Corrine Help please

N

nd2121

Active member
Joined
May 1, 2014
Posts
41
I was told to come here from palemoon forum

Ok so I started having troubles. Palemoon acting wierd

1) multi ads and pop ups. Saying I have a virus and other ads. Asking me to click. I DO NOT Click them.

2) I can not post on a fourm I frequent. This is only on one forum and ot works on other browsers such as firefox and IE

3) I did 3 virus scans already Malware bytes, Spybot, Super anti virus (They found 30 new virus. I did not write them down. I did another malware bytes in safe mode it found 11 more

4) I am seeing ads in google. Even though I use Adblock plus.

5) I am currently doing a trendmicro, immunet, and MSE scan So far another virus was caught, Trojan: ww32/bumat!rts

That is a root right?

Would doing a system restore help?

Any suggestions? It seems just palemoon is infected.

If a system restore would fix this I would do it. What do you guys recommend? Any other virus scaners?


Thanks so much

t0q32b.jpg


2rwum12.jpg
 
Hi, nd2121. Welcome to Sysnative!

We will do our best to assist you. However, in order to do so, please follow all instructions provided in the sequence given. Do not install/re-install any programs or run any fixes or scanners that you have not been instructed to use. This may cause conflicts with the tools being used in the cleanup process.

If you have questions regarding any of the instructions or problems running any tools, please let us know.

In order to assist you, please post the logs requested in the Malware Removal Posting Instructions.

Thank you.

Edit Note: It would also be helpful if you post a copy of your Malwarebytes log.
 
Last edited:
Results of screen317's Security Check version 0.99.82
Windows Vista Service Pack 2 x64 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
Immunet 3
Emsisoft Anti-Malware
Microsoft Security Essentials
AVG Anti-Virus Free
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
CA Yahoo! Anti-Spy (remove only)
SpywareBlaster 4.5
SpywareGuard v2.2
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
JavaFX 2.1.1
Java(TM) 6 Update 15
Java 7 Update 21
Java(TM) SE Runtime Environment 6 Update 1
Java version out of Date!
Adobe Flash Player 11.8.800.94 Flash Player out of Date!
Adobe Reader 10.1.8 Adobe Reader out of Date!
Mozilla Firefox 21.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Spybot Teatimer.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.21.2
Run by lee at 15:39:55 on 2014-05-01
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8190.3536 [GMT -4:00]
.
AV: Immunet 3 *Enabled/Updated* {065276D9-6EBF-968C-B5ED-7B8B1DCF4059}
AV: Emsisoft Anti-Malware *Disabled/Outdated* {0ADC9F7D-20C1-240F-01E2-43466EBA893A}
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Emsisoft Anti-Malware *Disabled/Outdated* {B1BD7E99-06FB-2B81-3B52-7834153DC387}
.
============== Running Processes ===============
.
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\hasplms.exe
c:\hp\HPEZBTN\HPBtnSrv.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\SysWOW64\nlssrv32.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\MSR\Privoxy\privoxy.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Common Files\aol\1250564758\ee\aolsoftware.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\AOL Desktop 9.7a\waol.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files (x86)\AOL Desktop 9.7a\shellmon.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\lee\AppData\Local\Temp\HouseCall\housecall.bin
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe
C:\Program Files\Immunet\3.1.8\sfc.exe
C:\Program Files\Immunet\3.1.8\iptray.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Pale Moon\palemoon.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Google
uSearch Page = Google
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
uProxyServer = hxxp=127.0.0.1:8118;https=127.0.0.1:8118
uSearchAssistant = Google
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files (x86)\SpywareGuard\dlprotect.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: NCO 2.0 IE BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Common Files\Symantec Shared\IDS\IPSBHO.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Speckie: {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} - C:\Users\lee\AppData\Roaming\Speckie\bin32\Speckie32.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Show Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [AOL Fast Start] "C:\Program Files (x86)\AOL Desktop 9.7a\AOL.EXE" -b
mRun: [HostManager] "C:\Program Files (x86)\Common Files\AOL\1250564758\ee\AOLSoftware.exe"
mRun: [EfficientReminderFree] <no file>
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
IE: {E6846530-6088-4AA3-932F-C6245CE59A4C} - {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} - C:\Users\lee\AppData\Roaming\Speckie\bin32\Speckie32.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1058
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{F06BCFFE-0B9F-43E9-BD86-132AA1088824} : DHCPNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
SEH: SpywareGuard.Handler - {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files (x86)\SpywareGuard\spywareguard.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Speckie: {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} - C:\Users\lee\AppData\Roaming\Speckie\bin64\Speckie64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-IE: {E6846530-6088-4AA3-932F-C6245CE59A4C} - {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} - C:\Users\lee\AppData\Roaming\Speckie\bin64\Speckie64.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll
Hosts: 127.0.0.1 Spyware Info | Spyware Info
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\lee\AppData\Roaming\Mozilla\Firefox\Profiles\g84aw4dt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&CUI=UN18412241543604267&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxyioASX7XiWPTstsIBktmnlf6qme3w0m4ISFmMNyG4-6u9O__E0MaQirsMCcg-Erw6g_5odvhcstAhSWod8QWPffQGBF456Lk3UJT4yzIYN6NHO6tE1IWsBjCoGR4qHCbGAuUR_yDH7MdA,
FF - prefs.js: keyword.URL - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxyioASX7XiWPTstsIBktmnlf6qme3w0m4ISFmMNyG4-6u9O__E0MaQirsMCcg-Erw6g_5odvhcstAhSVja24F0dyLFTTRnpkLMTB96F3wcUu4ZeO0f4fvGZyktY2uvwFIohbfBvkMVNxyg,&q=
FF - prefs.js: network.proxy.http - 119.110.73.23
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\GameSpy\Comrade\npcomrade.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\lee\AppData\Roaming\Catalina – Print Savings\npBcsKtTcIO.dll
FF - plugin: C:\Users\lee\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\System32\Adobe\Director\np32dsw_1200112.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
.
---- FIREFOX POLICIES ----
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2014-2-4 21184]
R1 a2injectiondriver;a2injectiondriver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2010-9-24 48216]
R1 a2util;a-squared Malware-IDS utility driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [2010-9-24 14720]
R1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows\System32\drivers\avgldx64.sys [2009-8-18 269904]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\Windows\System32\drivers\avgmfx64.sys [2009-8-18 35536]
R1 AvgTdiA;AVG Free8 Network Redirector x64;C:\Windows\System32\drivers\avgtdia.sys [2009-8-18 317520]
R1 ImmunetProtectDriver;ImmunetProtectDriver;C:\Windows\System32\drivers\immunetprotect.sys [2014-5-1 58112]
R1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;C:\Windows\System32\drivers\immunetselfprotect.sys [2014-5-1 33024]
R1 MpKsl01291a15;MpKsl01291a15;C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2CEB0E10-33B8-43FE-8CD7-A61EC64620D9}\MpKsl01291a15.sys [2014-5-1 45352]
R2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2013-8-9 91784]
R2 ImmunetNetworkMonitorDriver;ImmunetNetworkMonitorDriver;C:\Windows\System32\drivers\ImmunetNetworkMonitor.sys [2014-5-1 114944]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\System32\drivers\netr28x.sys [2009-8-17 459776]
R3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\System32\drivers\teamviewervpn.sys [2014-2-7 35112]
S1 SASDIFSV;SASDIFSV;C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2010-2-17 66632]
S3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2010-9-24 85800]
S3 DKRtWrt;DKRtWrt;C:\Windows\System32\drivers\DKRtWrt.sys [2011-8-22 44624]
S3 IDSvia64;Symantec Intrusion Prevention Driver;C:\PROGRA~3\Symantec\DEFINI~1\SymcData\ipsdefs\20071204.002\IDSvia64.sys [2009-8-18 251952]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 134944]
S3 NPF;NetGroup Packet Filter Driver;C:\Windows\System32\drivers\npf.sys [2010-4-7 40464]
S3 SASENUM;SASENUM;C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-2-17 12872]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2014-05-01 15:58:08 329800 ----a-w- C:\Windows\System32\drivers\trufos.sys
2014-05-01 15:58:07 58112 ----a-w- C:\Windows\System32\drivers\immunetprotect.sys
2014-05-01 15:58:07 33024 ----a-w- C:\Windows\System32\drivers\immunetselfprotect.sys
2014-05-01 15:58:07 114944 ----a-w- C:\Windows\System32\drivers\ImmunetNetworkMonitor.sys
2014-04-28 22:17:49 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2014-04-28 22:17:49 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-04-28 02:53:56 154840 ----a-w- C:\Windows\System32\RCoInstII64.dll
2014-04-28 02:53:35 2770976 ----a-w- C:\Windows\System32\FMAPO64.dll
2014-04-28 02:53:30 113576 ----a-w- C:\Windows\System32\CONEQMSAPOGUILibrary.dll
2014-04-28 02:53:28 209096 ----a-w- C:\Windows\System32\AERTAC64.dll
2014-04-28 02:53:28 108640 ----a-w- C:\Windows\System32\AERTAR64.dll
2014-04-26 01:05:53 290776 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-03-10 22:17:22 128288 ----a-w- C:\Windows\System32\IObitSmartDefragExtension.dll
2014-02-03 21:14:10 12872 ----a-w- C:\Windows\System32\bootdelete.exe
.
============= FINISH: 15:47:19.83 ===============
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/17/2009 11:34:00 PM
System Uptime: 5/1/2014 10:07:36 AM (5 hours ago)
.
Motherboard: PEGATRON CORPORATION | | Benicia
Processor: Intel(R) Core(TM)2 Quad CPU Q9300 @ 2.50GHz | CPU 1 | 2500/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 686 GiB total, 311.006 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 9.442 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
60tons (remove only)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.8)
Aktiv MP3 Recorder
Allied Intent Xtended 2.0
Any Video Converter 3.2.5
AOL Uninstaller (Choose which Products to Remove)
APB Reloaded
AppCore
Apple Application Support
Apple Mobile Device Support
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
Audacity 1.2.6
Audacity 1.3.12 (Unicode)
AVG Free 9.0
Battlefield 2 Server
Battlefield 2(TM)
Battlefield 4™
bitRipper
BitTorrent
Boilsoft Video Splitter 5.28
Bonjour
CA Yahoo! Anti-Spy (remove only)
Cards_Calendar_OrderGift_DoMorePlugout
Catalina Savings Printer
ccCommon
ccCommon64
CCleaner
CCScore
CDBurnerXP
CheshireCat's One Click File Joiner
CheshireCat's One Click Thumbnailer
Cisco WebEx Meetings
Compatibility Pack for the 2007 Office system
Component Framework
ConvertHelper 2.2
ConvertXtoDVD 4.1.19.365
Coupon Printer for Windows
CutePDF Writer 2.8
CyberLink DVD Suite Deluxe
Daniusoft MP3 WAV Converter(Build 2.3.1.0)
Defraggler
Directory Lister Pro v1.35
Diskeeper 2011
DivX Plus DirectShow Filters
DivX Setup
Driver Booster
Easy Video Joiner 5.21
Efficient Reminder Free 3.55
Emsisoft Anti-Malware 5.0
Enhanced Multimedia Keyboard Solution
ESN Sonar
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
Eve of Destruction 2.0 Levels
Eve of Destruction v2.0
Express Dictate
Express Scribe
FlightGear v3.0.0
FLV Converter 3.2
FormatFactory 3.3.1.0
Free M4a to MP3 Converter 7.1
Free Video Joiner 1.1
Freez FLV to MP3 Converter
GameSpy Comrade
GIMP 2.6.11
GOM Player
GOM Video Converter
Google Earth
Google Update Helper
Grand Theft Auto IV
GTA2
Hardware Diagnostic Tools
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
Hot CPU Tester Pro 4.4.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Feedback
HP Officejet Pro 8600 Basic Device Software
HP Officejet Pro 8600 Help
HP Photosmart Essential 2.5
HP Photosmart Essential 3.0
HP Picasso Media Center Add-In
HP Recovery Manager RSS
HP Total Care Advisor
HP Update
HPPhotoSmartPhotobookWebPack1
HPTCSSetup
I.R.I.S. OCR
Immunet 3
ImTOO iPod Computer Transfer
inSSIDer 3
Intel® Matrix Storage Manager
IrfanView (remove only)
iTunes
iWisoft Free Video Converter 1.2
Java 7 Update 21
Java 7 Update 21 (64-bit)
Java Auto Updater
Java(TM) 6 Update 15
Java(TM) SE Runtime Environment 6 Update 1
JavaFX 2.1.1
K-Lite Codec Pack 10.4.0 Full
Kodak EasyShare software
LabelPrint
LightScribe Applications
LightScribe Diagnostic Utility
LightScribe System Software
LightScribe Template Labeler
LiveUpdate (Symantec Corporation)
Logitech Gaming Software 5.04
Logitech Unifying Software 2.10
Magic Photo Editor 5.2
Malwarebytes Anti-Malware version 1.75.0.1300
Medal of Honor Airborne
Media Player Classic - Home Cinema v1.4.2499.0
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft DirectX SDK (June 2010)
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Excel Viewer
Microsoft Office Home and Student 60 day trial
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Standard Edition 2003
Microsoft Office Word Viewer 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Microsoft Windows Media Video 9 VCM
Microsoft Works
MiniGet 1.0.8.2504
Mozilla Developer Preview (3.7a1)
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP3 Parser (KB973685)
My HP Games
MyProfessionalBusinessCards
MySoftware Fonts
netbrdg
NETGEAR Print Server Utility
Network Recording Player
Noise Reduction Plug-in 2.0i
Norton AntiVirus
Norton AntiVirus Help
Norton Confidential Core
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
NVIDIA 3D Vision Controller Driver 331.82
NVIDIA Control Panel 331.82
NVIDIA GeForce Experience 1.8.1
NVIDIA Graphics Driver 331.82
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0725
NVIDIA Update 10.11.15
NVIDIA Update Core
OfotoXMI
OpenAL
OpenOffice 4.0.1
Origin
Pale Moon 24.5.0 (x64 en-US)
Paltalk Messenger 11.2
PeaZip 2.7.beta
PeerBlock 1.1 (r518)
Perfect Resize 7
PhotoScape
Picasa 3
PokerStars
PokerStars.net
Power2Go
PowerDirector
PSSWCORE
PunkBuster Services
Python 2.5.2
QuickTime
Ralink Wireless LAN
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Redist
Replay Video Capture
Revo Uninstaller 1.95
RTC Client API v1.2
Sandbox
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
SFR
SHASTA
Should I Remove It
Silent Hunter Wolves of the Pacific
skin0001
SKINXSDK
Skype™ 5.5
Smart Defrag 3
SoulSeek 157 NS 13e
Sound Forge Pro 10.0
Source SDK Base 2007
SPBBC 64bit
Speckie
SpeedFan (remove only)
Spybot - Search & Destroy
SpywareBlaster 4.5
SpywareGuard v2.2
staticcr
Steam
SUPERAntiSpyware Free Edition
Symantec Real Time Storage Protection Component (x64)
SymNet x64
System Requirements Lab
System Update kb70007
Team Fortress 2
TeamViewer 9
Total Eclipse 4.3
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VC80CRTRedist - 8.0.50727.6195
Verizon Media Manager
VideoToolkit01
VidSplitter
Vista Codec Package
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 8.0 Runtime Setup Package (x64)
VLC media player 2.0.4
VPRINTOL
VS10Runtimex64
Vz In Home Agent
WebEx Event Manager for Internet Explorer
Windows 7 Upgrade Advisor
Windows Live ID Sign-in Assistant
Windows Movie Maker 2.6
WinRAR archiver
WIRELESS
World of Warplanes
Worldwide Web Research
XviD v1.2.0 CVS
Zero Ballistics
.
==== End Of File ===========================
 
Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes | Free Anti-Malware & Internet Security Software

Database version: v2014.04.29.05

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
lee :: HOME-PC [administrator]

4/30/2014 6:39:36 PM
mbam-log-2014-04-30 (18-39-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 27356
Time elapsed: 2 minute(s), 2 second(s) [aborted]

Memory Processes Detected: 1
C:\Users\lee\AppData\Local\Temp\WebMonitor.exe (PUP.Optional.MediaMine) -> 5568 -> Delete on reboot.

Memory Modules Detected: 1
C:\Program Files (x86)\MiniGet\MiniGetHelper1.11.dll (Trojan.BHO) -> Delete on reboot.

Registry Keys Detected: 8
HKCR\CLSID\{10E1725C-7237-41A9-954A-04DCCB1FD16C} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\TypeLib\{3C8BF053-0A65-46FE-A757-2187BD66EF34} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\Interface\{49859A6F-2284-4F06-9F8E-BFE56B35BA09} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\BhoPlugin.MiniGetBHO.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\BhoPlugin.MiniGetBHO (Trojan.BHO) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10E1725C-7237-41A9-954A-04DCCB1FD16C} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{10E1725C-7237-41A9-954A-04DCCB1FD16C} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E1725C-7237-41A9-954A-04DCCB1FD16C} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|AutoLoader (PUP.Optional.MediaMine) -> Data: "C:\Users\lee\AppData\Local\Temp\WebMonitor.exe" -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\lee\AppData\Local\Temp\WebMonitor.exe (PUP.Optional.MediaMine) -> Delete on reboot.
C:\Program Files (x86)\MiniGet\MiniGetHelper1.11.dll (Trojan.BHO) -> Delete on reboot.

(end)


---------------------------------------------------------------------------------------------------

Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes | Free Anti-Malware & Internet Security Software

Database version: v2014.04.29.05

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
lee :: HOME-PC [administrator]

4/30/2014 6:42:16 PM
mbam-log-2014-04-30 (18-42-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 35798
Time elapsed: 9 minute(s), 17 second(s) [aborted]

Memory Processes Detected: 1
C:\Users\lee\AppData\Local\Temp\WebMonitor.exe (PUP.Optional.MediaMine) -> 5568 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\Users\lee\AppData\Local\Temp\WebMonitor.exe (PUP.Optional.MediaMine) -> Delete on reboot.
C:\Users\lee\AppData\Local\Temp\6a0vToDJ.exe.part (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Users\lee\AppData\Local\Temp\9GR+ZWIv.exe.part (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Users\lee\AppData\Local\Temp\cFWpqWvm.exe.part (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Users\lee\AppData\Local\Temp\iwInB0Fu.exe.part (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Users\lee\AppData\Local\Temp\pBGqE0Cx.exe.part (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Users\lee\AppData\Local\Temp\r0z3nenc.exe.part (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.

(end)

------------------------------------------------------------------------------
Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes | Free Anti-Malware & Internet Security Software

Database version: v2014.04.29.05

Windows Vista Service Pack 2 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
lee :: HOME-PC [administrator]

