Something still wrong with both my PC's, MWB Databates out of date can't access update server

[Kruxe]

Waiting for my internet to be connected, at the moment on a data connection from my phone to PC - Not sure if that would have anything to do with unable to access update server. 

 

I had help a little while ago with my desktop and laptop, both were working great afterwards I don't know what was wrong, I assumed rootkit before seeking help.

 

My laptop has been very odd the last few days. 

 

- Avast was turned off

- MWB premium protection was off, realtime protection is still off (malware protection & malicious website detection were also off, I switched back on)

- Noticed x 2 of everything in my task manager running last night

- Bluetooth wouldn't connect

- CCleaner picked up 4 'invalid file reference' file's in the registry that it could not fix (Image Path - System32/mutex-threads.exe, /idle-threads.exe, /latch-threads.exe, /semaphore-threads.exe)

- Avast full system scan picked up close to 30 'password protected' files that it couldn't access, I know this happens but Avast scans have not shown those results for this PC before and have not installed anything new.

- Ran Rkill and then MWB scan - No threats found

 

 

All this since I plugged in my external harddrive normally used on my Desktop. 

 

My desktop is packed away in a box (been moving house), but the issues it seemed to have now as well, prior to the laptop are

 

- Can not restore, refresh or update windows 8 OS, at all.

- Can not access safe mode (might just be windows 8, could not even find it in boot menu, tried a few times with online instructions that said safe mode was not in boot menu anymore, couldn't find either)

- Google Chrome web pages are coming up with a grey sheild saying identity not verified (Facebook, Hotmail, Google itself), However https is secure? **Also saying I havent visited those sites before september**

- Possibly some other things that are slipping my mind right now.

 

 

I made a post about my desktop but posted twice including the FRST logs and it went unanswered for 2 weeks or so then I had forgotten about it, Can't seem to find it so it may have been deleted by now.

I understand you are all volunteering personal time to help with these sort of issues, I thank you very kindly as I have been trying to learn and see what's wrong myself this time but it appears I still have no clue. 

Have attached FRST and addition.txt files as attachments.

 

- I will note when running fbar scan tool, It has scanned and finished, given me the results and is now performing the same scans over and over again, I have closed it but the scan results uploaded may be overwritten by one of the random scans following, I can't tell. 

 

Regards - Kruxe

FRST.txt

Addition.txt

[Kruxe]

Whoops. 

 

I have just realised I can click my profile and view all of my own posts - Don't laugh!

 

I thought my more recent, unanswered post had been deleted as I searched with no results but it is still here, As is my original post from 9th July 2014 for both my laptop and desktop that I received help with from a lovely Psychotic fellow.

 

I'm not sure what to do now as I've found my older, unanswered post about my desktop yet created this one for my laptop. 
Have linked both my first request for assistance and my second as I'm unsure if that would provide more insight or not (or for deletion of extra topic).

I think whatever is wrong has went from my Desktop to my external hard drive and then to my laptop anyway.

 

Crossing fingers bumping my own post but info was necessary, Thank you  

 

Most recent (Includes fbar scan for desktop) - https://forums.malwarebytes.org/index.php?/topic/156607-back-again-something-still-very-very-wrong-total-system-control/

Original - hxxps://forums.malwarebytes.org/index.php?/topic/152191-requesting-assistance-probable-rootkit/

(The original link is giving me the same grey shield as mentioned earlier, Google Chrome "Includes script from unauthorized sources" as well as a hefty "Your connection is encrypted however this page contains other resources which are not secure" when I click on the unsecured https icon. Have added this link with hxxps just incase).

 

Regards, Kruxe

[Kruxe]

I am now not sure if I should have PM'd an admin to re-open the thread I had open back in July after reading someone else told to do that - Can someone at least advise if I am doing the right thing please?

 

Regards, Kruxe

[AdvancedSetup]

Hello and

Please read the following and post back the logs when ready and we'll see about getting you cleaned up.

General P2P/Piracy Warning:
 
 

 

If you're using

Peer 2 Peer

software such as

uTorrent, BitTorrent

or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have

illegal/cracked software, cracks, keygens etc

. on the system, please remove or uninstall them now and read the policy on

Piracy

.

 
Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.

• Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
• If the log is too large then you can use attachments by clicking on the More Reply Options button.
• Please enable your system to show hidden files: How to see hidden files in Windows
• Make sure you're subscribed to this topic:
  
  • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly
    

  [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)
  

 
STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.
 

Link 1

Link 2

• On Windows XP double-click on the Rkill desktop icon to run the tool.
• On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• If the tool does not run from any of the links provided, please let me know.
• Do not reboot the computer, you will need to run the application again.
  

STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

• Please download ERUNT from one of the following links: Link1 | Link2 | Link3
• ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
• Double click on erunt-setup.exe to Install ERUNT by following the prompts.
• NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
• Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
• Choose a location for the backup.
  
  • Note: the default location is C:\Windows\ERDNT which is acceptable.
    

  [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe
  

STEP 02
Please run a Threat Scan with MBAM.  If you're unable to run or complete the scan as shown below please see the following:  MBAM Clean Removal Process 2x
When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
 
 
STEP 03
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

• RogueKiller 32-bit | RogueKiller 64-bit
• Quit all running programs.
• For Windows XP, double-click to start.
• For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
• Read and accept the EULA (End User Licene Agreement)
• Click Scan to scan the system.
• When the scan completes Close the program > Don't Fix anything!
• Don't run any other options, they're not all bad!!
• Post back the report which should be located on your desktop.
  

Thank you
 

[Kruxe]

Hello and thank you kindly for your assistance

 

I have completed the requested steps with no issues, a few 'funny looking' things though. 

 

I have attached Rkill report even though it wasn't requested as it did terminate 2 programs, Have also attached RogueKiller report. 

 

I ran MWB threat scan but took a screen shot of a notification that has been in my bottom right corner for a few days now, It looked funny next to the normal MWB (MWB has only just stopped showing the same msg about updates not sure why this is still there, Have clicked it 10 times in last few days re-appears instantly).

 

 

Here is the MWB threat scan result;

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 10/10/2014

Scan Time: 6:18:18 PM

Logfile: 

Administrator: Yes

 

Version: 2.00.3.1025

Malware Database: v2014.10.10.03

Rootkit Database: v2014.10.08.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Enabled

 

OS: Windows 8.1

CPU: x64

File System: NTFS

User: RR-PC

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 375105

Time Elapsed: 13 min, 32 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

 

 

The only other thing I wanted to ask about, Was this when I ran MWB anti-rootkit before your response to my thread. 

 

 

 

Thank you very much, What steps do I take next?

 

Regards, Kruxe

Rkill.txt

RKreport_SCN_10102014_185606.log

[AdvancedSetup]

There are legit reasons to run it but Microsoft recommends that software vendors not use that method but some ignore the recommendation and still use it. We'll use some other tools to see what's going on.

Please go ahead and run through the following steps and post back the logs when ready.

STEP 04

Please download Junkware Removal Tool to your desktop.

• Shutdown your antivirus to avoid any conflicts.
• Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next reply message
• When completed make sure to re-enable your antivirus

STEP 05

Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.

  Vista/Windows 7/8 users right-click and select Run As Administrator

• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• When it's done you'll see: Pending: Please uncheck elements you don't want removed.
• Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
• Look over the log especially under Files/Folders for any program you want to save.
• If there's a program you may want to save, just uncheck it from AdwCleaner.
• If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
• If you're ready to clean it all up.....click the Clean button.
• After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
• Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
• To restore an item that has been deleted:
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

STEP 06

Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link

Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

STEP 07

Please go here to run the online antivirus scannner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked
• Click on Advanced Settings and ensure these options are ticked:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Click Scan
• Wait for the scan to finish
• If any threats were found, click the 'List of found threats' , then click Export to text file....
• Save it to your desktop, then please copy and paste that log as a reply to this topic.

STEP 08

Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press the Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

[Kruxe]

 Hello, Thanks for your reply

 

 

Have followed your steps accordingly and here are the log's requested.

 

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.3.2 (10.09.2014:1)

OS: Windows 8.1 x64

Ran by RR-PC on Sat 11/10/2014 at 18:25:14.69

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sat 11/10/2014 at 18:31:16.94

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

AdwCleaner

 

# AdwCleaner v3.311 - Report created 11/10/2014 at 18:44:05

# Updated 30/09/2014 by Xplode

# Operating System : Windows 8.1  (64 bits)

# Username : RR-PC - KRUX

# Running from : C:\Users\RR-PC\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

Service Deleted : .Net Main

[#] Service Deleted : .Net Security

[#] Service Deleted : .Net Crypt

[#] Service Deleted : .Net Semaphore

 

***** [ Files / Folders ] *****

 

File Deleted : C:\Windows\System32\idle-Threads.exe

File Deleted : C:\Windows\System32\latch-Threads.exe

File Deleted : C:\Windows\System32\mutex-Threads.exe

File Deleted : C:\Windows\System32\semaphore-Threads.exe

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17278

 

 

-\\ Google Chrome v37.0.2062.124

 

[ File : C:\Users\RR-PC\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

[ File : C:\Users\tommy_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [1273 octets] - [11/10/2014 18:36:47]

AdwCleaner[s0].txt - [1224 octets] - [11/10/2014 18:44:05]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1284 octets] ##########

 

***After running AdwCleaner and rebooting I noticed the 'Databases out of date' pop up had disappeared, My phone was also showing in my connected devices which it has not for weeks ***

Thank you!

 

MWB

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 11/10/2014

Scan Time: 6:54:35 PM

Logfile: 

Administrator: Yes

 

Version: 2.00.3.1025

Malware Database: v2014.10.11.02

Rootkit Database: v2014.10.08.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Enabled

 

OS: Windows 8.1

CPU: x64

File System: NTFS

User: RR-PC

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 375653

Time Elapsed: 14 min, 15 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

ESET

 

C:\Users\RR-PC\Desktop\ccsetup404.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

 

***While running ESET scan it did not prompt me about Activex control, I also encountered 'Unexpected error 2002' during initialization. I pressed 'back' to download virus database again and scan was sucessful this time.***

 

I have attached fbar scan and addition.txt as attachments as they would not fit in a single post

 

I will note that my desktop computer is showing the exact same MWB 'Databases out of date' pop up.

Although we are currently working on my laptop I wanted to bring attention again to my suspicions it is the root of all this evil. It is disconnected from the internet and set up to watch movies on the tv at the moment, The external hard drive connected to it I also suspect has infected this laptop with the same thing it has.

Would it be wise to not link or attach anything to link these devices until we are through?

 

What are the next steps please

 

Regards and many thanks, Kruxe

FRST.txt

Addition.txt

[Kruxe]

Update

 

My laptop has seemed the same over the last few days, nothing horrible like the out of date databases pop-up.

Just then it has given me another MWB's pop-up, telling me my protection is disabled.

I opened Malwarebytes to see what was disabled, It was my realtime web protection.

 

I re-enabled it in the settings and attempted a threat scan, after 0.02 it said could not be completed, View details told me my rootkit detection was off but under settings it was turned on.

I still have a big, red, protection disabled pop-up on my screen, MWB has just closed all by itself still telling me protection is disabled, even though I have re-enabled it twice.

[AdvancedSetup]

Yes, unfortunately we had a sync issue on our database updates network. Please check for updates again, then reboot the computer and let me know the status.

[Kruxe]

Still could not find any updates, Restarting seemed to set things back to normal though.

[AdvancedSetup]

So is MBAM working as it should now?

If it is working okay please run the following

Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link

Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

[Kruxe]

Thanks for your reply

 

Okay, having a few issues here. MWB appeared to be fine, All green and good to go. No updates available still.

When I proceeded to run a threat scan, it checked for updates again and the client froze for almost a minute then started the scan.

