MBAM found three pieces of malware. I’m particularly concerned as one is a password stealer. Any help would be gratefully received.
More files.
I'm particularly concerned as one is a password stealerChange all your passwords, something you should do on a regular basis anyway
Password Generator: https://identitysafe.norton.com/password-generator
somone will soon check your logs 
Thanks. SuperAntiSpyware has found something else that MBAM didn’t pick up so I’ll post that log when it completes.
This is what Super Anti Spyware found.
Is there any point changing my passwords until this problem has been resolved? I imagine if I were to change them and this thing is able to steal them then it would just take the new ones anyway.
Do not run this inside Sandboxie; put this on the un-sandboxed system and run it. Thanks.
Download CKScanner from here
Important : Save it to your desktop.
[*]Doubleclick CKScanner.exe and click Search For Files.
[*]After a very short time, when the cursor hourglass disappears, click Save List To File.
[*]A message box will verify that the file is saved.
[*]Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
When I try to run it it goes into “not responding”.
It ran in the end:
CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.LMAAL0
----- EOF -----
Thanks for the extra logs. Interesting collection of files you have there.
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[b] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/b]
Download attached fixlist.txt file and save it to the Desktop:
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
- Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
- Press the Fix button just once and wait.
- If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
- When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please attach it to your reply.
Thanks.
All done.
Were they anything dangerous?
No; they were just remains from past malware (so it seems).
Junkware Removal Tool
Please download JRT from here to your desktop.
Note: Temporarily disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.
Double click the JRT.exe file to run the application.
The application will open an Command Prompt window and run from there (this is normal for this program, so not to be alarmed).
When it is asked, press any key to allow the program to continue / run.
This will create a log on the desktop; please copy and paste the JRT.txt log text in your next post.
Note: After the log file is created, please enable your protection software / reboot your system and verify your protection software is enabled.
Thanks.
https://www.virustotal.com/en-gb/domain/fullstuff.net/information/
Good way to get a system infected.
Stop using illegal software.
What? What illegal software? I’m not the only one who uses this computer.
C:\SANDBOX\MYPC\DEFAULTBOX\USER\CURRENT\APPDATA\LOCAL\TEMP\SBIE_TEMP\1D1E04DC36CB46F\MALWAREBYTES ANTI-MALWARE PREMIUM ACTIVATOR- [FULLSTUFF.NET].EXE
Yesterday a webpage popped up which told me to update Malwarebytes so I did. Don’t think it was the MBAM site but as it was MBAM I assumed it was safe.
Not to be too blunt but when Malwarebytes finds itself, one would really wonder what is happening …
Go to Emsisoft and download the Emsisoft Free Emergency Kit from here.
- Double click on the EmsisoftEmergencyKit.exe file and then click on Extract to unpack the files (the default directory of C:\EEK is fine).
- Go to the new directory and right click on Start Emergency Kit Scanner.exe and choose ‘Run as Administrator’.
- Once the scanner loads, allow it check for updates.
- When the updates are finished, click the BACK button to return to the main menu.
- Click on the SCAN and select Malware Scan to start scanning your system. Please enable the PUP detection option, if it asks.
- If the scan finds anything, it will open a scan finding window. Please click on View Report; copy this report and paste it here in reply post.
- Please close the Emergency Kit Scanner program now.
Thanks.
Emsisoft Emergency Kit - Version 11.0
Last update: 19/07/2016 08:22:11
User account: Test\MyPC
Scan settings:
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
Scan start: 19/07/2016 08:22:35
Key: HKEY_USERS\S-1-5-21-2623923472-273756361-1820021794-1001_CLASSES\WOW6432NODE\CLSID{A2DF06F9-A21A-44A8-8A99-8B9C84F29160} detected: Application.AdReg (A)
Scanned 76137
Found 1
Scan end: 19/07/2016 08:27:00
Scan time: 0:04:25
Are your Security Programs finding anything else? Avast? Malwarebytes? SuperAntiSpyware?
How is your system running now?