I forgot to include instructions to remove what Mbam found.
Run Malwarebytes again and when it is finished, be sure that the two files found have checkmarks and click Quarantine.
Send the resulting log. If that's OK I'll send instructions to tidy up.
Satchfan
Spybot test
While waiting, I ran Spybot system scan. It found the following which I show below for info. I did not do fix.
I will run Malwarebytes as instructed and leave running as I leave for work. I will reply with results asap.
Search results from Spybot - Search & Destroy
15/01/2015 9:14:33 PM
Scan took 01:55:35.
33 items found.
DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)
Zedo: [SBI $4E2AF2AC] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)
Zedo: [SBI $4E2AF2AC] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)
FastClick: [SBI $4E2AF2AC] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)
MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)
MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)
Zedo: [SBI $4E2AF2AC] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)
Zedo: [SBI $4E2AF2AC] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)
Statcounter: [SBI $4E2AF2AC] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)
MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)
FastClick: [SBI $4E2AF2AC] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)
Zedo: [SBI $4E2AF2AC] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)
BurstMedia: [SBI $4E2AF2AC] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)
BurstMedia: [SBI $4E2AF2AC] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)
BurstMedia: [SBI $4E2AF2AC] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)
BurstMedia: [SBI $4E2AF2AC] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)
BurstMedia: [SBI $4E2AF2AC] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)
CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)
CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)
CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)
Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-3979661825-3157004422-1321400577-1001\Software\Microsoft\Internet Explorer\TypedURLs
MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-3979661825-3157004422-1321400577-1001\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
MS Regedit: [SBI $C3B62FC1] Recent open key (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-3979661825-3157004422-1321400577-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey
Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-3979661825-3157004422-1321400577-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-3979661825-3157004422-1321400577-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Cookie: [SBI $49804B54] Browser: Cookie (7) (Browser: Cookie, nothing done)
Cache: [SBI $49804B54] Browser: Cache (572) (Browser: Cache, nothing done)
History: [SBI $49804B54] Browser: History (109) (Browser: History, nothing done)
Cookie: [SBI $49804B54] Browser: Cookie (801) (Browser: Cookie, nothing done)
History: [SBI $49804B54] Browser: History (5059) (Browser: History, nothing done)
--- Spybot - Search & Destroy version: 2.4.40.131 DLL (build: 20140425) ---
2014-06-24 blindman.exe (2.4.40.151)
2014-06-24 explorer.exe (2.4.40.181)
2014-06-24 SDBootCD.exe (2.4.40.109)
2014-06-24 SDCleaner.exe (2.4.40.110)
2014-06-24 SDDelFile.exe (2.4.40.94)
2013-06-18 SDDisableProxy.exe
2014-06-24 SDFiles.exe (2.4.40.135)
2014-06-24 SDFileScanHelper.exe (2.4.40.1)
2014-06-24 SDFSSvc.exe (2.4.40.217)
2014-06-24 SDHelp.exe (2.4.40.1)
2014-04-25 SDHookHelper.exe (2.3.39.2)
2014-04-25 SDHookInst32.exe (2.3.39.2)
2014-04-25 SDHookInst64.exe (2.3.39.2)
2014-06-24 SDImmunize.exe (2.4.40.130)
2014-06-24 SDLogReport.exe (2.4.40.107)
2014-06-24 SDOnAccess.exe (2.4.40.11)
2014-06-24 SDPESetup.exe (2.4.40.3)
2014-06-24 SDPEStart.exe (2.4.40.86)
2014-06-24 SDPhoneScan.exe (2.4.40.28)
2014-06-24 SDPRE.exe (2.4.40.22)
2014-06-24 SDPrepPos.exe (2.4.40.15)
2014-06-24 SDQuarantine.exe (2.4.40.103)
2014-06-24 SDRootAlyzer.exe (2.4.40.116)
2014-06-24 SDSBIEdit.exe (2.4.40.39)
2014-06-24 SDScan.exe (2.4.40.181)
2014-06-24 SDScript.exe (2.4.40.54)
2014-06-24 SDSettings.exe (2.4.40.139)
2014-06-24 SDShell.exe (2.4.40.2)
2014-06-24 SDShred.exe (2.4.40.108)
2014-06-24 SDSysRepair.exe (2.4.40.102)
2014-06-24 SDTools.exe (2.4.40.157)
2014-06-24 SDTray.exe (2.4.40.129)
2014-06-27 SDUpdate.exe (2.4.40.94)
2014-06-27 SDUpdSvc.exe (2.4.40.77)
2014-06-24 SDWelcome.exe (2.4.40.130)
2014-04-25 SDWSCSvc.exe (2.3.39.2)
2014-05-20 spybotsd2-install-bdcore-update.exe (2.3.39.0)
2014-07-31 spybotsd2-translation-esx.exe
2013-06-19 spybotsd2-translation-frx.exe
2014-08-25 spybotsd2-translation-hux2.exe
2014-10-01 spybotsd2-translation-nlx2.exe
2014-11-05 spybotsd2-translation-ukx.exe
2015-01-07 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2014-04-25 NotificationSpreader.dll
2014-06-24 SDAdvancedCheckLibrary.dll (2.4.40.98)
2014-04-25 SDAV.dll
2014-06-24 SDECon32.dll (2.4.40.114)
2014-06-24 SDECon64.dll (2.3.39.113)
2014-06-24 SDEvents.dll (2.4.40.2)
2014-06-24 SDFileScanLibrary.dll (2.4.40.14)
2014-04-25 SDHook32.dll (2.3.39.2)
2014-04-25 SDHook64.dll (2.3.39.2)
2014-06-24 SDImmunizeLibrary.dll (2.4.40.2)
2014-06-24 SDLicense.dll (2.4.40.0)
2014-06-24 SDLists.dll (2.4.40.4)
2014-06-24 SDResources.dll (2.4.40.7)
2014-06-24 SDScanLibrary.dll (2.4.40.131)
2014-06-24 SDTasks.dll (2.4.40.15)
2014-06-24 SDWinLogon.dll (2.4.40.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2014-06-24 Tools.dll (2.4.40.36)
2014-03-05 Includes\Adware-000.sbi (*)
2014-01-08 Includes\Adware-001.sbi (*)
2015-01-14 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-11-14 Includes\Dialer-000.sbi (*)
2014-11-14 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-01-09 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2014-01-09 Includes\Fraud-003.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-11-14 Includes\Hijackers-000.sbi (*)
2014-11-14 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-11-14 Includes\Keyloggers-000.sbi (*)
2014-09-24 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2014-11-14 Includes\Malware-000.sbi (*)
2014-11-14 Includes\Malware-001.sbi (*)
2014-11-14 Includes\Malware-002.sbi (*)
2014-11-14 Includes\Malware-003.sbi (*)
2014-11-14 Includes\Malware-004.sbi (*)
2014-11-14 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2015-01-06 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-11-14 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2015-01-14 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2014-11-14 Includes\Spyware-000.sbi (*)
2014-12-10 Includes\Spyware-001.sbi (*)
2015-01-14 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-11-14 Includes\Trojans-002.sbi (*)
2014-01-15 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2014-07-09 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-07-09 Includes\Trojans-008.sbi (*)
2014-07-09 Includes\Trojans-009.sbi (*)
2015-01-14 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-01-15 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
Everything in the results log except for the doubleclick cookie, (which is only a minimal threat), is either browser-related, (cookies,etc.), or a usage track.
See this
This probably won't be fixed because it is Chrome-related and Chrome gives cleaning problems to the majority of good programs..DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)
Neither the usage tracks nor browser-related entries aret a threat and I'll give instructions on clearing up your browsers with the clean-up instructions.
I'll wait to hear from you with the Mbam result.
Satchfan
Last edited by Satchfan; 2015-01-15 at 13:23.
MalwareBytes Results 16Jan15
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 15/01/2015
Scan Time: 9:25:01 PM
Logfile: MalwareBytes Log 16Jan15.txt
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.01.15.05
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 8.1
CPU: x64
File System: NTFS
User: John
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 377181
Time Elapsed: 21 min, 42 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
MalwareBytes Results 16Jan15 Cont
As you can see scan found nothing to fix. Did not list two files to fix. Did I do something wrong running it?
You did nothing wrong and have done a good job following my instructions.
I would say the computer is clean but please bear with me about sending the clean-up instructions as I won't be able to reply until tomorrow, (am GMT).
Satchfan
Your computer appears to be clean.
Now that you’re free from malware, as long as your computer seems to be running well, please follow these simple steps to tidy up you computer and decrease the likelihood of getting infected again:
Uninstall AdwCleaner
- double click on adwcleaner.exe to run the tool
- click on Uninstall
- confirm with Yes.
===================================================
Download & run Delfix
- download Delfix from here to remove many of the tools we've used during the cleaning process.
- ensure “Remove disinfection tools” is checked.
Also place a checkmark next to:
o Create registry backup
o Purge system restore
- click the Run button.
You can delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete.
===================================================
Windows updates
I notice that Windows updates are waiting to be installed. Click here for information on how to get the latest Windows updates:
===================================================
Update and run Spybot Search and Destroy on a regular basis as you would with your anti-virus software.
===================================================
Update and run Malwarebytes. This really is an excellent program that you should also update and run on a regular basis, probably weekly.
===================================================
It’s important to keep programs up to date so that malware doesn't exploit any old security flaws.
FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated.
===================================================
MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
A couple of links with information here and here which can answer any questions you might have about installing/using it.
===================================================
Unchecky
Be careful when downloading free software. Many free programs come bundled with adware, many of which cause redirects/popups and verge on being malware. There is a program that automatically “unckecks” the boxes you may not notice when downloading programs.
Download and install Unchecky .
I also recommend that you read the following:
How to prevent malware by miekiemoes
Help! My computer is slow! by miekiemoes
Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams
I will keep this open for 24 hours in case you have any problems, after which I’ll close the topic.
Safe computing
Satchfan
Final
Everything done.
I have learnt enough along the way to know that I probably could not have solved the problem without your help and advice. I may have had to wipe and reload windows. Your help and advice has been greatly, greatly appreciated.
You are welcome.Your help and advice has been greatly, greatly appreciated.
As I said, I'll leave this open for 24 hours after which I'll assume all is well and close the topic.
Regards
Satchfan
Posting Permissions
