Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

searchnu/410 take 2

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: searchnu/410 take 2

Unread postby mambass » May 26th, 2012, 10:11 am

Hi Xchaos, :)

Xchaos wrote:no problems with system and searchnu is no longer opening a browser when i open chrome.
That's what I wanted to see this morning. :thumbup:


Xchaos wrote:However, i am unable to save MBR.dat to a usb flash drive as i do not own one, it is currently saved to my desktop, is this a problem?
That's no problem. As it turns out, there's no evidence of a problem with the MBR.


Please print these instructions because you will not have access to the Internet while performing some of the tasks below.

  1. Create a System Restore Point
    1. Go to Start, right-click on Computer and select Properties.
    2. In the left pane under Tasks, click System protection.
    3. If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
    4. Select System Protection ...then choose Create.
    5. In the System Restore dialog box, type a description for the restore point (e.g., Java Cleanup) and click Create again.
    6. A window should pop up with "The Restore Point was created successfully" message.
    7. Click OK and close the System Restore dialog.

      Note: If the message window was not displayed stating that the system restore point was created successfully then STOP - Do not continue with the steps below but rather reply to let me know what happened.

  2. Remove Programs Using Control Panel
    Take extra care in answering questions posed by any Uninstaller.

    1. Click Start > Control Panel and then double-click on Programs and Features.
    2. Right-click the Java Auto Updater entry, choose Uninstall/Change, and give permission to Continue:
    3. Right-click the Java(TM) 6 Update 31 entry, choose Uninstall/Change, and give permission to Continue:

  3. Perform a Custom Fix with OTL
    1. Right-click the OTL icon on your Desktop and select Run As Administrator to run the program.
    2. In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
      Code: Select all
      :processes
      killallprocesses
      :OTL
      CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
      O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
      
      :Commands
      [EMPTYTEMP]
      [CREATERESTOREPOINT]
      
      
    3. Close all running applications other than OTL.
    4. Click the Run Fix button at the top.
    5. Let the program run unhindered and reboot the PC when it is done.
    6. When the computer Reboots, and you start your usual account, a Notepad text file will appear.
    7. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log.

  4. Install Java Runtime Environment
    1. Please goto http://www.oracle.com/technetwork/java/javase/downloads/index.html
    2. Find the section labeled Java SE 6 Update 32 and click on the JRE Download button. (DO NOT click the JDK Download button).
    3. Click the Accept License Agreement option.
    4. Find the Windows x64 (64-bit) entry, click the jre-6u32-windows-x64.exe link and save the installer on your Desktop.
    5. Right-click the jre-6u32-windows-x64.exe icon on your Desktop and select Run As Administrator to install the newest version of Java for you to use.
      1. During the Installation, be sure to UNCHECK any offer for McAfee Security Scan Plus. It's just adware.
      2. Also always UNCHECK any offer for Ask Toolbar during the installation of Java or any other product.
    6. When it finishes, you can remove the Installer from your desktop.

  5. Run Malwarebytes Anti-Malware
    1. You already have Malwarebytes installed on your computer. Right-click on the Malwarebytes entry under Start > All Programs > Malwarebytes' Anti-Malware > Malwarebytes Anti-Malware and select Run As Administrator to run the program.
    2. If a message is displayed asking if you would like to update the database then click the Yes button to allow the update.
      • If asked, click OK to allow the program to close and install the latest version.
      • If necessary, start Malwarebytes Anti-Malware again.
    3. Once the program has started up, select Perform Quick Scan, then click Scan.
    4. When the scan is complete, click OK, then Show Results to view the results.
    5. If it found any malware items, check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    6. When completed, a log will open in Notepad. Please save it to a convenient location, and post the contents in your reply.
    7. The log can also be found using the "Logs" tab in the program. You can click any "Scan" log listed to open its contents. The logs are listed and named by time/date stamp.


  6. ESET online scanner
    Note: You are using Windows 7 so please open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

    1. Please disable your AVG 2012 antivirus as shown in How To Disable Individual AVG Components.
    2. Hold down Ctrl then click on the following link to open a new window to ESET online scannner
      • If Internet Explorer is being used then check Yes, I accept the Terms of Use and then click the Start button.
        Allow the ESET Scanner Active-X component to be installed if asked and click the Retry button if prompted to restart the download.

      • If a browser other than Internet Explorer is being used then click the esetsmartinstaller_enu.exe link and save the installer to your Desktop.
        Right-click on the installer and select Run As Administrator to run it.
        Check Yes, I accept the Terms of Use and click the Start button.
    3. Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
    4. Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    5. Now click on Start.
    6. The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    7. When completed the Online Scan will begin automatically.
    8. Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    9. When the scan completes, press the text: Image
    10. Press the text: Image and then save the file to your Desktop as ESETScan.txt.
    11. Press the [Back] button and then press the [Finish] button.
    12. Copy and paste the contents of ESETScan.txt in your next reply.
      Note: If no threats are found, there is no option to create a log. Just report back to me there was nothing found.
    13. Re-enable your Antivirus software.


