Infected PC- Gencrawler

So as of late one of my PCs got infected by a virus.The reason being is because it is a family PC and everyone has access to it, one day one of the household members downloaded something and now its causing issues.

First I did the regular MBAM scan and the following came up:

Code:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.27.11

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Ion :: ION-PC [administrator]

7/27/2012 7:14:54 PM
mbam-log-2012-07-27 (19-14-54).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 280611
Time elapsed: 1 hour(s), 5 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 5
HKCR\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKCR\gencrawler_gc.GenCrawler (Trojan.Downloader) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Ion\Uploads\Mixcraft\patch\acoustica.mixcraft.5.2.build.151-MPT.exe (PUP.Hacktool.Patcher) -> No action taken.
C:\Users\Ion\Uploads\Sony Acid Pro 7e\keygen\Keygen.exe (RiskWare.Tool.CK) -> No action taken.
C:\Users\Ion\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

(end)

But after clearing those I still have issues:
1)unwanted addons to IE9and Chrome
2) automatic tabs to spam sites opening
3) system slows down way too much

I am running MBAM again to make sure it picks anything up but some help would be appreciated.

Do you have "Mediafinder"? You'll want to get rid of it, if you do.
Adware.Mediafinder Technical Details | Symantec

Someone in your household is d/l ing questionable files. It would be best to bring them up to speed on the risks that these carry & the damage they can inflict on a PC. Not to mention the personal information they can steal.

MBAM did not manage to remove/take action against two of the files.

C:\Users\Ion\Uploads\Mixcraft\patch\acoustica.mixcraft.5.2.build.151-MPT.exe (PUP.Hacktool.Patcher) -> No action taken.
C:\Users\Ion\Uploads\Sony Acid Pro 7e\keygen\Keygen.exe (RiskWare.Tool.CK) -> No action taken.

If MBAM cannot remove these, you'll have to try one of the scanners marsmimar recommended. Also follow Jacees advice & check to see if you have the mentioned malware.

And as mentioned above, a clean install is the safest option.

Borg 386 said:

Someone in your household is d/l ing questionable files. It would be best to bring them up to speed on the risks that these carry & the damage they can inflict on a PC. Not to mention the personal information they can steal.

MBAM did not manage to remove/take action against two of the files.

C:\Users\Ion\Uploads\Mixcraft\patch\acoustica.mixcraft.5.2.build.151-MPT.exe (PUP.Hacktool.Patcher) -> No action taken.
C:\Users\Ion\Uploads\Sony Acid Pro 7e\keygen\Keygen.exe (RiskWare.Tool.CK) -> No action taken.

If MBAM cannot remove these, you'll have to try one of the scanners marsmimar recommended. Also follow Jacees advice & check to see if you have the mentioned malware.

And as mentioned above, a clean install is the safest option.

whoa, didn't even see those during the scan,don't know where they came from.
Also I wasn't able to initially find "C:\Users\Ion\Uploads\" there seems to be permissions issues even though I am loged in as admin.

Jacee said:

Do you have "Mediafinder"? You'll want to get rid of it, if you do.
Adware.Mediafinder Technical Details | Symantec

Well, I cant get rid of it, but will follow the guide.
EDIT, the infected computer is now offline from the internet, as it turns out media finder is acting like proxy for illegal p2p file sharing.

On a side note I may not be able to give fast replies as school starts tomorrow.

Do you still have system restore capabilities? If so, you may wish to try that first. Roll back 2 or 3 points past the initial infection point (Some malware embeds itself in the first restore point). This may fix the problem.

If not, then it might be wise to run Windows Defender Offline as suggested by marsmimar. This is a boot disk, or it can be run from a USB. Make sure you d/l the files on another PC, not the infected one.

You can also try running MBAM in safe mode & see if it can remove the problem files. However, there may be damage to some of your OS files depending on the severity of the virus.

Borg 386 said:

Do you still have system restore capabilities? If so, you may wish to try that first. Roll back 2 or 3 points past the initial infection point (Some malware embeds itself in the first restore point). This may fix the problem.

If not, then it might be wise to run Windows Defender Offline as suggested by marsmimar. This is a boot disk, or it can be run from a USB. Make sure you d/l the files on another PC, not the infected one.

You can also try running MBAM in safe mode & see if it can remove the problem files. However, there may be damage to some of your OS files depending on the severity of the virus.

yes I still have system restore, didn't even think about that. right now i am trying a previous restore point to check and see if I can resolve the problem.