[ti]SOLVED[/ti]Help! Several bouts of malware - nothing is removing

nursedodie
New Helpee

Posts: 17

[ti]SOLVED[/ti]Help! Several bouts of malware - nothing is removing Feb 28, 2015 14:56:39 GMT -8

Post by nursedodie on Feb 28, 2015 14:56:39 GMT -8

I have tried for a week to remove this crap on my computer. I am usually not on this computer so I am unaware of when it got downloaded. I have researched my files and seem to have new stuff downloaded on Jan 17 (I think thats the date) andy way - it was like Cleaner Pro and several others...3D Flashplayer...and so on. Well I uninstalled what I could - although Cleaner Pro never uninstalled. I have ran multiple scans - Malwarebytes, Spybot, AVG, Malicious Software Removal from MS as well as CCLeaner to see everything that is running (which I disabled what I could find but it just returns). Everything just keeps coming back. Extensions keep being added to my google chrome like - nitrodeeal and some type of coupon and free stuff. I have deleted and deleted but they keep showing back up. When I did a the windows update - I clicked on the malicious software tool which of course led me to the internet but it gave me a very strange website - it said Microsoft and had the download of the tool but it had 1000's of ads on the page popping up everywhere. So I closed and just went straight to microsoft myself and no, that page didn't have any mass amount of ads. Either way, everything I run will find nothing one time and then tons the next. I have run in safemode, I have run in every mode I can think of ...its just not working.

This is a windows 7 64b service pack one, gateway computer. Any any any help would be greatly appreciated.

Also when I look at my processes, it seems I have at least 10 instances of chrome running?

Also this: Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 2/28/2015

Scan Time: 3:41:49 PM

Logfile:

Administrator: Yes

Version: 2.00.4.1028

Malware Database: v2015.02.28.06

Rootkit Database: v2015.02.25.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Mom

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 334487

Time Elapsed: 30 min, 27 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 2

PUP.Optional.Vosteran.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\MEDIAPLAYER\SHIMINCLUSIONLIST\vosteran.exe, , [fcad180a6f1ba393fe4f049a1ce7a858],

PUP.Optional.Tuto4Pc.A, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS, , [dbce0a183c4ec07615e30a210bfab947],

Registry Values: 1

PUP.Optional.Tuto4Pc.A, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS|HostGUID, C156BBA8-8D99-4BC6-A83D-0AC7AE1A04B1, , [dbce0a183c4ec07615e30a210bfab947]

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 1

PUP.Optional.Vosteran.A, C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\n4gd5o4q.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://vosteran.com/?f=1&a=vst_cmi_15_03_ff&cd=2XzuyEtN2Y1L1QzuyE0CyBtB0Bzy0AyB0ByD0BzytB0DzyyDtN0D0Tzu0StCtCtCtBtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyD0AyB0FyBzz0EzytGtAyEyDyEtGyDyB0CtDtG0DtA0E0AtGtCtAyE0DyCzz0DtDtB0AtByE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0FyDtCyEyByCtCtG0FtC0CtCtGyEtCyCyDtGzy0BzytAtG0DyC0DzyyB0FyCzyzz0DtDtC2Q&cr=427983926&ir=")

, ,[35741f03d6b49b9b77b4c350d135e719]

Physical Sectors: 0

(No malicious items detected)

(end)

Last Edit: Jul 3, 2015 7:55:59 GMT -8 by delphie

Quads
Malware Removalists

In New Zealand

Posts: 9,387

[ti]SOLVED[/ti]Help! Several bouts of malware - nothing is removing Feb 28, 2015 16:17:14 GMT -8

Post by Quads on Feb 28, 2015 16:17:14 GMT -8

Just chucking tools / programs at a problem or infection can cause it's own problems to Windows or each other, OR make it a lot harder for Us to use our tools.
For instance Spybot can interfere with the tools we use and procedures.

Then there is CCleaner which has a Registry cleaner and though generally it is seen as one of the safer around, on the odd occasion it removes what it should not have.

Quads

nursedodie
New Helpee

Posts: 17

[ti]SOLVED[/ti]Help! Several bouts of malware - nothing is removing Feb 28, 2015 16:46:07 GMT -8

Post by nursedodie on Feb 28, 2015 16:46:07 GMT -8

I totally understand that. I was hesitant to post this problem on here after reading some of the instructions - because I have run multiple multiple checks in the past week. So, where do I go from here?

Quads
Malware Removalists

In New Zealand

Posts: 9,387

[ti]SOLVED[/ti]Help! Several bouts of malware - nothing is removing Feb 28, 2015 16:50:59 GMT -8

Post by Quads on Feb 28, 2015 16:50:59 GMT -8

Do Not use any tools or any programs for cleaning used until being asked / instructed to do so!!!!!.

Malware removal can be difficult over a forum as it is, without a user doing their own actions, the tools used are more advanced and thus have added danger that comes with that. This board is protected so that only Malware removers, Admin and Mods can reply to a users thread but all members can create a thread asking for removal of Infection(s)

Make changes to your computer only when the Malware Expert specifically states it. The Malware Experts request specific steps to be followed, as some malware removal requires multiple steps and evaluations along the way. When you take other advice or make other changes, this often negates the work done by the expert, and can sometimes result in an inoperable system.

This also includes any tools or steps other than those the from the Malware Expert. We need to be certain about the state of your system to see what actually is going on, and what is required to fix the system while not harming the rest of the system. Most often, well-intentioned independent efforts can make things much worse. The malware remediation tools are more advanced than othe tools, and can often create bigger problems when used without expert guidance.

Follow all the directions in order, and to the end. Please perform all steps in the order they are listed in each set of instructions. As you might imagine, some steps are a bit complicated. If things are not clear, be sure to stop and let the Malware Expert know the problem. We don't mind clarifying a situation, as others might have the same question. If a tool does not run as expected, don't force it. Stop the steps, and update the forum topic with the current situation. It is better stop and let us know, than to force a tool to run and cause bigger problems.

Also, when your computer is clean and we are finished, the Expert will tell you we are finished. Malware removal is a process that requires verification, and we want to be sure your system is completely clean before we're done.

When describing your problem, provide as much information as possible, as soon as possible. Explain as best you can what happens with your computer, e.g. it beeps three times, black screen with cursor then goes no further, system gets stuck at the Windows startup logo, etc. This helps the expert to understand what is happening to the system and what may be wrong. If your computer cannot start up successfully please provide details about your installed Windows Operating System, including the Version, Edition and if it is a 32bit or a 64bit system. (e.g. Windows Vista Home Premium 32-bit)

When the user follow instructions and things still go a little haywire, and it does happen, it is up to us to sort the extra problem out.

Take longer to read if your language is not English, so that hopefully it is understood.

Reply stating you have read the post fully.

I also if it is busy (have a lot of systems at once to deal with) like being in a supermarket checkout line, waiting their turn, I use the forum like a checkout line.

Uninstall Spybot (the usual way to uninstall a program)

Quads

nursedodie New Helpee Posts: 17	[ti]SOLVED[/ti]Help! Several bouts of malware - nothing is removing Feb 28, 2015 17:33:57 GMT -8 Select Post Deselect Post Link to Post Member Give Gift Back to Top Post by nursedodie on Feb 28, 2015 17:33:57 GMT -8 spybot uninstalled - I have read the post fully

Quads
Malware Removalists

In New Zealand

Posts: 9,387

[ti]SOLVED[/ti]Help! Several bouts of malware - nothing is removing Feb 28, 2015 17:53:08 GMT -8

Post by Quads on Feb 28, 2015 17:53:08 GMT -8

Read Slowly and all of it.

Please download www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ You need to download the 64 bit version.

Place FRST64.exe onto your desktop from where ever it downloaded to.

Start FRST64 that is on your Desktop

The tool will start to run.
When the tool opens click Yes to disclaimer. (if it does)

Press Scan button.

It will make a logs (FRST.txt and addition.txt) on your Desktop Please attach the log in your reply back. Or open the logs in notepad and copy the logs and paste back in a message as a reply.

IF ADDITION.txt does not want to upload

go to Wikisend wikisend.com/ OR go to pastebin.com

and upload the addition.txt there, then post the download link back in a message

Quads

nursedodie New Helpee Posts: 17	[ti]SOLVED[/ti]Help! Several bouts of malware - nothing is removing Feb 28, 2015 18:14:15 GMT -8 Select Post Deselect Post Link to Post Member Give Gift Back to Top Post by nursedodie on Feb 28, 2015 18:14:15 GMT -8 well my post got blocked

Quads Malware Removalists In New Zealand Posts: 9,387	[ti]SOLVED[/ti]Help! Several bouts of malware - nothing is removing Feb 28, 2015 18:16:47 GMT -8 Select Post Deselect Post Link to Post Member Give Gift Back to Top Post by Quads on Feb 28, 2015 18:16:47 GMT -8 Read the Instructions Quads

nursedodie
New Helpee

Posts: 17

[ti]SOLVED[/ti]Help! Several bouts of malware - nothing is removing Feb 28, 2015 18:20:29 GMT -8

Post by nursedodie on Feb 28, 2015 18:20:29 GMT -8

FRST.txt

Addition.txt

I did read your instructions "Please attach the log in your reply back. Or open the logs in notepad and copy the logs and paste back in a message as a reply." and then "IF ADDITION.txt does not want to upload

go to Wikisend wikisend.com/ OR go to pastebin.com" - so thats what I did

Quads Malware Removalists In New Zealand Posts: 9,387	[ti]SOLVED[/ti]Help! Several bouts of malware - nothing is removing Feb 28, 2015 18:31:30 GMT -8 Select Post Deselect Post Link to Post Member Give Gift Back to Top Post by Quads on Feb 28, 2015 18:31:30 GMT -8 You did not do as instructed and have FRST on the Desktop!!!!! So the future instructions will not work Quads

[ti]SOLVED[/ti]Help! Several bouts of malware - nothing is removing

Post by nursedodie on Feb 28, 2015 14:56:39 GMT -8

Post by Quads on Feb 28, 2015 16:17:14 GMT -8

Post by nursedodie on Feb 28, 2015 16:46:07 GMT -8

Post by Quads on Feb 28, 2015 16:50:59 GMT -8

Post by nursedodie on Feb 28, 2015 17:33:57 GMT -8

Post by Quads on Feb 28, 2015 17:53:08 GMT -8

Post by nursedodie on Feb 28, 2015 18:14:15 GMT -8

Post by Quads on Feb 28, 2015 18:16:47 GMT -8

Post by nursedodie on Feb 28, 2015 18:20:29 GMT -8

Post by Quads on Feb 28, 2015 18:31:30 GMT -8