Please include in your reply:
  1. The text of any error messages and/or a description of any problems you encountered while performing these steps.
  2. The contents of the OTL Fix log.
  3. The contents of the Malwarebytes log.
  4. The contents of the ESET log.
  5. A description of how your computer is running and any Malware symptoms that are still present.


mambass
User avatar
mambass
Retired Graduate
 
Posts: 826
Joined: April 23rd, 2010, 9:26 am
Advertisement
Register to Remove

Re: searchnu/410 take 2

Unread postby Xchaos » May 27th, 2012, 3:13 am

All processes killed
========== PROCESSES ==========
========== OTL ==========
File C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_USERS\S-1-5-21-3348312659-1988098414-3620540194-1000\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\S-1-5-21-3348312659-1988098414-3620540194-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Xchaos
->Temp folder emptied: 58868847 bytes
->Temporary Internet Files folder emptied: 60002088 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 22447818 bytes
->Flash cache emptied: 689 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 84636 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 135.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.43.1 log created on 05272012_080213

Files\Folders moved on Reboot...
C:\Users\Xchaos\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
Xchaos
Regular Member
 
Posts: 16
Joined: May 22nd, 2012, 8:37 am

Re: searchnu/410 take 2

Unread postby Xchaos » May 27th, 2012, 3:18 am

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.27.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Xchaos :: LITTLE-BASTARD [administrator]

Protection: Enabled

27/05/2012 08:16:27
mbam-log-2012-05-27 (08-16-27).txt

Scan type: Custom scan
Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P
Objects scanned: 4
Time elapsed: 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Xchaos
Regular Member
 
Posts: 16
Joined: May 22nd, 2012, 8:37 am

Re: searchnu/410 take 2

Unread postby Xchaos » May 27th, 2012, 3:36 am

eset scan results


C:\Users\Xchaos\Downloads\winamp5623_full_bundle_emusic-7plus_all.exe Win32/OpenCandy application
C:\_OTL\MovedFiles\05242012_232639\C_Users\Xchaos\AppData\Local\Temp\SetupDataMngr_Searchqu.exe a variant of Win32/Toolbar.SearchSuite application
Xchaos
Regular Member
 
Posts: 16
Joined: May 22nd, 2012, 8:37 am

Re: searchnu/410 take 2

Unread postby mambass » May 27th, 2012, 8:37 pm

Hi Xchaos, :)

Your computer appears to be clear of malware. Good job. :thumbup:

Please stay with me a bit longer because there are a few important things that we still need to do to cleanup and make sure that you don't get infected again.

Please print these instructions because you will need to close this browser window in a step below.

  1. Perform a Custom Fix with OTL
    1. Right-click the OTL icon on your Desktop and select Run As Administrator to run the program.
    2. In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
      Code: Select all
      :Commands
      [CLEARALLRESTOREPOINTS]
      
      
    3. Close all running applications other than OTL.
    4. Click the Run Fix button at the top.
    5. Let the program run unhindered. There is no need to post the output log.

  2. Cleanup with OTL
    1. Close all windows/applications.
    2. Right-click the OTL icon on your Desktop and select Run As Administrator.
    3. Click the CleanUp button in the OTL window. The cleanup will begin after which a dialog will be displayed indicating that a reboot is required.
    4. Click the OK button in the message window. The system will reboot.

  3. Stay clean
    The important thing now is to actively do things that will help keep you from getting infected in the future.

    1. Keep Antivirus and applications updated
      This is the MOST IMPORTANT thing that you can do to keep from becoming infected.
      • Keep Microsoft products up-to-date with the latest security patches. Either
        • Enable some level of Automatic Updates
          • Click Start > Control Panel. The Control Panel window will be displayed.
          • Click the Windows Update entry. The Windows Update frame will be displayed.
          • Click the Change setting link in the left column of the window. The Choose how Windows can install updates frame will be displayed.
          • Select the option which best fits your needs.
        • Or click Start > All Programs > Windows Update on a regular basis and follow the instructions to install all important updates.

      • I personally use and recommend the free Secunia Personal Software Inspector (PSI). This program will keep you aware of software that is installed on your computer that contains security vulnerabilities for which security patches exist. I have mine set to automatically scan my computer weekly.

      • All updates are important but pay particular attention to updates for all browsers as well as Microsoft, Java and Adobe products. These are widely-used products that Malware writers frequently target.

    2. Read and stay informed!

      To help minimize the chances of becoming re-infected, please read.
      Computer Security - a short guide to staying safer online

      If your computer is running slowly after your clean up, please read.
      What to do if your Computer is running slowly


I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing! :)


mambass
User avatar
mambass
Retired Graduate
 
Posts: 826
Joined: April 23rd, 2010, 9:26 am

Re: searchnu/410 take 2

Unread postby Xchaos » May 28th, 2012, 3:10 am

Mambass,

Clean up is done and all is running well, tyvm for your help on this matter - much appreciated,

Take care ;)
Xchaos
Regular Member
 
Posts: 16
Joined: May 22nd, 2012, 8:37 am

Re: searchnu/410 take 2

Unread postby deltalima » May 28th, 2012, 9:41 am

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 117 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware