|
Post by dotcom on Oct 31, 2014 23:38:07 GMT -8
System is running top notch. I was trying to get rid of this malware for a few days, I calmed it down using malwarebytes and ESET Scanner but could not get rid of it totally. No dllhost.exe is showing up at all in Task Manager. So far so good!
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Oct 31, 2014 23:45:55 GMT -8
Agree with you on that one. Moving on.... Download Junkware Removal Tool from here and run it on the desktop. Double click on the downloaded file on your desktop; it will open up a command window and run from there. When asked, press any key to let it run. This will create a log on the desktop; please attach or copy & paste the log in your next post (JRT.txt).
|
|
|
Post by dotcom on Oct 31, 2014 23:51:54 GMT -8
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Nov 1, 2014 0:01:10 GMT -8
Fast machine! Step1 - Malwarebytes' Anti-MalwarePlease download the latest version of Malwarebytes' Anti-Malware from HereDouble Click on the mbam-setup.exe file to install the application. Do not check on the Trial of Professional version. Make sure a check mark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. When the main screen opens, if the database is out of date, you can click on the Fix Now banner or the Update Now link Once the program has loaded and updated, select " Scan Now >>" to start the scan. The scan may take some time to finish, so please be patient. If any malware is found, you will be presented with a screen like the one below. Please click on the Export Log button and select the As text file from the dropdown list. I would suggest you save the file on your desktop (as we need the report attached here for review and it is easy to find on the desktop). After you have saved the report file, return to the Potential Threats Detected page and click on Cancel. You can close MBAM after that. Please attach the report file to a post here; I will review the file and script what needs to be removed.
|
|
|
Post by dotcom on Nov 1, 2014 0:11:40 GMT -8
LOL! Need a fast machine for gaming! Build it myself! i5-3750k OC to 4.2 GHZ. 8 gigs of Corsair DDR3 ram(like to add more in the future) EVGA 770 Superclocked 4gb of ram. Will SLI in the future. MSI Thunderbolt Mobo. 950 watt Corsair power supply. Have 2 SSD, Intel 330 series 180gb and a Samsung 840 EVO 750gb. wikisend.com/download/945708/Malwarelog.txt
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Nov 1, 2014 7:23:10 GMT -8
This next step may take a while (just to warn you) ..... ESET Online does not work with IE 11 (Internet Explorer) at the moment (a few weeks ago anyway) so if you have IE 11, Chrome or Firefox has to be used instead. ESET Online does work with IE 10 and earlier. You can leave Norton Enabled even though ESET may warn about it. just makes the scan take longer. The pictures below showing what to click may be blue instead of green on the ESET website now, but the procedure is still the same Please read carefully and Slowly, Notice all the settings listed below to check before starting the scan. Stop and ask if you have any questions.Take note of the NO tick in the Remove found threats setting below at it needs to have the tick removed.
Hold down Control key and click on the following link to open ESET OnlineScan in a new window. Link =>> ESET OnlineScan << Click the Run ESET Online Scanner located on the left side of the page (not the free trial). For browsers other than Internet Explorer only: (Microsoft Internet Explorer users can skip this step) Click on the esetsmartinstaller link in the popup window that opens. Save it to your desktop. Double click on the icon on your desktop. Check (accept) the Terms of Use. Click the START button. Accept any security warnings from your browser. Now in the Computer scan settings window that appears:- Make sure that the option Enable detection of potentially unwanted applications is selected. Now click on Advanced Settings and configure the options as follows: Remove found threats is Not checkedScan archives is checkedScan for potentially unsafe applications is checkedEnable Anti-Stealth Technology is checkedNow click on: StartESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. When the scan is finished, if any threats are found you will see the screen below. Click to view the found threats. At the bottom of the listed threats, there is an option to save the results to a text file. Please do this so you can attach the results here for review and removal of the items that are not false positives (these will be scripted out so do not worry). Once the log text file is saved, return to the Scan Finished screen by clicking "<<Back", then click on the uninstall button and click Finish. Attach the saved log file in your next reply please. Thanks.
|
|
|
Post by dotcom on Nov 1, 2014 16:19:53 GMT -8
C:\FRST\Quarantine\C\Users\Brian\AppData\Local\Temp\optprosetup.exe.xBAD multiple threats C:\Users\Brian\AppData\Local\Temp\1a10\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CNWKFNXF\49dw1eb5eb[1].htm JS/Exploit.Agent.NHR trojan C:\Users\Brian\AppData\Local\Temp\53e4\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3DM4IRI9\x59cog6fsf[1].htm JS/Exploit.Agent.NHS trojan F:\ProgramData\InstallMate\{F4886FA2-22A8-4137-A3DC-6A8A2F6B4D54}\Custom.dll Win32/InstalleRex.M potentially unwanted application F:\Users\Brian\AppData\Local\Temp\ICReinstall_mame-0.15.exe a variant of Win32/InstallCore.JE.gen potentially unwanted application F:\Users\Brian\AppData\Local\Temp\OptimizerPro.exe.44496383 Win32/SpeedingUpMyPC.I application F:\Users\Brian\AppData\Local\Temp\is495002259\44465042_stp\FindRightSetup.exe Win32/BrowseFox.C potentially unwanted application F:\Users\Brian\AppData\Local\Temp\is754907076\38557690_Setup.EXE a variant of Win32/AdWare.PricePeep.A application F:\Users\Brian\AppData\Local\Temp\is754907076\MyBabylonTB.exe a variant of Win32/Toolbar.Babylon.A potentially unwanted application F:\Users\Brian\Downloads\Setup(1).exe a variant of Win32/AdWare.iBryte.S application F:\Users\Brian\Downloads\setup.exe a variant of Win32/Bundlore.B potentially unwanted application F:\Windows\SysWOW64\setup.exe a variant of Win32/AdWare.MultiPlug.R application G:\Program Files (x86)\WebConnect\WebConnectBHO.dll a variant of Win32/BrowseFox.F potentially unwanted application G:\Program Files (x86)\Worldwide Web Research\deinstaller.exe a variant of Win32/MediaMine.B trojan G:\Program Files (x86)\Worldwide Web Research\Installer.exe a variant of Win32/MediaMine.B trojan G:\Temp\InstallFilter64.msi multiple threats G:\Users\Brian\AppData\Local\Temp\awhEB69.tmp a variant of MSIL/Adware.Proxomoto.D application G:\Users\Brian\AppData\Local\Temp\D1395176918.exe a variant of Win32/OutBrowse.BA potentially unwanted application G:\Users\Brian\AppData\Local\Temp\helper.exe MSIL/FileTypeHelper.A potentially unwanted application G:\Users\Brian\AppData\Local\Temp\ICReinstall_installer_microsoft_excel_English.exe a variant of Win32/InstallCore.LB potentially unwanted application G:\Users\Brian\AppData\Local\Temp\plg0.dll a variant of Win32/MediaMine.B trojan G:\Users\Brian\AppData\Local\Temp\plg1.dll a variant of Win32/MediaMine.B trojan G:\Users\Brian\AppData\Local\Temp\prefetch.exe multiple threats G:\Users\Brian\AppData\Local\Temp\SearchProtectINT.exe Win32/Toolbar.Conduit.R potentially unwanted application G:\Users\Brian\AppData\Local\Temp\SearchProtectionSetup.exe multiple threats G:\Users\Brian\AppData\Local\Temp\setupq1.exe a variant of Win32/MediaMine.A trojan G:\Users\Brian\AppData\Local\Temp\SetupToparcadehits.exe a variant of Win32/Adware.Gamevance.DF potentially unwanted application G:\Users\Brian\AppData\Local\Temp\WebMonitor.exe Win32/MediaMine.A trojan G:\Users\Brian\AppData\Local\Temp\Doma\excel-viewer_027\DomaIQ.exe a variant of Win32/DomaIQ.AF potentially unwanted application G:\Users\Brian\AppData\Local\Temp\Doma\excel-viewer_027\DomaIQ10.exe a variant of Win32/DomaIQ.AF potentially unwanted application G:\Users\Brian\AppData\Local\Temp\Doma\excel-viewer_027\OfferBrokerage_14003.exe a variant of Win32/InstallIQ.A potentially unwanted application G:\Users\Brian\AppData\Local\Temp\Doma\excel-viewer_027\setup__120.exe a variant of Win32/Amonetize.H potentially unwanted application G:\Users\Brian\AppData\Local\Temp\is1261780760\294229905_Setup.EXE Win32/Toolbar.Conduit potentially unwanted application G:\Users\Brian\AppData\Local\Temp\is1261780760\Toparcadehits.exe Win32/OutBrowse.C potentially unwanted application G:\Users\Brian\AppData\Local\Temp\is1261780760\wajam_validate.exe Win32/Wajam.F potentially unwanted application G:\Users\Brian\AppData\Local\Temp\is1261780760\WebConnect.exe a variant of Win64/BrowseFox.AO potentially unwanted application G:\Users\Brian\AppData\Local\Temp\is603418325\mysearchdial.dll a variant of Win32/Toolbar.Escort.A potentially unwanted application G:\Users\Brian\AppData\Local\Temp\nso843F\SpSetup.exe Win32/Conduit.SearchProtect.Q potentially unwanted application G:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\65efb401-3aee3d8e a variant of Java/Exploit.CVE-2013-2465.HV trojan G:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\3eca29cb-3bafcc8e multiple threats G:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\7aca80b-7e01e546 a variant of Java/Exploit.Agent.QMM trojan G:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\dfb2b4d-19b8a9fc multiple threats G:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\794e55cf-67f08904 multiple threats G:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\164a87d0-39ec169f multiple threats G:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\6b419a51-5bfc0151 multiple threats G:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\2ab77712-4af7a376 multiple threats G:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\32a64bd2-284710b9 multiple threats G:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\7edae92-2c54463e multiple threats G:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\32354a53-3d65168a multiple threats G:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\34948f02-22f97640 multiple threats G:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\5c480cc2-2443652e multiple threats G:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\1d0e4254-21f6099f Java/Exploit.Agent.NID trojan G:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\3a699515-34c1b3ed Java/Exploit.CVE-2013-0422.AW trojan G:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\40488496-6a45c816 multiple threats G:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\7952a0d7-31cd5e07 multiple threats G:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\10aa1799-24426172 multiple threats G:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\4fa53999-61d8390f multiple threats G:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\2fe9e5db-5cf0a0e5 multiple threats G:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\4b757a1b-3b6c46c1 a variant of Java/Exploit.Agent.QZY trojan G:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\2e66635d-67134954 multiple threats G:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\31627a03-2bbbe36f multiple threats G:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\351ef49f-10d1650c multiple threats G:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\69156bdf-12cd665f multiple threats G:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\53e260e0-49f1ce20 multiple threats G:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\325bb6a3-6029dfc7 multiple threats G:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\41ac37e3-7170ba6e multiple threats G:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\140d9a4-60b16e11 multiple threats G:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\154e67e4-61d5ccc8 multiple threats G:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\5cc864a5-30301a0d multiple threats G:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\49a149a7-539336c2 a variant of Java/Exploit.Agent.OFX trojan G:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\3dc7d244-6a41c7d7 multiple threats G:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\559b8f69-68eb8c16 multiple threats G:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\c895fe9-602f803e multiple threats G:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\3d8b5eea-1c7a98ee multiple threats G:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\67b2f92a-130ca776 multiple threats G:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\2e8d1a6b-753a63e8 multiple threats G:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\da275ac-3525dd6c multiple threats G:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\2c2f602d-603edce8 multiple threats G:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\5fc8022d-4ab43240 multiple threats G:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\32426dc5-29c52832 multiple threats G:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\3e98a772-26939fb1 multiple threats G:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\64851e73-13914032 multiple threats G:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\4691d834-2c69dd0d multiple threats G:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\62f99f4-3120bd65 multiple threats G:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\747ed274-185ca968 multiple threats G:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\3d7c6c76-170c8c70 multiple threats G:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\3e5c1aba-4985358a multiple threats G:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\9c03d3a-2aecb2b9 multiple threats G:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\37ff64fb-11664f28 multiple threats G:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\4f805b46-50bd8dff Java/Exploit.Agent.ODV trojan G:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\3cbd6fd-44837620 multiple threats G:\Users\Brian\Downloads\Adobe_Flash_Setup.exe Win32/InstallCore.MM potentially unwanted application G:\Users\Brian\Downloads\excel-viewer.exe Win32/DomaIQ.C potentially unwanted application G:\Windows\System32\drivers\netfilter64.sys a variant of Win32/AdWare.Adpeak.G application
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Nov 1, 2014 16:25:31 GMT -8
can I ask what is F and G Drive for??
Quads
|
|
|
Post by dotcom on Nov 1, 2014 16:30:13 GMT -8
Hi Quads! They would be other drives on my computer I have. I have 3 drives..HD,SSD,and the Main SSD one Iam on right now. SO in other words, other drives I can access if I like to on my computer. Of course I would have to reboot to change the drive boot up on restart. Thanks!
|
|
|
Post by dotcom on Nov 1, 2014 21:14:37 GMT -8
No comment ?
|
|