Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware, keylogger or trojan problem

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Malware, keylogger or trojan problem

Unread postby siqzz » January 27th, 2016, 10:43 am

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:06-01-2015
durchgeführt von Nutzer (2016-01-27 16:37:51) Run:1
Gestartet von C:\Users\Nutzer\Desktop\Neuer Ordner (2)
Geladene Profile: Nutzer (Verfügbare Profile: Nutzer)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Keine Datei
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\S-1-5-21-296788986-4175192466-186242963-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Keine Datei]
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\pdf.dll => Keine Datei
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => Keine Datei
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => Keine Datei
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => Keine Datei
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll => Keine Datei
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll => Keine Datei
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll => Keine Datei
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S3 trufos; system32\drivers\trufos.sys [X]
Task: {3CA0DB93-5755-48F8-8987-03BFE54C1FBB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {47536D45-EEEC-4BDC-8183-A4DC1F8DA9E4} - \Microsoft\Windows\Customer Experience Improvement Program\UsbCeip -> Keine Datei <==== ACHTUNG
Task: {4F586805-A46B-4122-9933-C502FA916B2A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {88A411E6-6CA8-4F91-8A0D-FCF0679208F6} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {B0D56F18-E551-4391-A203-FE430CF2CFEF} - \CreateChoiceProcessTask -> Keine Datei <==== ACHTUNG
Task: {BFF8A4E4-B403-4F9D-A732-8ABC0BA70865} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {C016366B-7126-46CA-B36B-592A3D95A60B} - \Microsoft\Windows\Customer Experience Improvement Program\Consolidator -> Keine Datei <==== ACHTUNG
Task: {DE166336-6B57-4D47-9FAE-FA747CFBD859} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {FDD56C73-F0D5-41B6-B767-6EFFD7966428} - \Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask -> Keine Datei <==== ACHTUNG
EmptyTemp:
*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Schlüssel nicht gefunden.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Schlüssel erfolgreich entfernt
"HKU\S-1-5-21-296788986-4175192466-186242963-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Schlüssel erfolgreich entfernt
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Schlüssel erfolgreich entfernt
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Schlüssel erfolgreich entfernt
C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\pdf.dll => nicht gefunden.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => nicht gefunden.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => nicht gefunden.
C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => nicht gefunden.
C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll => nicht gefunden.
C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll => nicht gefunden.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll => nicht gefunden.
catchme => Dienst erfolgreich entfernt
taphss6 => Dienst erfolgreich entfernt
trufos => Dienst erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3CA0DB93-5755-48F8-8987-03BFE54C1FBB}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3CA0DB93-5755-48F8-8987-03BFE54C1FBB}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{47536D45-EEEC-4BDC-8183-A4DC1F8DA9E4}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47536D45-EEEC-4BDC-8183-A4DC1F8DA9E4}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F586805-A46B-4122-9933-C502FA916B2A}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F586805-A46B-4122-9933-C502FA916B2A}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{88A411E6-6CA8-4F91-8A0D-FCF0679208F6}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88A411E6-6CA8-4F91-8A0D-FCF0679208F6}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0D56F18-E551-4391-A203-FE430CF2CFEF}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0D56F18-E551-4391-A203-FE430CF2CFEF}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CreateChoiceProcessTask" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BFF8A4E4-B403-4F9D-A732-8ABC0BA70865}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BFF8A4E4-B403-4F9D-A732-8ABC0BA70865}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C016366B-7126-46CA-B36B-592A3D95A60B}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C016366B-7126-46CA-B36B-592A3D95A60B}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Customer Experience Improvement Program\Consolidator" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DE166336-6B57-4D47-9FAE-FA747CFBD859}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE166336-6B57-4D47-9FAE-FA747CFBD859}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FDD56C73-F0D5-41B6-B767-6EFFD7966428}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDD56C73-F0D5-41B6-B767-6EFFD7966428}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask" => Schlüssel erfolgreich entfernt
EmptyTemp: => 906.8 MB temporäre Dateien entfernt.


Das System musste neu gestartet werden.

==== Ende von Fixlog 16:38:36 ====
siqzz
Regular Member
 
Posts: 29
Joined: January 22nd, 2016, 8:13 pm
Advertisement
Register to Remove

Re: Malware, keylogger or trojan problem

Unread postby siqzz » January 27th, 2016, 10:47 am

No problems occurred - though I did write fixlist.tnt instead of fixlist.txt for the first run. I fixed that when it could not find the file "fixlist.txt".

Also should I delete CCleaner? And I could not delete BITRaider because it apparently is necessary for Star Wars TOR... Like you said, we should delete that and use your trick to get around downloading it again. I would not mind downloading the game again.
siqzz
Regular Member
 
Posts: 29
Joined: January 22nd, 2016, 8:13 pm

Re: Malware, keylogger or trojan problem

Unread postby wannabeageek » January 27th, 2016, 5:45 pm

Hi siqzz,

As long as you are not using the registry cleaner, CCleaner should be ok. BITRaider we will work later.

Please run the following:

Step 1.
AdwCleaner Download and Run

Click on this link to download : ADWCleaner
Click on the Download Now button and save it to your desktop.

NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

Close your browser and double click on this icon on your desktop:

Image

You will then see the screen below. Click on the Scan button (as indicated), accept any prompts that appear and allow it to run.
It may take several minutes to complete. When it is done click on the Clean button, accept any prompts that appear and allow the system to reboot.
You will then be presented with the report. Copy & Paste it into your next post.

Image

Please post the content of the C:\AdwCleaner[S?].txt logfile in your next reply.


Step 2.
Junkware Removal Tool
Please download Junkware Removal Tool and save it to your desktop.
  • Shut down your protection software as shown in This topic now to avoid potential conflicts.
  • Right-click JRT.exe and select " Run as administrator " to run it. If prompted by UAC, please allow it.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Please post the contents of JRT.txt into your next reply.


Please include in your next reply:
  1. Contents of C:\AdwCleaner[S?].txt
  2. Contents of JRT.txt
  3. Any problem executing the instructions?
  4. How is the computer behaving?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Malware, keylogger or trojan problem

Unread postby siqzz » January 28th, 2016, 11:31 am

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 7 Home Premium x64
Ran by Nutzer (Administrator) on 28.01.2016 at 16:45:53,19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 5

Successfully deleted: C:\Users\Nutzer\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\Nutzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3CO8PFGO (Folder)
Successfully deleted: C:\Users\Nutzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DJ9T2CC1 (Folder)
Successfully deleted: C:\Users\Nutzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QUIPIC7D (Folder)
Successfully deleted: C:\Users\Nutzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XZOKPNMG (Folder)



Registry: 1

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.01.2016 at 16:48:40,46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
siqzz
Regular Member
 
Posts: 29
Joined: January 22nd, 2016, 8:13 pm

Re: Malware, keylogger or trojan problem

Unread postby siqzz » January 28th, 2016, 11:31 am

# AdwCleaner v5.031 - Bericht erstellt am 28/01/2016 um 16:36:28
# Aktualisiert am 25/01/2016 von Xplode
# Datenbank : 2016-01-25.3 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Nutzer - NUTZER-PC
# Gestartet von : C:\Users\Nutzer\Downloads\AdwCleaner.exe
# Option : Löschen
# Unterstützung : http://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****


***** [ Dateien ] *****


***** [ DLLs ] *****


***** [ Verknüpfungen ] *****


***** [ Aufgabenplanung ] *****


***** [ Registrierungsdatenbank ] *****

[-] Schlüssel Gelöscht : HKCU\Software\360

***** [ Internetbrowser ] *****


*************************

:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [792 Bytes] ##########
siqzz
Regular Member
 
Posts: 29
Joined: January 22nd, 2016, 8:13 pm

Re: Malware, keylogger or trojan problem

Unread postby wannabeageek » January 28th, 2016, 4:43 pm

Hi siqzz,

Run this and post the results. I have not forgotten about the SWTOR fix for BitRaider.


ESET online scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic. Scroll down to find your product.
  • Note: Remember to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scanner
  • Press the Blue Run ESET Online Scanner button on the left side of the page.
  • A popup box will open.
  • Select the option YES, I accept the Terms of Use then click on Start.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • When the scan is completed and you would like the program removed, select Uninstall application on close. Be sure you have copied the log file first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt. NOTE: The file may not be at this exact location.
  • Copy and paste that log as a reply to this topic.

Note: Remember to re-enable your Anti-Virus application after running the above scan!
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Malware, keylogger or trojan problem

Unread postby siqzz » January 29th, 2016, 6:41 pm

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# product=EOS
# version=8
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# EOSSerial=
# end=init
# utc_time=2016-01-29 02:53:11
# local_time=2016-01-29 04:53:11 (+0200, Türkei Normalzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 27883
# product=EOS
# version=8
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# EOSSerial=
# end=updated
# utc_time=2016-01-29 03:01:24
# local_time=2016-01-29 05:01:24 (+0200, Türkei Normalzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=
# engine=27883
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2016-01-29 08:48:13
# local_time=2016-01-29 10:48:13 (+0200, Türkei Normalzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 21830 205730343 0 0
# compatibility_mode_1='360 Total Security'
# compatibility_mode=16646 16777213 100 100 194521 6763056 0 0
# scanned=279276
# found=1
# cleaned=0
# scan_time=20807
sh=4CEA705682BB790C11ABEF4561B0A3A04C405172 ft=1 fh=b2e2ce7ff5f99577 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Nutzer\Downloads\spsetup128.exe"
siqzz
Regular Member
 
Posts: 29
Joined: January 22nd, 2016, 8:13 pm

Re: Malware, keylogger or trojan problem

Unread postby siqzz » January 29th, 2016, 6:41 pm

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# product=EOS
# version=8
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# EOSSerial=
# end=init
# utc_time=2016-01-29 02:53:11
# local_time=2016-01-29 04:53:11 (+0200, Türkei Normalzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 27883
# product=EOS
# version=8
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# EOSSerial=
# end=updated
# utc_time=2016-01-29 03:01:24
# local_time=2016-01-29 05:01:24 (+0200, Türkei Normalzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=
# engine=27883
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2016-01-29 08:48:13
# local_time=2016-01-29 10:48:13 (+0200, Türkei Normalzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 21830 205730343 0 0
# compatibility_mode_1='360 Total Security'
# compatibility_mode=16646 16777213 100 100 194521 6763056 0 0
# scanned=279276
# found=1
# cleaned=0
# scan_time=20807
sh=4CEA705682BB790C11ABEF4561B0A3A04C405172 ft=1 fh=b2e2ce7ff5f99577 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Nutzer\Downloads\spsetup128.exe"
siqzz
Regular Member
 
Posts: 29
Joined: January 22nd, 2016, 8:13 pm

Re: Malware, keylogger or trojan problem

Unread postby wannabeageek » January 30th, 2016, 3:35 pm

Hi siqzz,

Sorry to keep you waiting.

Please run the following fixes.


Step 1.
Registry Backup (TCRB)
TCRB should still be on your desktop - if not;
Please download tweaking.com_registry_backup_setup.exe
Choose a download site for the installer... download and save it to your desktop.
Double click on the "...setup.exe" program and install the program. Let the install use the default installation. How to tutorial here.

Once the program is installed...
  1. Double click the Tweaking.com Registry Backup icon ... on your Desktop to open the program.
  2. Right mouse click the Tweaking.com Registry Backup icon, select "Run As Administrator" to run it... if UAC prompts, please allow it.
  3. It should open with the Backup Registry tab selected and all file options checked. Check any that are not already checked.
  4. Click on Backup Now to create a backup of your Registry.
    You'll see "Waiting for Volume Shadow Copy snapshot..." this may take a few moments, just be patient.
  5. When completed you should see a message saying something like ... Successful ??/?? Registry Files Backed Up ... ?? is total number of files, both numbers should match.
  6. Close and exit the program.

< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!


Step 2.
  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad.
    • To make this easy, click the "select all" button then hover over the highlighted text and right mouse click to select copy.
Code: Select all
File: C:\Users\Nutzer\Downloads\spsetup128.exe
EmptyTemp:

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log


Step 3.
Here is the fix for SWTOR for to remove BitRaider. Let me know how the process turns out for you.

WARNING: THIS WILL CAUSE A COMPLETE DOWNLOAD OF ALL 25 GB

That said it will make all future downloads without Bitraider which has to many problems.

  1. Close SWTOR
  2. Right click the SWTOR icon on your desktop and select "Open file location".
  3. Open the launcher.settings file in Notepad or other text editor.
  4. Find the following section and change it to:

    Code: Select all
    , "PatchingMode": "{ \"swtor\": \"SSN\"}"
    , "bitraider_download_complete": { }
    , "log_levels": "INFO,SSNFO,ERROR"
    , "bitraider_disable": "true"

  5. SAVE (If you are using Notepad, make sure you choose "Save as" and change the "Save as type:" to "All Files (*.*)" so it saves as launcher.settings and not launcher.settings.txt)
  6. Delete the bitraider folder located in the SWTOR folder.
  7. Run the launcher, and wait tor the the full 25+GB to download and install again.
The time duration: 60 - 90 minutes or longer. Your internet connection speed determines this.

There is no way to use the existing files to shorten the download. Though you can also delete the assets and movies folder if you like since it is going to re download those anyway. Your download speeds should be much faster once it is complete. Downloading the entire game will take awhile though depending on server traffic (hour to hour and a half average) so you may want to do this while you sleep. From now on you should no longer see the "ST" in the bottom left corner of your launcher client as your no longer going through EA 3rd party bloatware and now using the direct SSN download.




Please include in your next reply:
  1. Result of TCRB
  2. Contents of fixlist.txt
  3. Result of SWTOR removal of BitRaider
  4. Any problem executing the instructions?
  5. How is the computer behaving?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Malware, keylogger or trojan problem

Unread postby siqzz » January 31st, 2016, 11:53 am

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:06-01-2015
durchgeführt von Nutzer (2016-01-31 17:11:19) Run:2
Gestartet von C:\Users\Nutzer\Desktop\Neuer Ordner (2)
Geladene Profile: Nutzer (Verfügbare Profile: Nutzer)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
File: C:\Users\Nutzer\Downloads\spsetup128.exe
EmptyTemp:
*****************


========================= File: C:\Users\Nutzer\Downloads\spsetup128.exe ========================

Datei ist digital signiert
MD5: 678AB0E8665345E72D11149A36F965BE
Erstellungs- und Änderungsdatum: 2015-11-18 21:10 - 2015-11-18 21:10
Größe: 5127432
Attribute: ----A
Firmenname: Piriform Ltd
Interne Name:
Original Name:
Produkt:
Beschreibung: Speccy Installer
Datei Version: 1.0.0.0
Produkt Version:
Urheberrecht: Copyright © 2006-2015 Piriform Ltd

====== Ende von File: ======

EmptyTemp: => 477.1 MB temporäre Dateien entfernt.


Das System musste neu gestartet werden.

==== Ende von Fixlog 17:12:27 ====
siqzz
Regular Member
 
Posts: 29
Joined: January 22nd, 2016, 8:13 pm

Re: Malware, keylogger or trojan problem

Unread postby siqzz » January 31st, 2016, 11:58 am

I can't open the launcher.settings file
siqzz
Regular Member
 
Posts: 29
Joined: January 22nd, 2016, 8:13 pm

Re: Malware, keylogger or trojan problem

Unread postby wannabeageek » January 31st, 2016, 11:59 am

Is any error displayed explaining the reason?
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Malware, keylogger or trojan problem

Unread postby siqzz » January 31st, 2016, 1:51 pm

It is not really an error - the file is just not saved in such a format so that I can open it.

I can't open it with other programs either.
siqzz
Regular Member
 
Posts: 29
Joined: January 22nd, 2016, 8:13 pm

Re: Malware, keylogger or trojan problem

Unread postby wannabeageek » January 31st, 2016, 3:05 pm

Hi siqzz,

Although I do have a steam account and play some steam games, Star Wars - The Old Republic is not one of them. What I posted is what I found from English/American SWTOR forums. This fix was even on the SWTOR Steam forum. It is possible that someone there is better suited to assist you as I am not familiar with any changes to that game or how language may affect file types.

I would like you to run that FRST fix again because the file did not delete.

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad.
    • To make this easy, click the "select all" button then hover over the highlighted text and right mouse click to select copy.
Code: Select all
C:\Users\Nutzer\Downloads\spsetup128.exe
EmptyTemp:

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Malware, keylogger or trojan problem

Unread postby siqzz » February 1st, 2016, 3:30 pm

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:06-01-2015
durchgeführt von Nutzer (2016-02-01 17:03:13) Run:3
Gestartet von C:\Users\Nutzer\Desktop\Neuer Ordner (2)
Geladene Profile: Nutzer (Verfügbare Profile: Nutzer)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
C:\Users\Nutzer\Downloads\spsetup128.exe
EmptyTemp:
*****************

C:\Users\Nutzer\Downloads\spsetup128.exe => erfolgreich verschoben
EmptyTemp: => 437.6 MB temporäre Dateien entfernt.


Das System musste neu gestartet werden.

==== Ende von Fixlog 17:03:33 ====
siqzz
Regular Member
 
Posts: 29
Joined: January 22nd, 2016, 8:13 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 63 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware