Page 1 of 2 12 Last
  1. #1

    Need help with virus removal - (MindSpark ?)

    Greetings and thank you in advance for any/all assistance you can provide.

    I may not yet be providing all the detail I can but will certainly add any additional detail required (as instructed).

    So, I have my father in law's PC. I believe it is infected with virus / malware /etc. I think they clicked on a link in an email they shouldn't of but can't really be sure.

    Symptoms:
    First symptom I noticed is that I cannot connect the PC (Windows 7) to the Internet, either wirelessly or using an Ethernet cable to my wireless router. The "network" tray icon is greyed with a red X. When I select "Troubleshoot problems", I get the following results:

    Windows could not automatically detect this network's proxy settings.

    I have currently tried/executed the following:

    1). Ran Malwarebytes which was already installed on this PC. ALthough I couldn't update the DB, it tagged multiple occurrences of "MindSpark" related items as issues, which I successfully quarantined. When I currently run Malwarebytes, I got "No issues found"

    2) Ran Avast! scan - I attempted to run the Avast scan but was unsuccessful as the application would not loaded. The only error I got was a small popup windows with an exclamation point with the avastui header.

    3) Ran Malwarebytes Rootkit Scanner - Again, not able to update the scanner but this scan returned "No Issues".

    At this point - nothing had changed - still couldn't access the internet. But did also notice the following:

    1) Upon a reboot, noticed the following message on the icon tray:

    Failed to Connect to a Windows Service: Windows could not connect to the System Event Noticiation Service service. This problem prevents standard users from logging on to the system. As an administrative user, you can review the system Event log for details about why the service didn't respond.

    Note: When I attempted to bring up the Event Viewer, I got the following message: Event Log Service is unavailable. Verify that the service is running.

    At this point, I attempted to do a system restore to a previous operational point. This was unsuccessful.

    Additional notes:
    1) Looking at the Process tab in Task Manager, notice the following entries

    dllhost.exe user COM Surrogate
    dllhost.exe *32 system COM Surrogate

    No idea if that is an issue but thought I'd include.


    So, I at the end of my very limited ability to figure out what is going on.

    Appreciate any/all help you can provide.

    Many thanks in advance!!


    • Ad Bot

      advertising
      Beep.

        
       

  2. #2

    Join Date
    Apr 2015
    Location
    Enid Oklahoma
    Posts
    1

    Re: Need help with virus removal - (MindSpark ?)

    Hi! I would visit our malware section and make sure your PC is clean even though you ran all those programs and they showed you were clean.
    What is your exact problem at this moment?? When did you restore your PC to a restore point??
    Malware Removal Posting Instructions

  3. #3

    Re: Need help with virus removal - (MindSpark ?)

    Greetings,
    Sorry if I posted in the wrong section. So, sorry if I'm ignorant here (I'm not a power user....). How do I make sure my PC is clean? Currently, if I run Malwarebytes and Malwarebytes rootkit, I get "No issues found". However, I still can't get the PC connected to the Internet (as described in my original post). In addition, I've noticed the other items (also mentioned) that is leading me to believe I've been infected:

    1) Can't run Avast
    2) Failed to Connect to a Windows Service message
    3) Can run Event Viewer to review cause of 2) above
    4) Couldn't restore to a previous point. My attempt to do so failed.



    The problem actually hasn't

  4. #4

    Join Date
    Apr 2015
    Location
    Enid Oklahoma
    Posts
    1

    Re: Need help with virus removal - (MindSpark ?)

    Hi! You're not ignorant! I don't think I'm supposed to help with malware. If you think your infected you should follow the link that I posted so that our malware team can help you. Malwarebytes is good and it's good that no issues were found. You might try a sfc /scannow. Then visit our malware section! MindSpark is malware.
    https://support.microsoft.com/en-us/kb/929833/

  5. #5
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,715

    Re: Need help with virus removal - (MindSpark ?)

    Hi, haganm.

    Based on the brief information you provided, it appears your father-in-law's computer is infected with the Poweliks trojan. In order to get you started on the cleanup process, please carefully follow the steps below in the order provided. If you have any questions, please feel free to ask.

    A. Re-enable downloads by doing the following:

    1. On your father-in-law's computer, click the Start button and type run
    2. When run appears at the top of the search results, click it.
    3. In the Open field of the box that opens, type inetcpl.cpl and press enter.
    4. When Internet Properties opens, click on the Security tab.
    5. At the bottom, click on the Reset all zones to default level button.
    6. Click the Apply button followed by the OK button to save your changes.
    7. Close the Internet Properties screen.


    B. Launch Internet Explorer (or any other browser) and download the ESET Poweliks Cleaner tool to the desktop.

    1. When the download is complete, navigate to your Desktop, double-click ESETPoweliksCleaner.exe.
    2. Read the terms of the End-user license agreement and click Agree if you agree to them.
    3. The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
    4. If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed.
    5. Press any key to exit the tool.
    6. Shutdown/restart the computer.


    C. Provide the logs requested in the Malware Removal Posting Instructions so that any additional malware can be removed from the computer.

    @donetao: SFC will not be the least bit helpful in this situation.
    Last edited by Corrine; 04-07-2015 at 06:19 PM.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  6. #6

    Join Date
    Apr 2015
    Location
    Enid Oklahoma
    Posts
    1

    Re: Need help with virus removal - (MindSpark ?)

    @donetao: SFC will not be the least bit helpful in this situation.
    Mindspark is malware. Wasn't sure if I'm allowed to help with malware. I will leave the OP in your capable hands.
    Will follow this thread and see If I can learn. I have heard of ESET on line scanner, but not ESETPoweliksCleaner.exe.
    Thanks @Corrine!! I was trying to get OP to your section!! Gave the link twice.

  7. #7

    Re: Need help with virus removal - (MindSpark ?)

    Hi Corrine, Thanks in advance for any/all help you can provide. I attempted to Re-enable downloads per your instructions. However, even after all steps, my network icon on the task bar is still greyed out with a red "X". So, when I restart IE, I still can't get connected to anything. Thanks!

  8. #8

    Re: Need help with virus removal - (MindSpark ?)

    Donetao; Thanks for taking the time to reply. I do appreciate that! I'll work with Corrine to get this resolve but I do appreciate your willingness to reply and help!

  9. #9
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,715

    Re: Need help with virus removal - (MindSpark ?)

    Hi, haganm.

    In that case, you're going to need to download the tools on your working computer and transfer them via USB stick or other media to your father-in-law's computer, and in return, copy those logs back to your computer to post here for review. Without the logs requested in the Malware Removal Posting Instructions, I cannot provide any further advice beyond the information you provided regarding the dllhost.exe *32 system COM Surrogate (which is a sign that it is the Poweliks Trojan). As to the Mindspark you mentioned, yes it is undesirable but I believe that it is Poweliks that is the major problem.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  10. #10

    Re: Need help with virus removal - (MindSpark ?)

    Corrine,
    I was not able to access the internet even in Safe mode. I did use the USB approach.

    I loaded and ran ESETPoweliksCleaner.exe Returned "No Threat found"
    I loaded and ran DDS & Security Check succesfully.

    Attached are files you requested:

    DDS.TXT
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.17689 BrowserJavaVersion: 10.71.2
    Run by deaton at 8:08:40 on 2015-04-08
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2799 [GMT -4:00]
    .
    AV: avast! Antivirus *Enabled/Outdated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: avast! Antivirus *Enabled/Outdated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    FW: ZoneAlarm Free Firewall Firewall *Enabled* {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\AVAST Software\Avast\avastui.exe
    C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
    C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Users\deaton\Desktop\ESETPoweliksCleaner.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.aol.com/
    uSearch Bar = hxxps://www.yahoo.com?fr=hp-avast&type=odc089
    uSearch Page = hxxps://search.yahoo.com/yhs/search?type=odc089&hspart=avast&hsimp=yhs-001&p={searchTerms}
    uDefault_Page_URL = hxxp://services.freshy.com/general/newhometab.php?hometab=home&partner=11045&guid={6726F2E9-C87A-4F27-8E42-8632CE54AFA4}&i=
    mStart Page = hxxps://www.yahoo.com?fr=hp-avast&type=odc089
    mSearch Bar = hxxps://www.yahoo.com?fr=hp-avast&type=odc089
    mSearch Page = hxxps://search.yahoo.com/yhs/search?type=odc089&hspart=avast&hsimp=yhs-001&p={searchTerms}
    uURLSearchHooks: {D8278076-BC68-4484-9233-6E7F1628B56C} - <orphaned>
    uURLSearchHooks: {472734EA-242A-422b-ADF8-83D1E48CC825} - <orphaned>
    uURLSearchHooks: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - <orphaned>
    uURLSearchHooks: <No Name>: {f15ff29f-85a1-43cd-9674-e5ba40016c97} -
    uURLSearchHooks: <No Name>: {7888381e-e4f0-48f5-a278-b48b0187d950} -
    mWinlogon: Userinit = userinit.exe,
    BHO: {0631bff0-6846-48ca-982d-d62d7f376e97} - <orphaned>
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - <orphaned>
    BHO: {beea7fa9-d1f4-49a2-9b1f-6fb7a2d9bc2a} - <orphaned>
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: SoftwareSASGeneration = dword:1
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    LSP: C:\Windows\System32\CatWSPrx.dll
    DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{A11058A2-0D8D-46C9-8C5F-9705C6855019} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{B2D38C19-2F0C-43A4-9BB1-ADD4CE73C272} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{B2D38C19-2F0C-43A4-9BB1-ADD4CE73C272}\4647E677F6F64697D2E6564777F627B6 : DHCPNameServer = 192.168.1.1
    SSODL: WebCheck - <orphaned>
    x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - <orphaned>
    x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-12-24 65776]
    R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-12-24 267632]
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2013-12-24 1050432]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2013-12-24 436624]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-11-20 98208]
    R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-8-4 29208]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-12-24 83280]
    R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2013-12-24 116728]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-12-24 50344]
    R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-6-29 27192]
    R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-4-19 315392]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-11-20 2320920]
    R2 ZAPrivacyService;ZoneAlarm Privacy Service;C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [2014-8-13 96272]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-11-20 56344]
    R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-11-20 158720]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-11-20 271872]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
    R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2011-9-8 1225832]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2011-6-19 35840]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-3-10 114688]
    S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-9-14 129752]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-9-14 19456]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-11-20 245792]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-9-14 56832]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-24 1255736]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
    S4 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-5-21 140272]
    .
    =============== Created Last 30 ================
    .
    2015-03-24 23:17:23 943616 ----a-w- C:\Windows\System32\appraiser.dll
    2015-03-24 23:17:23 760832 ----a-w- C:\Windows\System32\invagent.dll
    2015-03-24 23:17:23 677888 ----a-w- C:\Windows\System32\generaltel.dll
    2015-03-24 23:17:23 414720 ----a-w- C:\Windows\System32\devinv.dll
    2015-03-24 23:17:23 30720 ----a-w- C:\Windows\System32\acmigration.dll
    2015-03-24 23:17:23 1107456 ----a-w- C:\Windows\System32\aeinv.dll
    2015-03-24 23:17:22 227328 ----a-w- C:\Windows\System32\aepdu.dll
    2015-03-24 23:17:22 192000 ----a-w- C:\Windows\System32\aepic.dll
    2015-03-10 21:07:58 693176 ----a-w- C:\Windows\System32\winload.efi
    2015-03-10 21:06:37 215552 ----a-w- C:\Windows\System32\ubpm.dll
    2015-03-10 21:05:57 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
    2015-03-10 21:05:56 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
    .
    ==================== Find3M ====================
    .
    2015-04-07 21:04:04 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2015-04-07 14:46:46 96472 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2015-03-06 05:56:10 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2015-03-06 05:56:10 155576 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2015-03-06 05:42:39 210944 ----a-w- C:\Windows\System32\wdigest.dll
    2015-03-06 05:42:36 86528 ----a-w- C:\Windows\System32\TSpkg.dll
    2015-03-06 05:42:35 29184 ----a-w- C:\Windows\System32\sspisrv.dll
    2015-03-06 05:42:35 136192 ----a-w- C:\Windows\System32\sspicli.dll
    2015-03-06 05:42:33 341504 ----a-w- C:\Windows\System32\schannel.dll
    2015-03-06 05:42:33 28160 ----a-w- C:\Windows\System32\secur32.dll
    2015-03-06 05:42:29 314880 ----a-w- C:\Windows\System32\msv1_0.dll
    2015-03-06 05:42:29 309760 ----a-w- C:\Windows\System32\ncrypt.dll
    2015-03-06 05:42:27 728064 ----a-w- C:\Windows\System32\kerberos.dll
    2015-03-06 05:42:27 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
    2015-03-06 05:42:20 22016 ----a-w- C:\Windows\System32\credssp.dll
    2015-03-06 05:41:46 31232 ----a-w- C:\Windows\System32\lsass.exe
    2015-03-06 05:41:31 64000 ----a-w- C:\Windows\System32\auditpol.exe
    2015-03-06 05:39:16 60416 ----a-w- C:\Windows\System32\msobjs.dll
    2015-03-06 05:38:57 146432 ----a-w- C:\Windows\System32\msaudite.dll
    2015-03-06 05:36:56 686080 ----a-w- C:\Windows\System32\adtschema.dll
    2015-03-06 05:10:34 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
    2015-03-06 05:10:30 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
    2015-03-06 05:10:26 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
    2015-03-06 05:10:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2015-03-06 05:10:22 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
    2015-03-06 05:10:22 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2015-03-06 05:10:18 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2015-03-06 05:10:11 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
    2015-03-06 05:09:31 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
    2015-03-06 05:09:19 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2015-03-06 05:07:50 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
    2015-03-06 05:07:43 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
    2015-03-06 05:06:20 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
    2015-02-26 03:25:44 3204096 ----a-w- C:\Windows\System32\win32k.sys
    2015-02-20 04:41:01 41984 ----a-w- C:\Windows\System32\lpk.dll
    2015-02-20 04:40:59 100864 ----a-w- C:\Windows\System32\fontsub.dll
    2015-02-20 04:40:56 14336 ----a-w- C:\Windows\System32\dciman32.dll
    2015-02-20 04:40:55 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2015-02-20 04:13:49 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
    2015-02-20 04:13:46 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
    2015-02-20 04:13:43 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2015-02-20 04:12:51 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
    2015-02-20 03:29:16 372224 ----a-w- C:\Windows\System32\atmfd.dll
    2015-02-20 03:09:16 299008 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2015-02-20 03:06:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2015-02-20 03:05:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2015-02-20 02:50:14 66560 ----a-w- C:\Windows\System32\iesetup.dll
    2015-02-20 02:49:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2015-02-20 02:49:19 584192 ----a-w- C:\Windows\System32\vbscript.dll
    2015-02-20 02:47:56 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
    2015-02-20 02:35:17 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
    2015-02-20 02:35:05 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2015-02-20 02:34:24 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
    2015-02-20 02:32:34 6035456 ----a-w- C:\Windows\System32\jscript9.dll
    2015-02-20 02:26:12 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2015-02-20 02:22:35 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2015-02-20 02:13:57 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
    2015-02-20 02:09:08 503296 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2015-02-20 02:08:59 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2015-02-20 02:08:13 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2015-02-20 02:06:44 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
    2015-02-20 01:56:54 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2015-02-20 01:56:07 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2015-02-20 01:47:06 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
    2015-02-20 01:46:45 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
    2015-02-20 01:41:52 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    2015-02-20 01:30:39 4300288 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2015-02-20 01:28:25 2358784 ----a-w- C:\Windows\System32\wininet.dll
    2015-02-20 01:24:21 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2015-02-20 01:23:19 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
    2015-02-20 01:01:25 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
    2015-02-05 20:31:26 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2015-02-05 20:31:26 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2015-02-05 20:31:21 4437680 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2015-02-03 03:34:38 5554104 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2015-02-03 03:34:36 94656 ----a-w- C:\Windows\System32\drivers\mountmgr.sys
    2015-02-03 03:33:29 616360 ----a-w- C:\Windows\System32\winresume.efi
    2015-02-03 03:30:58 631808 ----a-w- C:\Windows\System32\evr.dll
    2015-02-03 03:29:19 8704 ----a-w- C:\Windows\System32\pcaevts.dll
    2015-02-03 03:28:49 2048 ----a-w- C:\Windows\System32\mferror.dll
    2015-02-03 03:28:14 6656 ----a-w- C:\Windows\System32\apisetschema.dll
    2015-02-03 03:19:12 663552 ----a-w- C:\Windows\System32\drivers\PEAuth.sys
    2015-02-03 03:16:31 3973048 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2015-02-03 03:16:31 3917760 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2015-02-03 03:11:55 50176 ----a-w- C:\Windows\SysWow64\rrinstaller.exe
    2015-02-03 03:11:48 23040 ----a-w- C:\Windows\SysWow64\mfpmp.exe
    2015-02-03 03:11:18 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
    2015-02-03 03:09:03 2048 ----a-w- C:\Windows\SysWow64\mferror.dll
    2015-02-03 03:08:07 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
    2015-02-03 02:32:25 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
    2015-01-31 03:48:54 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
    2015-01-31 03:48:54 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
    2015-01-30 23:56:52 243200 ----a-w- C:\Windows\System32\rdpudd.dll
    2015-01-30 23:56:51 459336 ----a-w- C:\Windows\System32\drivers\cng.sys
    2015-01-27 23:36:21 1239720 ----a-w- C:\Windows\System32\aitstatic.exe
    2015-01-17 02:48:38 1067520 ----a-w- C:\Windows\System32\msctf.dll
    2015-01-17 02:30:42 828928 ----a-w- C:\Windows\SysWow64\msctf.dll
    2015-01-09 03:14:27 91136 ----a-w- C:\Windows\System32\wdi.dll
    2015-01-09 03:14:19 950272 ----a-w- C:\Windows\System32\perftrack.dll
    2015-01-09 03:14:19 29696 ----a-w- C:\Windows\System32\powertracker.dll
    .
    ============= FINISH: 8:09:33.71 ===============

    Attach.txt
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/24/2010 11:43:16 AM
    System Uptime: 4/8/2015 7:34:10 AM (1 hours ago)
    .
    Motherboard: Hewlett-Packard | | 1425
    Processor: Intel(R) Pentium(R) CPU P6100 @ 2.00GHz | CPU | 1999/1066mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 281 GiB total, 209.466 GiB free.
    D: is FIXED (NTFS) - 17 GiB total, 2.494 GiB free.
    E: is CDROM ()
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP381: 2/6/2015 4:31:04 PM - Scheduled Checkpoint
    RP382: 2/11/2015 10:51:30 PM - Windows Update
    RP383: 2/12/2015 11:03:18 PM - Windows Update
    RP384: 2/20/2015 10:34:02 AM - Scheduled Checkpoint
    RP385: 2/25/2015 8:00:13 AM - Windows Update
    RP386: 3/4/2015 3:27:26 PM - Scheduled Checkpoint
    RP387: 3/10/2015 8:15:15 PM - Windows Update
    RP388: 3/18/2015 6:24:10 PM - Scheduled Checkpoint
    RP389: 3/24/2015 11:28:03 PM - Windows Update
    RP390: 4/7/2015 1:33:36 PM - Restore Operation
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 16 ActiveX
    Adobe Shockwave Player 11.5
    Avast Free Antivirus
    CCleaner
    DailyBibleGuide Internet Explorer Toolbar
    ESU for Microsoft Windows 7
    Google Update Helper
    Java 7 Update 71
    Java Auto Updater
    Malwarebytes Anti-Malware version 2.0.4.1028
    Microsoft .NET Framework 4.5.1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft IntelliPoint 8.1
    Microsoft Office 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft WSE 3.0 Runtime
    Motitags Internet Explorer Toolbar
    Realtek Ethernet Controller Driver For Windows 7
    Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
    Should I Remove It
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    ZoneAlarm Firewall
    ZoneAlarm Free Firewall
    ZoneAlarm Security
    .
    ==== End Of File ===========================

    Check.txt
    Results of screen317's Security Check version 0.99.99
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    avast! Antivirus
    Antivirus out of date!
    `````````Anti-malware/Other Utilities Check:`````````
    Java 7 Update 71
    Java version 32-bit out of Date!
    ````````Process Check: objlist.exe by Laurent````````
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast avastui.exe
    CheckPoint ZoneAlarm vsmon.exe
    CheckPoint ZoneAlarm ZaPrivacyService.exe
    CheckPoint ZoneAlarm zatray.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````

  11. #11

    Re: Need help with virus removal - (MindSpark ?)

    Donetao,
    Thanks for the information. I have multiple computers on my home network - all others are able to connect. I also tried the other options listed in the link you provided. Unfortunately, none of them seem to help. Thanks.

  12. #12
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,715

    Re: Need help with virus removal - (MindSpark ?)

    Hi, haganm.

    It takes time to research logs so please bear with me. I'd like to concentrate on re-establishing the Internet connection and then work on cleaning the computer. Until that is accomplished, you will need to continue using a USB.

    1. Let's start with flushing the DNS cache and restoring the HOSTS file. Again, you need to create the flush.bat on your computer and transfer it.

    Please copy/paste the lines in bold below to Notepad:

    @Echo on
    pushd\windows\system32\drivers\etc
    attrib -h -s -r hosts
    echo 127.0.0.1 localhost>HOSTS
    attrib +r +h +s hosts
    popd
    ipconfig /release
    ipconfig /renew
    ipconfig /flushdns
    netsh winsock reset all
    netsh int ip reset all
    shutdown -r -t 1
    del %0


    Save as flush.bat to your desktop.
    Double-click flush.bat file to run it. Your computer will reboot.

    Note: For Windows Vista or Windows 7, right-click flush.bat and select "Run as Administrator".

    2. Only in the event the above is not successful, download WinsockReset.zip from here and transfer the file to your father-in-law's computer. Unzip the file and click on the executable. Proceed with defaults. Next, restart and run the following commands as an Administrator Command prompt. Once done, restart and try a connection.

    Open an Administrator Command prompt (Click on the Start button, type CMD, at the top of the start button, right click on the CMD.exe command and select Run as Administrator.) At the prompt type the following and press Enter:
    netsh int ip reset C:\Resetlog.txt
    netsh winsock reset catalog
    ipconfig /flushdns
    (The space between g and / is needed)
    Exit

    Restart the computer and let me know the outcome.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  13. #13

    Re: Need help with virus removal - (MindSpark ?)

    Hi Corrine,
    Good news. The flush worked! I can now access the internet from the PC. Avast is now loading and I am not getting the "Failed to Connect to a Windows Service:" message upon bootup.

    Should I update Avast / Malwarebyte DBs and re-run these utilities?

    Thanks!!

  14. #14
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,715

    Re: Need help with virus removal - (MindSpark ?)

    Excellent!

    Yes, start with a full system scan with Avast. Follow that with a scan by Malwarebytes:

    • After updating Malwarebytes, click on the large green "Scan Now" button to begin the Threat Scan.
    • When the scan completes, click the button: Apply All Actions.
    • A window with an option to view the detailed log will appear. Click on View Detailed Log.
    • After viewing the results, please click on the Copy to Clipboard button > OK.
    • Paste your log into your next reply.
    • Note: If you lose the Clipboard copy and need to retrieve the log again it can be found by opening Malwarebytes and clicking on History> Application Logs with the date of the scan. Simply double-click on that in order to see the options for Copying to Clipboard or to Export to a .txt file (Notepad). etc.. The .txt file can be saved and posted when you are ready.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  15. #15

    Re: Need help with virus removal - (MindSpark ?)

    Sorry - messed up post - I will repost later.

  16. #16
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,715

    Re: Need help with virus removal - (MindSpark ?)

    Ok. Have you done the MBAM scan yet?


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  17. #17

    Re: Need help with virus removal - (MindSpark ?)

    Thank you Corrine. I got handed an especially infected PC, and after all scans were complete the computers network-ability dropped out. Your flush.bat worked like a charm. Do you have an essential set of tools that you recommend for dealing with future issues?

  18. #18

    Re: Need help with virus removal - (MindSpark ?)

    Hi Corrine,
    Sorry - couldn't repost immediately. Yes, I updated DBs and ran the scans as you suggested with following results:

    1). Avast! - Full Scan - No Threats Found
    2). Malwarebytes - Full Scan - Threats found and addressed. See log.

    +++++
    Malwarebytes Anti-Malware
    Malwarebytes | Free Anti-Malware & Internet Security Software

    Scan Date: 4/8/2015
    Scan Time: 2:47:07 PM
    Logfile: malwarebytes report.txt
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.04.08.06
    Rootkit Database: v2015.03.31.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: deaton

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 392165
    Time Elapsed: 13 min, 57 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 2
    PUP.Optional.TNT.A, HKU\S-1-5-21-3602817215-1122856828-3849101790-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TNT2, Quarantined, [3ad9a4a8b1d9e056c84e953060a304fc],
    PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-3602817215-1122856828-3849101790-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\DRAGDROP\{70BC1CDB-0744-4172-BDA0-B5A487D00C3A}, Quarantined, [1102be8eabdf37ffcb90af19a55ea15f],

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 2
    PUP.Optional.Freshy.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|Tabs, http://services.freshy.com/general/newhometab.php?hometab=home&partner=11045&guid={6726F2E9-C87A-4F27-8E42-8632CE54AFA4}&i=, Good: (Google), Bad: (http://services.freshy.com/general/newhometab.php?hometab=home&partner=11045&guid={6726F2E9-C87A-4F27-8E42-8632CE54AFA4}&i=),Replaced,[7c971a323159a98d79346a860df812ee]
    PUP.Optional.Freshy.A, HKU\S-1-5-21-3602817215-1122856828-3849101790-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://services.freshy.com/general/newhometab.php?hometab=home&partner=11045&guid={6726F2E9-C87A-4F27-8E42-8632CE54AFA4}&i=, Good: (Google), Bad: (http://services.freshy.com/general/newhometab.php?hometab=home&partner=11045&guid={6726F2E9-C87A-4F27-8E42-8632CE54AFA4}&i=),Replaced,[888b75d79af084b27933648ccc39d030]

    Folders: 0
    (No malicious items detected)

    Files: 3
    PUP.Optional.Arcade.A, C:\Windows\SysWOW64\CatWSPrx.ini, Quarantined, [060d18343e4c89ad19fd48802fd46e92],
    PUP.Optional.Arcade.A, C:\Windows\System32\CatWSPrxOff.ini, Quarantined, [4ec516365b2fe84eb760ccfc1be8a858],
    PUP.Optional.Arcade.A, C:\Windows\SysWOW64\CatWSPrxOff.ini, Quarantined, [db38bc90c2c8ca6c0c0b0cbc1ae9a55b],

    Physical Sectors: 0
    (No malicious items detected)


    (end)
    ++++++


    3). Malwarebytes Rootkit Scanner - No Threats found.


    Everything seems to be functioning properly but I still notice in Task Manager that the COM surrogates are still there as follows:

    dllhost.exe COM Surrogate
    dllhost.exe *32 SYSTEM COM Surrogate

    Not sure if that is a concern or not. Will await your reply and next steps. Thank you so much for getting me to this point. I very much appreciate your time and assistance!!

  19. #19
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,715

    Re: Need help with virus removal - (MindSpark ?)

    Quote Originally Posted by Latrell Spraulll View Post
    Thank you Corrine. I got handed an especially infected PC, and after all scans were complete the computers network-ability dropped out. Your flush.bat worked like a charm. Do you have an essential set of tools that you recommend for dealing with future issues?
    Hi, Latrell.

    I'm glad the flush.bat worked. Each situation is different. 99.9% of the time I do not recommend any steps until I can review some logs to get an idea of what is being dealt with.



    haganm, All Malwarebytes found was PUPs (Potentially Unwanted Programs). We'll continue with some additional cleanup but first, let's talk about Oracle Java.

    There are very few reasons why Java is needed on a personal computer. Some of those reasons include the following:

    • Playing on-line games generally requires Java.
    • With OpenOffice, Java is needed for the items listed here .
    • It used to be that Java was needed for websites to be properly displayed. However, that is generally not the case now with Flash having taken over.
    • There may be commercial programs that depend on Java. If Java is needed for a software installed on your computer, there should be a prompt for it.


    Although Internet Explorer is now blocking outdated ActiveX components (see Out-of-date ActiveX control blocking), if Java isn't needed, uninstall it. One less update to worry about and, more importantly, one less potential vulnerability. In the event a program you use requires Java, you will be prompted to install it. Personally, I have not had Java installed on any of my computers for some years and have not missed it.

    In the event your father-in-law wishes to keep Java, it needs to be updated as there have been critical security updates released. If that is the decision, please do the following
    • Start with uninstalling Java 7 Update 71 (Java does not do a good job of removing old versions when moving to a new release (e.g. Java 6 to Java 7 and Java 7 to Java 8, etc.)
    • Download jre-8u40-windows-i586.exe from Java SE Runtime Environment 8 - Downloads.
    • See the instructions in under 2. Unwanted "Extras" in my blog post to suppress sponsor offers: Java, The Never-Ending Saga,

    It is important to note that the next scheduled Java security update is scheduled for 14 April 2015 so if Java remains on the computer, it will need to be updated again.

    After dealing with Java, please do the following:

    Please download Adware Cleaner by Xplode. Please save it to your desktop!

    • Close all open programs and internet browsers.
    • Double-click AdwCleaner.exe to run the tool.
      Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
    • Click the Scan button.
    • AdwCleaner will begin. Be patient as the scan may take some time to complete.
    • After the scan has finished, click the Logfile button. A logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
    Last edited by Corrine; 04-08-2015 at 06:27 PM.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  20. #20

    Re: Need help with virus removal - (MindSpark ?)

    Hi Corrine,
    Per your suggestion, I uninstalled Java. I don't think it was needed for anything specific - thanks for the tip.

    Here is the output from running AdwCleaner:

    # AdwCleaner v4.201 - Logfile created 08/04/2015 at 19:32:10
    # Updated 08/04/2015 by Xplode
    # Database : 2015-04-08.1 [Server]
    # Operating system : Windows 7 Home Premium Service Pack 1 (x64)
    # Username : deaton - DEATON-COMPUTER
    # Running from : C:\Users\deaton\Desktop\adwcleaner_4.201.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\apn
    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\Users\admin\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
    Folder Deleted : C:\Users\deaton\AppData\Local\iac
    Folder Deleted : C:\Users\deaton\AppData\Local\Motitags_94
    Folder Deleted : C:\Users\deaton\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\deaton\AppData\LocalLow\iac
    Folder Deleted : C:\Users\deaton\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
    File Deleted : C:\END
    File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

    ***** [ Scheduled tasks ] *****

    Task Deleted : RunAsStdUser Task

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9DFFAA5F-44C6-4FF2-80EE-76368D0A2E75}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B8445FED-900C-4137-AD15-DDD2F6306B62}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BB27DF2F-6F05-4A42-9FFD-14696D795750}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{993161E3-CF87-46CF-A702-3FD05D3DEDDD}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0510789C-5E5D-4FA3-A3EF-2D56FDE5090A}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A3866408-A46D-4421-816F-F34D7247A046}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C1B9042-3D32-49A1-916B-0AA3A9CDDFD6}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2FF49ED5-A3EF-410B-918E-97DECEB5996D}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEB20665-7B2B-4594-A799-48D0D977C23D}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C1B9042-3D32-49A1-916B-0AA3A9CDDFD6}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2FF49ED5-A3EF-410B-918E-97DECEB5996D}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EEB20665-7B2B-4594-A799-48D0D977C23D}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C3554359-40B4-4452-9DDC-C8590337949F}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{381F29B0-5D3A-44E0-89D7-AF89E8999CD2}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7740A731-EEAB-4C9F-8AFC-162CF9145AC8}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9BFBC2CE-A1CD-4AB8-BC84-27D86C66290E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{89CC5A31-B592-4BB3-82F5-BD8ACA3E0BF0}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{22714877-95E3-480E-A313-4EC440965E4F}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E4AF0CED-A390-49D6-BCE3-4B477D98696A}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D8278076-BC68-4484-9233-6E7F1628B56C}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3B181CF2-878B-4758-8FBD-59D8AC5AB12D}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F0786343-938E-456B-8798-DE7EEC08F820}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9DFFAA5F-44C6-4FF2-80EE-76368D0A2E75}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B8445FED-900C-4137-AD15-DDD2F6306B62}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BB27DF2F-6F05-4A42-9FFD-14696D795750}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{934063FB-A81D-4849-B02C-478446DF3219}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{993161E3-CF87-46CF-A702-3FD05D3DEDDD}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0510789C-5E5D-4FA3-A3EF-2D56FDE5090A}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32CC4D2E-999C-4853-9D3E-5DE4C02D57C6}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{34e26447-bf30-4c78-a5b9-61dfa8a55e67}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEF7A5B4-C60D-44D2-B147-8AE4F783976E}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEF7A5B4-C60D-44D2-B147-8AE4F783976E}
    Key Deleted : HKCU\Software\APN PIP
    Key Deleted : HKCU\Software\Optimizer Pro
    Key Deleted : HKCU\Software\powerpack
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
    Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Key Deleted : HKLM\SOFTWARE\Conduit
    Key Deleted : HKLM\SOFTWARE\PIP
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\home.tb.ask.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\search.tb.ask.com

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17689


    -\\ Google Chrome v

    [C:\Users\deaton\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\deaton\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

    *************************

    AdwCleaner[R0].txt - [6838 bytes] - [08/04/2015 19:27:39]
    AdwCleaner[S0].txt - [6677 bytes] - [08/04/2015 19:32:10]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6736 bytes] ##########



Page 1 of 2 12 Last

Similar Threads

  1. [SOLVED] nic no cable attached after virus removal
    By Deek in forum Windows 7 | Windows Vista
    Replies: 2
    Last Post: 09-20-2013, 03:51 PM
  2. Replies: 0
    Last Post: 07-14-2013, 12:54 AM
  3. IE Removal for Troubleshooting Purposes
    By jcgriff2 in forum General Help & Information
    Replies: 2
    Last Post: 06-11-2012, 07:54 AM

Log in

Log in