virus keeps popping back up! opens up IE and messes with registry! PLS HELP!

[garretsw]

Okay I was stupid and downloaded a torrent! Needless to say it my computer keeps getting trojans and malware and everything else in between.

I have scanned with Malwarebytes but it keep reproducing hiding in the registry, files, etc. I deleted the torrent but cannot find where it keeps reproducing from.

It also opens up IE and runs my gpu at max speed but doesnt use any resources from the gpu!

I have to fix the registry after it is removed every time using Auto runs.

Malware bytes data: (long file log incoming. sorry)
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/7/2016
Scan Time: 12:16 PM
Logfile: virus scan.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.08.07.03
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: GARRE

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 304899
Time Elapsed: 4 min, 24 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 2
PUP.Optional.GoldClick, C:\Users\GARRE\AppData\Roaming\ProxyGate\Cloud.exe, 552, Delete-on-Reboot, [2b14f4543c5e53e332bd2a62ad54af51]
PUP.Optional.GoldClick, C:\Users\GARRE\AppData\Roaming\ProxyGate\PGChk.exe, 6972, Delete-on-Reboot, [f14e2c1c801a320442f22b3f4fb28977]

Modules: 14
Trojan.Miuref.Generic, C:\Users\GARRE\AppData\Local\YhdtPack\Hpzrctr80.dll, Delete-on-Reboot, [5be4d573fd9d4beb62e49d41dc257a86],
Trojan.Miuref.Generic, C:\Users\GARRE\AppData\Local\YhdtPack\Hpzrctr80.dll, Delete-on-Reboot, [5be4d573fd9d4beb62e49d41dc257a86],
Trojan.Miuref.Generic, C:\Users\GARRE\AppData\Local\YhdtPack\Hpzrctr80.dll, Delete-on-Reboot, [5be4d573fd9d4beb62e49d41dc257a86],
Trojan.Miuref.Generic, C:\Users\GARRE\AppData\Local\YhdtPack\Hpzrctr80.dll, Delete-on-Reboot, [5be4d573fd9d4beb62e49d41dc257a86],
Trojan.Miuref.Generic, C:\Users\GARRE\AppData\Local\YhdtPack\Hpzrctr80.dll, Delete-on-Reboot, [5be4d573fd9d4beb62e49d41dc257a86],
Trojan.Miuref.Generic, C:\Users\GARRE\AppData\Local\YhdtPack\Hpzrctr80.dll, Delete-on-Reboot, [5be4d573fd9d4beb62e49d41dc257a86],
Trojan.Miuref.Generic, C:\Users\GARRE\AppData\Local\YhdtPack\Hpzrctr80.dll, Delete-on-Reboot, [5be4d573fd9d4beb62e49d41dc257a86],
Trojan.Miuref.Generic, C:\Users\GARRE\AppData\Local\YhdtPack\Hpzrctr80.dll, Delete-on-Reboot, [5be4d573fd9d4beb62e49d41dc257a86],
Trojan.Miuref.Generic, C:\Users\GARRE\AppData\Local\YhdtPack\Hpzrctr80.dll, Delete-on-Reboot, [5be4d573fd9d4beb62e49d41dc257a86],
Trojan.Miuref.Generic, C:\Users\GARRE\AppData\Local\YhdtPack\Hpzrctr80.dll, Delete-on-Reboot, [5be4d573fd9d4beb62e49d41dc257a86],
Trojan.Miuref.Generic, C:\Users\GARRE\AppData\Local\YhdtPack\Hpzrctr80.dll, Delete-on-Reboot, [5be4d573fd9d4beb62e49d41dc257a86],
Trojan.Miuref.Generic, C:\Users\GARRE\AppData\Local\YhdtPack\Hpzrctr80.dll, Delete-on-Reboot, [5be4d573fd9d4beb62e49d41dc257a86],
Trojan.Miuref.Generic, C:\Users\GARRE\AppData\Local\YbjlPack\Netctr8.dll, Delete-on-Reboot, [ac9366e2940625118644dfffcc35e31d],
PUP.Optional.GoldClick, C:\Users\GARRE\AppData\Roaming\ProxyGate\PGCommon.dll, Delete-on-Reboot, [7fc0291fa0faef470b299cce35ccde22],

Registry Keys: 0
(No malicious items detected)

Registry Values: 1
PUP.Optional.GoldClick, HKU\S-1-5-21-1378962510-1490833838-2733083114-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ProxyGate, C:\Users\GARRE\AppData\Roaming\ProxyGate\MainService.exe, Quarantined, [ae91bd8b9505ec4a7fb53e2c748d8977]

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.ProxyGate.PrxySvrRST, C:\Users\GARRE\AppData\Roaming\ProxyGate, Delete-on-Reboot, [75cab7918614033384724b84a45eae52],
PUP.Optional.ProxyGate.PrxySvrRST, C:\Users\GARRE\AppData\Roaming\ProxyGate\ocx, Quarantined, [75cab7918614033384724b84a45eae52],

Files: 22
Trojan.Miuref.Generic, C:\Users\GARRE\AppData\Local\YhdtPack\Hpzrctr80.dll, Delete-on-Reboot, [5be4d573fd9d4beb62e49d41dc257a86],
Trojan.Miuref.Generic, C:\Users\GARRE\AppData\Local\YbjlPack\Netctr8.dll, Delete-on-Reboot, [ac9366e2940625118644dfffcc35e31d],
PUP.Optional.GoldClick, C:\Users\GARRE\AppData\Roaming\ProxyGate\Cloud.exe, Delete-on-Reboot, [2b14f4543c5e53e332bd2a62ad54af51],
PUP.Optional.GoldClick, C:\Users\GARRE\AppData\Roaming\ProxyGate\PGCommon.dll, Delete-on-Reboot, [7fc0291fa0faef470b299cce35ccde22],
PUP.Optional.GoldClick, C:\Users\GARRE\AppData\Roaming\ProxyGate\PGChk.exe, Delete-on-Reboot, [f14e2c1c801a320442f22b3f4fb28977],
PUP.Optional.GoldClick, C:\Users\GARRE\AppData\Roaming\ProxyGate\MainService.exe, Quarantined, [ae91bd8b9505ec4a7fb53e2c748d8977],
PUP.Optional.GoldClick, C:\Users\GARRE\AppData\Roaming\ProxyGate\PGHelp.exe, Quarantined, [eb543513f1a9e551f73d591107fada26],
PUP.Optional.GoldClick, C:\Users\GARRE\AppData\Roaming\ProxyGate\PGLog.exe, Quarantined, [47f87bcda9f1a78fa490cc9e48b910f0],
PUP.Optional.GoldClick, C:\Users\GARRE\AppData\Roaming\ProxyGate\PGNet.exe, Quarantined, [66d926225842c670b084dd8d57aaf30d],
PUP.Optional.GoldClick, C:\Users\GARRE\AppData\Roaming\ProxyGate\PGUpd.exe, Quarantined, [ce719fa928721b1b201428428d74c937],
PUP.Optional.GoldClick, C:\Users\GARRE\AppData\Roaming\ProxyGate\ProxyGate.exe, Quarantined, [7cc3ab9dd7c3e94d23110f5b1ae71be5],
PUP.Optional.GoldClick, C:\Users\GARRE\AppData\Roaming\ProxyGate\Socket.exe, Quarantined, [4ef132162278ae8863d1f7738d74659b],
PUP.Optional.GoldClick, C:\Users\GARRE\AppData\Roaming\ProxyGate\TrafficMonitor.exe, Quarantined, [211ecb7dd5c5fb3b44f0c4a651b0639d],
PUP.Optional.ProxyGate.PrxySvrRST, C:\Users\GARRE\AppData\Roaming\ProxyGate\TrafficMonitor.ini, Quarantined, [75cab7918614033384724b84a45eae52],
PUP.Optional.ProxyGate.PrxySvrRST, C:\Users\GARRE\AppData\Roaming\ProxyGate\conf.dat, Quarantined, [75cab7918614033384724b84a45eae52],
PUP.Optional.ProxyGate.PrxySvrRST, C:\Users\GARRE\AppData\Roaming\ProxyGate\Config.ini, Quarantined, [75cab7918614033384724b84a45eae52],
PUP.Optional.ProxyGate.PrxySvrRST, C:\Users\GARRE\AppData\Roaming\ProxyGate\dbghelp.dll, Quarantined, [75cab7918614033384724b84a45eae52],
PUP.Optional.ProxyGate.PrxySvrRST, C:\Users\GARRE\AppData\Roaming\ProxyGate\dns.dat, Quarantined, [75cab7918614033384724b84a45eae52],
PUP.Optional.ProxyGate.PrxySvrRST, C:\Users\GARRE\AppData\Roaming\ProxyGate\list.dat, Quarantined, [75cab7918614033384724b84a45eae52],
PUP.Optional.ProxyGate.PrxySvrRST, C:\Users\GARRE\AppData\Roaming\ProxyGate\msvbvm60.dll, Quarantined, [75cab7918614033384724b84a45eae52],
PUP.Optional.ProxyGate.PrxySvrRST, C:\Users\GARRE\AppData\Roaming\ProxyGate\Skin.dll, Quarantined, [75cab7918614033384724b84a45eae52],
PUP.Optional.ProxyGate.PrxySvrRST, C:\Users\GARRE\AppData\Roaming\ProxyGate\ocx\mscomctl.ocx, Quarantined, [75cab7918614033384724b84a45eae52],

Physical Sectors: 0
(No malicious items detected)


(end)

 

[Dark Lord of Tech]

https://www.herdprotect.com/downloads.aspx
Download and run HerdProtect

 

[geofelt]

A nasty virus will disable all attempts to remove it.
That leaves you only with the option to reinstall windows clean.
If it is not so nasty,

you can try to use system restore to reset to when the virus was not present.

You can also try to run the windows malicious software removal tool.

 

[kolton]

Hey,

I'd suggest going to a restore point. Because it seems like this isn't going to let go.

But if you want to try Hitman Pro, give it a go. It's essentially like Malwarebytes, but it could pick something up that Malwarebytes didn't.

Let me know,
Kolton

 

[garretsw]

https://www.herdprotect.com/downloads.aspx
Download and run HerdProtect

I will run it and see what happens thanks.

P.S I would just like to thank you because i see you everywhere on here and you have helped me a lot in the past

 

[kolton]

Also, don't be afraid of torrents. Just make sure you install them from trusted sources (for example, Piratebay has the VIP and Trusted symbols).

 

[garretsw]

Hey,

I'd suggest going to a restore point. Because it seems like this isn't going to let go.

But if you want to try Hitman Pro, give it a go. It's essentially like Malwarebytes, but it could pick something up that Malwarebytes didn't.

Let me know,
Kolton

Yes i might have to do a system restore. Hopefully I set up my restore points properly

 

[garretsw]

Also, don't be afraid of torrents. Just make sure you install them from trusted sources (for example, Piratebay has the VIP and Trusted symbols).

I rarely get viruses from torrents but ever since KAT and TPB went through all of these problems I have had to go through less reliable services

 

[kolton]

Yes i might have to do a system restore. Hopefully I set up my restore points properly

Hey,

If you didn't, I would be afraid of backing up your files and starting fresh, only because I don't know where the virus is. It might just tag along in the backup.

Good luck,
Kolton

 

[USAFRet]

And finally, there comes a point where you might want to consider going nuclear.
Full wipe and reinstall.

Do try all other methods first. But sometimes...they just won't go away.

 

[garretsw]

And finally, there comes a point where you might want to consider going nuclear.
Full wipe and reinstall.

Do try all other methods first. But sometimes...they just won't go away.

Yep I considered that a possibility. I have had to do that a couple of times in the past

 

[garretsw]

I ran herdprotect and it came up with something called manifest.json I am not sure what this is?

 

[garretsw]

I think the issue is gone. I ran multiple antivirus programs but I think hitman got the main virus. The issue hasn't come back and it usually only takes a day. Thank you everyone for the help it was hard to pick the solution.