An error then appeared from MWB saying it could not load/find "Anti Rootkit DDA" drivers, Would I like to restart to attempt reinstalling these drivers otherwise the scan would be ran with Anti rootkit disabled.

 

I restarted the computer, It installed regular Microsoft updates as well, flashed several times and eventually rebooted. Seemingly installed Microsoft updates twice.

 

Typed in my password and waited for my desktop to load but it was just a black screen with my mouse pointer for over 10 minutes. 

I had to manually restart the laptop, The second time the black screen appeared instead of my desktop for another few minutes, It showed a small green box in the corner that was blacked out except for the "Personalized Settings" it was labelled as, but eventually loaded my desktop.

 

I feel like MWB is still infected, I attempted another scan and it is almost finished, nothing to report this far but will post back results. 
I have also been getting a lot of pop-up browsers and tabs that I didn't open, My laptop is beginning to feel very sluggish.

 

Regards, Kruxe

[Kruxe]

MWB

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 17/10/2014

Scan Time: 5:06:06 PM

Logfile: 

Administrator: Yes

 

Version: 2.00.3.1025

Malware Database: v2014.10.17.02

Rootkit Database: v2014.10.15.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Enabled

 

OS: Windows 8.1

CPU: x64

File System: NTFS

User: RR-PC

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 377187

Time Elapsed: 16 min, 58 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

 

(end)

[AdvancedSetup]

There is often a lot of things happening after a Windows update session. Sometimes it can take a while to complete. It is never a good idea to reboot the computer while it's completing updates as you could potentially corrupt the install and end up reinstalling Windows. Wait at least a couple hours if you have to. Better safe than sorry.

 

 

• Please uninstall your current version of MBAM and reinstall the latest version. MBAM Clean Removal Process 2x

 

 

Then check for updates and restart the computer again. Then after it restarts give it a couple minutes to calm down and finishing loading things. Then run a new MBAM scan and post that back and let me know in general how the computer is working now again.

 

 

[Kruxe]

Hi and thanks

 

Have ran the clean install and ran a threat scan with no threats. 

Thank you for the computer advice, I wasn't aware it can actually damage anything

 

I am not sure if I am still getting pop-up's as they were not constant, but my system still feels sluggish, all websites under 2 browsers are still coming up as unsecured and I have to log onto my google account daily via my web browser, I am not even signing myself out of it not sure what's going on there.

I still feel that something is wrong that was overlooked the first time I had assistance, Something just doesnt feel right but apart from being sluggish I just can't put my finger on it.

 

MWB

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 17/10/2014

Scan Time: 6:55:08 PM

Logfile: 

Administrator: Yes

 

Version: 2.00.3.1025

Malware Database: v2014.10.17.02

Rootkit Database: v2014.10.15.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 8.1

CPU: x64

File System: NTFS

User: RR-PC

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 377040

Time Elapsed: 15 min, 40 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

Regards, Kruxe

[AdvancedSetup]

Okay let's try resetting your browsers. Even if you don't use it if it's installed please reset it. Backup any important items such as bookmarks, etc.

 

 

Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.
If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer
How to reset Internet Explorer settings

Firefox
Click on Help / Troubleshooting Information then click on the Reset Firefox button.

Chrome
Start by disabling Sync
How To Delete Your Google Chrome Browser Sync Data
Chrome - Reset browser settings
If that fails then Uninstall Google Chrome and do not reinstall until sure the system is clean.
 

 

Have you run a full disk check on the drive lately ?

[Kruxe]

Thanks for your reply!

 

I have reset Internet explorer and Google chrome, deleted Opera as I do not use it, Would like to delete Internet Explorer but can not seem to.

Google Chrome has an update issue. Avast keeps telling me my programs need updating, The list shows only Google Chrome which fails to update and asks me to "Update manually" which also fails. 

 

I am unsure how to perform a disc check, but I will have a look at the boot menu and see if I can run one.