4/30/2014 7:06:18 PM
mbam-log-2014-04-30 (19-06-18).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 607407
Time elapsed: 3 hour(s), 30 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E1725C-7237-41A9-954A-04DCCB1FD16C} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 10
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (PUP.Optional.HelperBar.A) -> Bad: (http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxyioASX7XiWPTstsIBktmnlf6qme3w0m4ISFmMNyG4-6u9O__E0MaQirsMCcg-Erw6g_5odvhcstAhSVja24F0dyLFTTRnpkLMTB96F3wcUu4ZeO0f4fvGZyktY2uvwFIohbfBvkMVNxyg,&q={searchTerms}) Good: (Google) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (PUP.Optional.HelperBar.A) -> Bad: (http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxyioASX7XiWPTstsIBktmnlf6qme3w0m4ISFmMNyG4-6u9O__E0MaQirsMCcg-Erw6g_5odvhcstAhSVja24F0dyLFTTRnpkLMTB96F3wcUu4ZeO0f4fvGZyktY2uvwFIohbfBvkMVNxyg,&q={searchTerms}) Good: (Google) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (PUP.Optional.HelperBar.A) -> Bad: (http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxyioASX7XiWPTstsIBktmnlf6qme3w0m4ISFmMNyG4-6u9O__E0MaQirsMCcg-Erw6g_5odvhcstAhSVja24F0dyLFTTRnpkLMTB96F3wcUu4ZeO0f4fvGZyktY2uvwFIohbfBvkMVNxyg,&q={searchTerms}) Good: (Google) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|SearchAssistant (PUP.Optional.HelperBar.A) -> Bad: (http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxyioASX7XiWPTstsIBktmnlf6qme3w0m4ISFmMNyG4-6u9O__E0MaQirsMCcg-Erw6g_5odvhcstAhSVja24F0dyLFTTRnpkLMTB96F3wcUu4ZeO0f4fvGZyktY2uvwFIohbfBvkMVNxyg,&q={searchTerms}) Good: (Google) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchUrl|Default (PUP.Optional.HelperBar.A) -> Bad: (http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxyioASX7XiWPTstsIBktmnlf6qme3w0m4ISFmMNyG4-6u9O__E0MaQirsMCcg-Erw6g_5odvhcstAhSVja24F0dyLFTTRnpkLMTB96F3wcUu4ZeO0f4fvGZyktY2uvwFIohbfBvkMVNxyg,&q={searchTerms}) Good: (Google) -> Quarantined and repaired successfully.
HKCU\Software\Microsoft\Internet Explorer\Main|Search Page (PUP.Optional.HelperBar.A) -> Bad: (http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxyioASX7XiWPTstsIBktmnlf6qme3w0m4ISFmMNyG4-6u9O__E0MaQirsMCcg-Erw6g_5odvhcstAhSVja24F0dyLFTTRnpkLMTB96F3wcUu4ZeO0f4fvGZyktY2uvwFIohbfBvkMVNxyg,&q={searchTerms}) Good: (Google) -> Quarantined and repaired successfully.
HKCU\Software\Microsoft\Internet Explorer\Main|Search Bar (PUP.Optional.HelperBar.A) -> Bad: (http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxyioASX7XiWPTstsIBktmnlf6qme3w0m4ISFmMNyG4-6u9O__E0MaQirsMCcg-Erw6g_5odvhcstAhSVja24F0dyLFTTRnpkLMTB96F3wcUu4ZeO0f4fvGZyktY2uvwFIohbfBvkMVNxyg,&q={searchTerms}) Good: (Google) -> Quarantined and repaired successfully.
HKCU\Software\Microsoft\Internet Explorer\Search|Default_Search_URL (PUP.Optional.HelperBar.A) -> Bad: (http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxyioASX7XiWPTstsIBktmnlf6qme3w0m4ISFmMNyG4-6u9O__E0MaQirsMCcg-Erw6g_5odvhcstAhSVja24F0dyLFTTRnpkLMTB96F3wcUu4ZeO0f4fvGZyktY2uvwFIohbfBvkMVNxyg,&q={searchTerms}) Good: (Google) -> Quarantined and repaired successfully.
HKCU\Software\Microsoft\Internet Explorer\Search|SearchAssistant (PUP.Optional.HelperBar.A) -> Bad: (http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxyioASX7XiWPTstsIBktmnlf6qme3w0m4ISFmMNyG4-6u9O__E0MaQirsMCcg-Erw6g_5odvhcstAhSVja24F0dyLFTTRnpkLMTB96F3wcUu4ZeO0f4fvGZyktY2uvwFIohbfBvkMVNxyg,&q={searchTerms}) Good: (Google) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl|Default (PUP.Optional.HelperBar.A) -> Bad: (http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxyioASX7XiWPTstsIBktmnlf6qme3w0m4ISFmMNyG4-6u9O__E0MaQirsMCcg-Erw6g_5odvhcstAhSVja24F0dyLFTTRnpkLMTB96F3wcUu4ZeO0f4fvGZyktY2uvwFIohbfBvkMVNxy8,&q={searchTerms}) Good: (Google) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
------------------------------------------------------------------------------
 
Corrine said:
Hi, nd2121. Welcome to Sysnative!

We will do our best to assist you. However, in order to do so, please follow all instructions provided in the sequence given. Do not install/re-install any programs or run any fixes or scanners that you have not been instructed to use. This may cause conflicts with the tools being used in the cleanup process.

If you have questions regarding any of the instructions or problems running any tools, please let us know.

In order to assist you, please post the logs requested in the Malware Removal Posting Instructions.

Thank you.

Edit Note: It would also be helpful if you post a copy of your Malwarebytes log.
Click to expand...

First off thank you so much. I posted in the order requested

1) SecurityCheck

2) DDS.txt

3)Attach.txt

4) Malware logs. There seems to be 10 on 4-30-2014. Yet I only did 5 (3 fast and 2 full)


PS Would a SYSTEM RESTORE help fix this or is it already too late?
 
Thank you for the logs, nd2121. There will be some work involved in getting your computer cleaned. The infection is likely due to outdated third party software programs on your computer so we'll take care of those quickly. There are a lot of steps. Please follow them in order. If you have any questions, please don't hesitate to ask.

1) First things first, in attempting to solve the problem, you now have too many antivirus programs installed. As a result, when one program attempts to remove something, another may block it or cause conflicts. Please uninstall each of the A/V programs you installed in an attempt to clean your computer. Keep one of the following:
  • AVG Free 9.0
  • Microsoft Security Essentials
  • Norton AntiVirus, including the following if Norton is not your regular A/V program.
    Norton AntiVirus Help
    Norton Confidential Core
    Norton Internet Security
    Norton Internet Security (Symantec Corporation)
    Norton Protection Center

Note: If Norton is not your regular A/V, please Download and run the Norton Removal Tool to uninstall your Norton product

2) CA Yahoo! Anti-Spy is no longer supported. Please uninstall it as well.

3) Unfortunately Java did remove the old version when JRE 7 was released. In addition, your version is outdated. Most people no longer need Java installed and I personally have not missed it on my computer. Please uninstall the following:
  • JavaFX 2.1.1
  • Java(TM) 6 Update 15
  • Java(TM) SE Runtime Environment 6 Update 1
In the event you wish to remove Java completely, also uninstall Java 7 Update 21. Otherwise, you need to update to the latest version, Java Version 7 Update 55.

4) There have been critical security updates for Adobe Flash Player. Please use the following direct download links to update Flash Player:

Non-IE (Opera, Firefox, Etc.): http://download.macromedia.com/get/...ensing/win/install_flash_player_13_plugin.exe
Windows XP, Vista and 7: Flash Player For Internet Explorer 7, 8, 9, 10, 11: http://download.macromedia.com/get/...sing/win/install_flash_player_13_active_x.exe

5) The current version of Adobe Reader is XI (11.0.06). Please get that update here: Adobe - Adobe Reader : For Windows. Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

6) Now that there is less of a chance of getting reinfected due to outdated, vulnerable programs, please do the following: Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista - W7 users: Right-click and select "Run As Administrator".
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com). If you don't see file extensions, please see: How to change the file extension.
  • Click the Start Scan button. Do not use the computer during the scan!
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure SKIP is selected... DO NOT attempt to FIX anything yet!
    • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
 
Stuck at number 1

AVG free 9.0 will not uninstall when I go to control panel. It says after I click uninstall @finaldig-instfailtitle
 
ok Avg9 seems to be gone I did not have patience. Now I still have in my file folders

avg9 chj seems to be logs. Can I delete?

Also would you have the link to remove avg8 it is also there in my folders

Thanks so much for all this
 
I was impatient and let it run and it uninstalled 9.0 but left one file folder in windows explorer CHJW there are 3 files in there with DAT. looks like logs

Now the ENTIRE avg 8.0 is in a file folder. It does not show up in uninstall program . It is hidden almost.

Just to be clear. ( looks to be gone except 3 small files) (AVG 8.0 is full folder)
 
Also just to make sure I read correctly. ONCE I have new Java 55 (PS I installed 64 bit, Is that correct? I have 64 bit computer) Should I delete Java 21?
 
Edit: This was about AVG: Ok, we'll see what is left later. I promise not to forget. :smile9: Go ahead with the other uninstalls.

Regarding Java, update 21 should have been replaced by the update you installed. It is version update (JRE 6 -> JRE 6) where Oracle isn't good at removing the old version.
 
Last edited:
Ok two things

1) In programs and features I now have Just to Java (7 update 21 and java 7 update 55) Do I delete the java 7 update 21 now that I have 55? Or leave both?


2) Adboe reader will not let me install (
[TABLE="class: max"]
[TR]
[TD]Adobe Reader 11.0.06 update - All languages[/TD]
[TD]19MB[/TD]
[TD]1/14/2014[/TD]
[/TR]
[/TABLE]

it says the following:
2afcyv7.jpg



When I go to the main Adboe reader page it automatically wants to download version 10. So frustrating
 
Ok i just ran TDSSKILLER and 0 (nothing) was found.


Oh boy what does this mean?
 
Having fun yet? :D

You missed my edit, adding the information about Java: "Regarding Java, update 21 should have been replaced by the update you installed. It is version update (JRE 6 -> JRE 6) where Oracle isn't good at removing the old version."

Do you use Adobe Reader frequently? Personally, I got tired of both the Adobe Reader security vulnerabilities and switched to Sumatra PDF. If you're interested, see my blog post here: Replacing Adobe Reader with Sumatra PDF. Otherwise, to continue using Adobe Reader, uninstall Version 10 and download the latest version here: Adobe - Adobe Reader download - All versions.
 
You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top