\Profiles\148proek.default\searchplugins\safeguard-secure-search.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Lloyd\AppData\Roaming\Mozilla\Firefox\Profiles\148proek.default\prefs.js ]

Line Deleted : user_pref("extensions.trusted-ads.ExLst", "{\"u\":{\"v\":\"1.72\",\"d\":\"033114\"},\"h\":{\"pogo.com\":{\"p\":[{\"e\":\"/.*/\",\"r\":[\"/connect\\\\.facebook\\\\.net\\\\/en_US\\\\/all\\\\.js$/i\"]}]}[...]

-\\ Google Chrome v34.0.1847.116

[ File : C:\Users\Lloyd\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2245 octets] - [09/04/2014 14:24:15]
AdwCleaner[s0].txt - [2186 octets] - [09/04/2014 14:30:52]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2246 octets] ##########
 

Link to post
Share on other sites

JRT.txt

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by Lloyd on Wed 04/09/2014 at 14:50:40.47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\adtrustmedia"



~~~ FireFox

Successfully deleted the following from C:\Users\Lloyd\AppData\Roaming\mozilla\firefox\profiles\148proek.default\prefs.js

user_pref("extensions.trusted-ads.TrustAd", "{\"r\":[{\"t\":\"FQDN\",\"r\":\"trustedads.adtrustmedia.com\",\"c\":[{\"i\":\"1\",\"s\":[\"display.clickpoint.com\",\"www.africawi



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 04/09/2014 at 15:42:27.20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Link to post
Share on other sites

SecurityCheck

 

 Results of screen317's Security Check version 0.99.81  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Windows Defender   
avast! Antivirus   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player     12.0.0.70  
 Adobe Reader XI  
 Mozilla Firefox (28.0)
 Google Chrome 33.0.1750.154  
 Google Chrome 34.0.1847.116  
````````Process Check: objlist.exe by Laurent````````  
 Comodo Firewall cmdagent.exe
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

Please return to your topic at the Malwarebytes support.

Tell your helper that you were here and finsihed the malware removal process so they may provide further advice.

 

 

Recommendations: How to protect yourself

  • System Updates
    Please ensure to have automatic updates activated in your control panel.
    For further information and a tutorial, see this Microsoft Support article.
  • Protection
    What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
    Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
    • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
      It will filter unwanted advertising out of the website´s content.
    • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
      It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
      In addition, before accessing a dangerous classified web site, a warning screen is displayed.


    [*]Up to date Software
    Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:

    [*]Backup
    Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system. [*]Behaviour
    The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.

    • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
    • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
    • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
      They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.



Link to post
Share on other sites

Thanks very much for your help.  I follow most of your advice.  I do use Avast free and have returned to the original topic to try to get MBAM v2 working on my laptop.  I used to use Secunia PSI, but they started doing the updates.  I prefer to do them myself.  I now use SUMo Lite installer which "does not contain any sponsors", to determine which of my installed software needs updates.  I will start using Security Check.  Thank you again for all your help and suggestions.

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.