 

Regards, Kruxe

[Kruxe]

Internet explorer seems to have reset successfully although I don't use it. 

I am replying from Chrome at the moment, but then uninstalling it as alongside the update issues, After it's reset it has kept my username and password for MWB forums when the info said it would be deleted, and websites are still showing as unsecured on it. I also get a totally different looking version of www.malwarebytes.org on Internet Explorer than I have ever seen using Chrome. Odd? 

 

Where do I go from here, please?

 

Regards, Kruxe

[Kruxe]

Forgot to add that I could not work out how to do a disc check. So sorry for the tipple post, I am having a horrible day! 

[AdvancedSetup]

You cannot uninstall Internet Explorer and there is no need to.

Let's run another scan to see what they find again. Chrome may have some file missing or corrupted causing an issue.

You should be able to uninstall it using information from this link. You should make sure you can use Internet Explorer though first to download files and browse as Chrome will be gone.

https://support.google.com/chrome/answer/95319?hl=en

Next run AdwCleaner again

• Double click on AdwCleaner.exe to run the tool.

  Vista/Windows 7/8 users right-click and select Run As Administrator

• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• When it's done you'll see: Pending: Please uncheck elements you don't want removed.
• Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
• Look over the log especially under Files/Folders for any program you want to save.
• If there's a program you may want to save, just uncheck it from AdwCleaner.
• If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
• If you're ready to clean it all up.....click the Clean button.
• After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
• Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
• To restore an item that has been deleted:
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

[Kruxe]

Hi

 

ADWCleaner

 

# AdwCleaner v4.000 - Report created 21/10/2014 at 01:18:21
# DB v2014-10-19.11
# Updated 12/10/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : RR-PC - KRUX
# Running from : C:\Users\RR-PC\Downloads\adwcleaner_4.000.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\tommy_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v33.0 (x86 en-US)


*************************

AdwCleaner[R0].txt - [1273 octets] - [11/10/2014 18:36:47]
AdwCleaner[R1].txt - [1053 octets] - [21/10/2014 01:15:48]
AdwCleaner[s0].txt - [1364 octets] - [11/10/2014 18:44:05]
AdwCleaner[s1].txt - [973 octets] - [21/10/2014 01:18:21]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1032 octets] ##########

 

Thank you for you reply, what do I do now

 

Regards, Kruxe
 

[AdvancedSetup]

So did you get Chrome uninstalled and reinstalled okay following that link.

[Kruxe]

I did not reinstall Chrome again yet because I wasn't sure if it were the problem, I read not to reinstall it until we were done must have overlooked the link!

Will do it now and report back, Thank you!

 

Regards, Kruxe

[Kruxe]

Hi,

 

I can download Chrome and install just fine as usual, But the same unsecure sites are still there and i have noticed they are also present on Firefox as well now (Firefox also began getting pop-up's even with Adblocker Plus extension installed just like Chrome does).
Here is what I get when I click 'more information' on this topic's unsecured symbol on Firefox;

 

 

And here is Google Chrome;

 

 

 

Thank you kindly

Regards, Kruxe

[AdvancedSetup]

Please check and verify the date and time on your computer is set correctly.

 

Then run the following steps again. This should have already removed those issues but maybe you got something new while we were in the middle of scanning or downloading stuff that was missed.

 

 

 
STEP 04
Please download Junkware Removal Tool to your desktop.

• Shutdown your antivirus to avoid any conflicts.
• Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next reply message
• When completed make sure to re-enable your antivirus
  

STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• When it's done you'll see: Pending: Please uncheck elements you don't want removed.
• Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
• Look over the log especially under Files/Folders for any program you want to save.
• If there's a program you may want to save, just uncheck it from AdwCleaner.
• If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
• If you're ready to clean it all up.....click the Clean button.
• After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
• Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
• To restore an item that has been deleted:
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
  

STEP 06
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.


STEP 07


Please go here to run the online antivirus scannner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked
• Click on Advanced Settings and ensure these options are ticked:
  
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
    

  
  [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.
  

STEP 08
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press the Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.