computerwiz123 Posted December 6, 2015 ID:1005385 Share Posted December 6, 2015 So basicly whenever I leave my computer and then the monitor goes to sleep, I come back finding that chrome is open along with 2-10 tabs open with "technews" and other BS news and third-party/spam websites. I feel as if there may be a trojan on my computer, but I'm not sure where to start? I also had another problem where if I open any game, such as league of legends, or Fallout 4, whenever I left-click in the game, it blinks for a split second, and it looks as if in the taskbar as if it was almost quickly tabbing out then going back into the game. This is very annoying, altough I found that going into fullscreen usually fixes the problem. Well no, instead when I go into fullscreen, I literally cannot alt+tab or else the game will start to glitch out when I try to re-open it, resulting in the game either crashing, me having to end the process, and have to restart the game, which is becoming a huge annoyance. I would love if someone offered any solutions to one or both of these problems, if possible.Cheers! - computerwiz123 Link to post Share on other sites More sharing options...
kevinf80 Posted December 6, 2015 ID:1005405 Share Posted December 6, 2015 Hello and welcome to Malwarebytes.orgP2P/Piracy Warning:If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.Next,Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Choose Settings. at the bottom of the screen click the"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.Next,Follow the instructions in the following link to show hidden files:http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/Next,Please open Malwarebytes Anti-Malware. On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits". Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button. A Threat Scan will begin. With some infections, you may or may not see this message box. 'Could not load DDA driver' Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions. When the scan is complete, click Apply Actions. Wait for the prompt to restart the computer to appear, then click on Yes. After the restart once you are back at your desktop, open MBAM once more.To get the log from Malwarebytes do the following: Click on the History tab > Application Logs. Double click on the scan log which shows the Date and time of the scan just performed. Click Export > From export you have three options: Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Recommend you use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…If Malwarebytes is not installed follow these instructions first:Download Malwarebytes Anti-Malware to your desktop.Double-click mbam-setup and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following: Launch Malwarebytes Anti-Malware A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program. Click Finish. Follow the instructions above....Next,Download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.If your security alerts to FRST either accept the alert or disable your security and allow FRST to run...Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.Next,Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/Quit all running programs. For Windows XP, double-click to start. For Vista,Windows 7/8/8.1/10, Right-click on the program and select Run as Administrator to start and when prompted allow it to run. Read and accept the EULA (End User Licene Agreement) Click Scan to scan the system. When the scan completes select "Report",in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference. log will open. Close the program > Don't Fix anything!Let me see those logs in your reply....Thank you,Kevin... Link to post Share on other sites More sharing options...
computerwiz123 Posted December 6, 2015 Author ID:1005459 Share Posted December 6, 2015 Thank you for guiding me to do these steps1. Malwarebytes LogMalwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 12/6/2015Scan Time: 1:01 PMLogfile: Administrator: Yes Version: 2.2.0.1024Malware Database: v2015.12.06.05Rootkit Database: v2015.11.26.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Danny Scan Type: Threat ScanResult: CompletedObjects Scanned: 456515Time Elapsed: 55 min, 24 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 31PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, Quarantined, [b825e5bc5e2d89ad0038779349b90ef2], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, Quarantined, [b825e5bc5e2d89ad0038779349b90ef2], PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, Quarantined, [b825e5bc5e2d89ad0038779349b90ef2], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, Quarantined, [b825e5bc5e2d89ad0038779349b90ef2], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, Quarantined, [b825e5bc5e2d89ad0038779349b90ef2], PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}, Quarantined, [b825e5bc5e2d89ad0038779349b90ef2], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, Quarantined, [b825e5bc5e2d89ad0038779349b90ef2], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, Quarantined, [b825e5bc5e2d89ad0038779349b90ef2], PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, Quarantined, [b825e5bc5e2d89ad0038779349b90ef2], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, Quarantined, [b825e5bc5e2d89ad0038779349b90ef2], PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, Quarantined, [b825e5bc5e2d89ad0038779349b90ef2], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, Quarantined, [b825e5bc5e2d89ad0038779349b90ef2], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\OCComSDK.ComSDK.1, Quarantined, [b825e5bc5e2d89ad0038779349b90ef2], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\OCComSDK.ComSDK, Quarantined, [b825e5bc5e2d89ad0038779349b90ef2], PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OCComSDK.ComSDK, Quarantined, [b825e5bc5e2d89ad0038779349b90ef2], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\OCComSDK.ComSDK, Quarantined, [b825e5bc5e2d89ad0038779349b90ef2], PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OCComSDK.ComSDK.1, Quarantined, [b825e5bc5e2d89ad0038779349b90ef2], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\OCComSDK.ComSDK.1, Quarantined, [b825e5bc5e2d89ad0038779349b90ef2], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}, Quarantined, [b825e5bc5e2d89ad0038779349b90ef2], Trojan.Vonteera, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\2pP, Delete-on-Reboot, [7e5f465bed9ef0466d2e09ef986bd828], PUP.Optional.DailyPCClean, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\DailyPCClean Schedule, Delete-on-Reboot, [89546e33d8b3bb7b39e4b5426a99c33d], PUP.Optional.Fxplorer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Urla1, Delete-on-Reboot, [7865970a6c1f87af82189466aa5906fa], PUP.Optional.Fxplorer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Urla2, Delete-on-Reboot, [2cb1f7aa2e5dcd695941ab4f2dd615eb], PUP.Optional.Fxplorer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Urla3, Delete-on-Reboot, [508d5a470b801521acee936719eae21e], PUP.Optional.Fxplorer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Urla4, Delete-on-Reboot, [e0fdf7aa9bf068ce960406f4eb18e21e], PUP.Optional.Fxplorer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Urla5, Delete-on-Reboot, [fce1ccd5117a2f07b4e6a654ae556d93], PUP.Optional.Fxplorer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Urla6, Delete-on-Reboot, [9647ecb55d2ece680f8bc3378d76d42c], PUP.Optional.Fxplorer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Urla7, Delete-on-Reboot, [ac31bbe68a01d4628b0f9961be45d32d], PUP.Optional.DailyPCClean, HKLM\SOFTWARE\WOW6432NODE\DAILYPCCLEAN, Quarantined, [4d903b66533844f258b3d3183ec5c43c], PUP.Optional.MySearch123, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}, Quarantined, [32abedb4187368ce0f40668bbe45ab55], Trojan.Vonteera, HKU\S-1-5-21-2807040322-2208933909-149726929-1000\SOFTWARE\PDFCONVERT, Quarantined, [f5e80b96f29922147225d622eb18a15f], Registry Values: 2PUP.Optional.MaxDriverUpdater, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{3B0861B1-F0D9-48C7-80C0-8914EA2AB020}, v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Max Driver Updater\maxdu.exe|Name=MaxDriverUpdater|, Quarantined, [c815663bff8c02344dfbb73b10f32ed2]Trojan.Vonteera, HKU\S-1-5-21-2807040322-2208933909-149726929-1000\SOFTWARE\PDFCONVERT|Uniq, {1BC5DFB9-E269-461D-AD55-39B82A3E36F6}, Quarantined, [f5e80b96f29922147225d622eb18a15f] Registry Data: 0(No malicious items detected) Folders: 3Trojan.Vonteera, C:\ProgramData\Convertor, Quarantined, [2db05e430f7c1b1b403edc1ce81ba759], Trojan.Vonteera, C:\Users\Danny\AppData\Roaming\PlusN, Quarantined, [c419fea35635092d7d040fe9a65daa56], PUP.Optional.Tuto4PC, C:\Users\Danny\AppData\Local\Temp\WIZZTEMP, Quarantined, [617cd5ccf893b87e0f763763ce34fd03], Files: 28PUP.Optional.OpenCandy, C:\Users\Danny\AppData\Local\Temp\HYD2C2.tmp.1449371872\HTA\install.1449371872.zip, Quarantined, [03da376a2962f343b5834cbecc36817f], PUP.Optional.OpenCandy, C:\Users\Danny\AppData\Local\Temp\HYD2C2.tmp.1449371872\HTA\3rdparty\OCComSDK.dll, Quarantined, [2bb2b2efc6c5fd39d06862a844be18e8], PUP.Optional.OpenCandy, C:\Users\Danny\AppData\Local\Temp\HYD2C2.tmp.1449371872\HTA\3rdparty\OCSetupHlp.dll, Quarantined, [815c8c15dcaf300643ab57344eb652ae], PUP.Optional.OpenCandy, C:\Users\Danny\AppData\Local\Temp\HYD323D.tmp.1449428442\HTA\install.1449428442.zip, Quarantined, [1dc09908880367cfde5a97734ab831cf], PUP.Optional.OpenCandy, C:\Users\Danny\AppData\Local\Temp\HYD323D.tmp.1449428442\HTA\3rdparty\OCComSDK.dll, Quarantined, [508d039eb0db40f6fe3ade2c828036ca], PUP.Optional.OpenCandy, C:\Users\Danny\AppData\Local\Temp\HYD323D.tmp.1449428442\HTA\3rdparty\OCSetupHlp.dll, Quarantined, [f9e4762b800b39fdd5194c3f38cc0af6], PUP.Optional.OpenCandy, C:\Users\Danny\AppData\Local\Temp\HYD4DC6.tmp.1449371891\HTA\install.1449371891.zip, Quarantined, [6b72821f4645280e9e9aed1d659d6799], PUP.Optional.OpenCandy, C:\Users\Danny\AppData\Local\Temp\HYD4DC6.tmp.1449371891\HTA\3rdparty\OCComSDK.dll, Quarantined, [d00d356c2a6147ef23151af058aaea16], PUP.Optional.OpenCandy, C:\Users\Danny\AppData\Local\Temp\HYD4DC6.tmp.1449371891\HTA\3rdparty\OCSetupHlp.dll, Quarantined, [76670e934a4161d5d816e2a9ab597d83], PUP.Optional.OpenCandy, C:\Users\Danny\AppData\Local\Temp\HYD6750.tmp.1449428455\HTA\install.1449428455.zip, Quarantined, [9647831e266546f051e77793e02207f9], PUP.Optional.OpenCandy, C:\Users\Danny\AppData\Local\Temp\HYD6750.tmp.1449428455\HTA\3rdparty\OCComSDK.dll, Quarantined, [b825e5bc5e2d89ad0038779349b90ef2], PUP.Optional.OpenCandy, C:\Users\Danny\AppData\Local\Temp\HYD6750.tmp.1449428455\HTA\3rdparty\OCSetupHlp.dll, Quarantined, [11cceab7d1bac76f9e503a51a85c54ac], PUP.Optional.OpenCandy, C:\Users\Danny\Downloads\CheatEngine64.exe, Quarantined, [bc21c3de454664d2b500cf3d48b919e7], HackTool.Agent.BLO, C:\Users\Danny\Desktop\BoL Marco\BoLStudio (3).zip, Quarantined, [1dc0c1e05d2e3006c741c0d17e863dc3], HackTool.Agent.BLO, C:\Users\Danny\Desktop\BoL VIP Cracked\BoL Hijacker.exe, Quarantined, [09d4b4edec9f77bf21e7eda4c440d12f], PUP.Optional.DailyPCClean, C:\Windows\System32\Tasks\DailyPCClean Schedule, Quarantined, [1ac3d4cd781361d5afb0608ba95ae917], Trojan.Vonteera, C:\ProgramData\Convertor\gup.xml, Quarantined, [2db05e430f7c1b1b403edc1ce81ba759], Trojan.Vonteera, C:\ProgramData\Convertor\Convertor.exe, Quarantined, [2db05e430f7c1b1b403edc1ce81ba759], Trojan.Vonteera, C:\Users\Danny\AppData\Roaming\PlusN\gup.xml, Quarantined, [c419fea35635092d7d040fe9a65daa56], Trojan.Vonteera, C:\Users\Danny\AppData\Roaming\PlusN\GUP.exe, Quarantined, [c419fea35635092d7d040fe9a65daa56], Trojan.Vonteera, C:\Windows\System32\Tasks\2pP, Quarantined, [607d554c5734ec4a662227d1778c38c8], PUP.Optional.Fxplorer, C:\Windows\System32\Tasks\Urla1, Quarantined, [4b929e032962a88e6038a35759aac33d], PUP.Optional.Fxplorer, C:\Windows\System32\Tasks\Urla2, Quarantined, [fde04b56f09b1521376127d349ba629e], PUP.Optional.Fxplorer, C:\Windows\System32\Tasks\Urla3, Quarantined, [7469861bafdcda5c56422ad02cd758a8], PUP.Optional.Fxplorer, C:\Windows\System32\Tasks\Urla4, Quarantined, [86576a37b8d33df9257337c3f21127d9], PUP.Optional.Fxplorer, C:\Windows\System32\Tasks\Urla5, Quarantined, [8459227ff695e84e8e0aac4e649fd927], PUP.Optional.Fxplorer, C:\Windows\System32\Tasks\Urla6, Quarantined, [e3fa128fcebdee48acec6f8b030060a0], PUP.Optional.Fxplorer, C:\Windows\System32\Tasks\Urla7, Quarantined, [11cc2e73a6e5a4928414d7234eb5ae52], Physical Sectors: 0(No malicious items detected) (end)2. The Farbar results will be attached3. Rougekiller results will be attachedThank you for your kind and helping instructions, and please tell me what I have to do after reviewing my logs.Addition.txtFRST.txtRougeKillerLog.txt Link to post Share on other sites More sharing options...
kevinf80 Posted December 6, 2015 ID:1005474 Share Posted December 6, 2015 Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.Run FRST and press the Fix button just once and wait.The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Download AdwCleaner by Xplode onto your Desktop. Double click on Adwcleaner.exe to run the tool. Click on the Scan in the Actions box Please wait fot the scan to finish.. When "Waiting for action.Please uncheck elements you want to keep" shows in top line.. Click on the Cleaning box. Next click OK on the "Closing Programs" pop up box. Click OK on the Information box & again OK to allow the necessary reboot After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...Next, Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts. (re-enable when done) Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message. Next, Download Dr Web Cureit from here http://www.freedrweb.com/cureit save to your desktop. (Scroll to bottom of page) The file will be randomly named Reboot to safe mode <<<<<------------ http://support.eset.com/kb2268/ Run Dr Web Tick the I agree box and select continue Click select objects for scanning Tick all boxes as shown Click the wrench and select automatically apply actions to threats Press start scan The scan will now commence Once the scan has finished click open report <<<--- Do not miss this step A notepad will open Select File > Save as.. Save it to your desktopThis log will be excessive, Please attach it to your next reply…Let me see those logs, also give an update on any remaining issues or concerns... Thank you, Kevin.. Fixlist.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 11, 2015 Root Admin ID:1006406 Share Posted December 11, 2015 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts