Win32: Malware - Unable to fix, repair, move to chest, etc.

Hi, I’m very lost, but your “Logs to assist in cleaning malware” gave helpful guidance. Earlier today, Avast detected a threat and asked me to do a boot scan. During that process, it found several infected files, some that weren’t able to fix, repair, delete, or move to the chest. I couldn’t look back at the location of the virus, but I do know it said something like Win32: Malware. (Sorry, the MBAM log is attached after the OTL and Extras one). Thank you so much for taking your time to provide everyone with your post, and for reading this/helping me out.

Thank you for posting and welcome to the forums.

A malware expert has been contacted for you. Please follow all recommended steps exactly.

Hi there, you still have Norton installed I would recommend that you remove that first from Control Panel > Programs and Features and then run the uninstall tool found here https://support.norton.com/sp/en/uk/home/current/solutions/kb20080710133834EN_EndUserProfile_en_us

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKU\S-1-5-21-4045669679-4036885180-2297477582-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchTerms}&l=dis&o=HPNTDF
IE - HKU\S-1-5-21-4045669679-4036885180-2297477582-1000\..\SearchScopes\{6CAB10CB-E84C-4179-9251-876E64B55F5B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-4045669679-4036885180-2297477582-1000\..\SearchScopes\{ADB46911-94E0-41EA-8881-C11738C0BA07}: "URL" = http://searchou.com/?q={searchTerms}&id=90990d2c000000000000ac7289a25149&affilt=5&r=411
IE - HKU\S-1-5-21-4045669679-4036885180-2297477582-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=CA&ver=19
IE - HKU\S-1-5-21-4045669679-4036885180-2297477582-1000\..\SearchScopes\{BA9E499C-7A80-4921-8BB7-98DC291B52EB}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
IE - HKU\S-1-5-21-4045669679-4036885180-2297477582-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb196/?search={searchTerms}&loc=IB_DS&a=6OyZN3JWNb&i=26
IE - HKU\S-1-5-21-4045669679-4036885180-2297477582-1000\..\SearchScopes\{E8CCE1FC-5761-4CAF-BEFE-A16DA69286C5}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^U3&apn_dtid=^YYYYYY^YY^CA&apn_uid=051EA5FA-1224-4B6F-B011-5EEE75A02550&apn_sauid=F9B989E1-37FA-4F61-9FFB-74CC90D7FA2C
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
O2 - BHO: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found.
[2014/03/21 00:33:26 | 000,000,000 | ---D | M] -- C:\Users\Dang\AppData\Roaming\Search Protection

:Files
C:\Users\Dang\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

Hi, thanks for the reply. Here are the two logs.

How is the computer behaving now ?

My internet was extremely slow before I did all of this, and it still kind of was yesterday after I did the steps from your main post. But right now, I’m at a different location, so the internet connection works well. Don’t know if that information would help, but I’ll update you on how slow/fast the internet is when I get home.

My internet is still quite slow at home. I tested everything for it, and everything seems fine. I thought it might have been a hardware problem, but I’m pretty sure it’s because of the viruses. Is there any way to fix that? And is it safe for me to share these logs?

The internet connaction problem may be resolved by resetting your home router, do you know how to do that ?

I know how to reset the modem, but I could probably find how to reset my wireless router on Google. Thank you so much!

To reset the wireless router is quite easy. on the back of the router will be a small hole marked reset. Using a pin or biro press in the small button inside. The router should now reboot and reset to default.

Let me know how it goes after that

Would I have to make a new password?

The password will revert to default when you first got the router

Should I save/backup my previous settings or just manually make a new password?

Make a note of the previous settings and your password just in case they are needed

Hey, I reset my router and used the backup to restore my previous settings, but the wireless icon was blinking orange. It happens when I try to connect to the internet with my phone, which isn’t working. What does that mean?

You will need to reset the wifi connection on the phone, how is the net speed now ?

It was pretty fast/back to normal until 2 minutes ago.

Did it slow down again after a short period ?

Yeah. I tried disconnecting/reconnecting again but it couldn’t even connect for about 2 minutes

Lets have a look at the network data

Please download MiniToolBox, save it to your desktop and run it.

https://dl.dropbox.com/u/73555776/minitoolbox.JPG

Checkmark the following checkboxes:

[]Flush DNS
[
]Report IE Proxy Settings
[]Reset IE Proxy Settings
[
]Report FF Proxy Settings
[]Reset FF Proxy Settings
[
]List content of Hosts
[]List IP configuration
[
]List Winsock Entries
[]List last 10 Event Viewer log
[
]List Installed Programs
[]List Devices
[
]List Users, Partitions and Memory size.
[*]List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using “Reset FF Proxy Settings” option Firefox should be closed.