Malware Removal, Samsung Latop - Logs, etc.

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by ETEl2NAL407, Dec 5, 2014.

  1. ETEl2NAL407

    ETEl2NAL407 Private E-2

    I've used the infamous R&RME1st guide on several machines now with great success, so here's another.

    My girlfriend's Samsung laptop. Seems through the process there were many hits on a few scans and all browsers nix the homepage, regardless of manual settings, and go to a Trivio search (damn them). Other than that, just the usual slow PC performance and annoying adware popups. I've attached the standard logs - to include MBRCheck, but will omit TDSkiller, since it found nothing. If it's needed please just let me know and I'll attach it in a reply.

    Thanks again for this amazing guide, I keep coming back to it for every new machine I use that's infected. It works great!
     

    Attached Files:

    ETEl2NAL407, Dec 5, 2014
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    I am currently reviewing your logs and will post back with a response asap. :)
     
    Kestrel13!, Dec 5, 2014
    #2
  3. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Re run Hitman and have it remove what it finds.


    Re run Malware Bytes and attach the NEW log.


    http://img805.imageshack.us/img805/9659/rktigzy.gif Fix items using RogueKiller.

    Double-click RogueKiller.exe to run. (Vista/7/8 right-click and select Run as Administrator)
    When it opens, press the Scan button
    Now click the Registry tab and locate these detections:

    • [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44ed99e2-16a6-4b89-80d6-5b21cf42e78b} -> Found
    • [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | SPDriver : C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.193\jsdrv.exe -> Found
    • [PUP] (X64) HKEY_USERS\S-1-5-21-2961404673-414218333-4232183137-1001\Software\Microsoft\Windows\CurrentVersion\Run | SPDriver : C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.193\jsdrv.exe -> Found
    • [PUP] (X86) HKEY_USERS\S-1-5-21-2961404673-414218333-4232183137-1001\Software\Microsoft\Windows\CurrentVersion\Run | SPDriver : C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.193\jsdrv.exe -> Found
    • [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CltMngSvc (C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe) -> Found
    • [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\netfilter64 (system32\drivers\netfilter64.sys) -> Found
    • [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SavingsbullFilterService64 (c:\Program Files\SavingsbullFilter\SavingsbullFilterService64.exe) -> Found
    • [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SMUpdd (\??\C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys) -> Found
    • [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CltMngSvc (C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe) -> Found
    • [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\netfilter64 (system32\drivers\netfilter64.sys) -> Found
    • [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SavingsbullFilterService64 (c:\Program Files\SavingsbullFilter\SavingsbullFilterService64.exe) -> Found
    • [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMUpdd (\??\C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys) -> Found

    Place a checkmark next to each of these items, leave the others unchecked.
    Now press the Delete button.
    When it is finished, there will be a log on your desktop called: RKreport[2].txt
    Attach RKreport[2].txt to your next message. (How to attach)
    Reboot the machine.




    http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.



    Please download AdwCleaner by Xplode and save to your Desktop.

    • Double click on AdwCleaner.exe to run the tool.
    • Vista/Windows 7/8 users right-click and select Run As Administrator
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
    • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
    • Attach the logfile to your next next reply.
    • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.



    Run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.
     
    Kestrel13!, Dec 5, 2014
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds