Malware Issues after Readme Followed

awdmaum · Oct 13, 2014

I completed all the steps in the readme and removal threads. I am still having problems with videos and other interactive programs while browsing the internet. It seems as the video slows everything down almost to a pause and I'm not able to do much. I am up to date on all the Adobe/Shockwave stuff, but I'm not sure if it's that or something with my computer. Any advice as to what could be causing this?

Kestrel13! · Oct 14, 2014

The Malware Bytes log is blank. Can you run it again please and attach the new log.

Fix items using RogueKiller.

Double-click RogueKiller.exe to run. (Vista/7/8 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the Registry tab and locate these detections:

[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | BrowserAppCoreService : C:\Users\Adam\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\SahProcessManager.exe "C:\Users\Adam\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\ShopAtHome_BAC_Service.exe" "restart" -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\0040231301678566mcinstcleanup (C:\Users\Adam\AppData\Local\Temp\004023~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service) -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MOBCleanup ("C:\Users\Adam\AppData\Local\Temp\MOBCleanup.exe") -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MOBCleanup ("C:\Users\Adam\AppData\Local\Temp\MOBCleanup.exe") -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MOBCleanup ("C:\Users\Adam\AppData\Local\Temp\MOBCleanup.exe") -> Found

[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1627553865-3674084809-3123168745-1003\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.golsearch.com/?babsrc=HP_ss_Btisdt6&mntrId=782B70F1A1A78D22&affID=119557&tsp=4992 -> Found

[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1627553865-3674084809-3123168745-1003\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.golsearch.com/?babsrc=HP_ss_Btisdt6&mntrId=782B70F1A1A78D22&affID=119557&tsp=4992 -> Found

[PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.toggle.com/en/index.php?rvs=google -> Found

Place a checkmark next to each of these items, leave the others unchecked.
Now press the Delete button.

...and the same for this entry on the Tasks tab please...

[Suspicious.Path] \\EPUpdater -- C:\Users\Adam\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe -> Found

When it is finished, there will be a log on your desktop called: RKreport[2].txt
Attach RKreport[2].txt to your next message. (How to attach)
Reboot the machine.

Re run Hitman Pro and have it remove all that it finds.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Attach JRT.txt to your next message.

Now let's see what remains:

Run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

awdmaum · Oct 14, 2014

It seems to be running quite a bit faster, however it is still pausing somewhat in the middle of the video. I also noticed that the CPU usages still jumps up quite high and causes the computer to get quite warm (laptop). The main usage is in one of the Chrome processes because that's what I generally use as my browser.

Also, just wanted to get your opinion on Webroot software. This is what BestBuy recommended for me and wanted to know what the thought on this program is.

Kestrel13! · Oct 15, 2014

I cannot help with CPU usage etc... that is topic for the softwrae forum.

I am not familiar with Webroot software. Sorry - again, best to ask about that in the software forum.

Before we continue I would like for you to use MSConfig to put this machine back into normal start up mode, if you haven't done so already.

Uninstall the below using Revo Uninstaller:

Ask Toolbar

Reimage Repair

Are you able to delete these yourself using Windows Explorer?

C:\Users\Adam\AppData\Roaming\ShopAtHome.com BrowserAppCore Service

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair

C:\Program Files (x86)\Get It Free

Run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.

Log in or Sign up

Malware Issues after Readme Followed

awdmaum Private E-2

Attached Files:

RKreport_SCN_10132014_144441.log

MalTextReport.txt

TDSSKiller.3.0.0.40_13.10.2014_15.41.14_log.txt

HitmanPro_20141013_1603.log

MGlogs.zip

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

awdmaum Private E-2

Attached Files:

MalLog2.txt

RKreport2.log

JRT.txt

MGlogs2.zip

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

Malware Issues after Readme Followed

awdmaum Private E-2

Attached Files:

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

awdmaum Private E-2

Attached Files:

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

Useful Searches