Page 1 of 4 1234 Last
  1. #1

    Corrine Help please

    I was told to come here from palemoon forum

    Ok so I started having troubles. Palemoon acting wierd

    1) multi ads and pop ups. Saying I have a virus and other ads. Asking me to click. I DO NOT Click them.

    2) I can not post on a fourm I frequent. This is only on one forum and ot works on other browsers such as firefox and IE

    3) I did 3 virus scans already Malware bytes, Spybot, Super anti virus (They found 30 new virus. I did not write them down. I did another malware bytes in safe mode it found 11 more

    4) I am seeing ads in google. Even though I use Adblock plus.

    5) I am currently doing a trendmicro, immunet, and MSE scan So far another virus was caught, Trojan: ww32/bumat!rts

    That is a root right?

    Would doing a system restore help?

    Any suggestions? It seems just palemoon is infected.

    If a system restore would fix this I would do it. What do you guys recommend? Any other virus scaners?


    Thanks so much





    • Ad Bot

      advertising
      Beep.

        
       

  2. #2
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    9,050

    Re: Corrine Help please

    Hi, nd2121. Welcome to Sysnative!

    We will do our best to assist you. However, in order to do so, please follow all instructions provided in the sequence given. Do not install/re-install any programs or run any fixes or scanners that you have not been instructed to use. This may cause conflicts with the tools being used in the cleanup process.

    If you have questions regarding any of the instructions or problems running any tools, please let us know.

    In order to assist you, please post the logs requested in the Malware Removal Posting Instructions.

    Thank you.

    Edit Note: It would also be helpful if you post a copy of your Malwarebytes log.
    Last edited by Corrine; 05-01-2014 at 05:35 PM.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  3. #3

    Re: Corrine Help please

    Results of screen317's Security Check version 0.99.82
    Windows Vista Service Pack 2 x64 (UAC is enabled)
    Internet Explorer 9
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Windows Firewall Disabled!
    Immunet 3
    Emsisoft Anti-Malware
    Microsoft Security Essentials
    AVG Anti-Virus Free
    Antivirus up to date! (On Access scanning disabled!)
    `````````Anti-malware/Other Utilities Check:`````````
    MVPS Hosts File
    CA Yahoo! Anti-Spy (remove only)
    SpywareBlaster 4.5
    SpywareGuard v2.2
    Spybot - Search & Destroy
    SUPERAntiSpyware Free Edition
    Malwarebytes Anti-Malware version 1.75.0.1300
    CCleaner
    JavaFX 2.1.1
    Java(TM) 6 Update 15
    Java 7 Update 21
    Java(TM) SE Runtime Environment 6 Update 1
    Java version out of Date!
    Adobe Flash Player 11.8.800.94 Flash Player out of Date!
    Adobe Reader 10.1.8 Adobe Reader out of Date!
    Mozilla Firefox 21.0 Firefox out of Date!
    ````````Process Check: objlist.exe by Laurent````````
    Norton ccSvcHst.exe
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    Spybot Teatimer.exe is disabled!
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 1 %
    ````````````````````End of Log``````````````````````

  4. #4

    Re: Corrine Help please

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.21.2
    Run by lee at 15:39:55 on 2014-05-01
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8190.3536 [GMT -4:00]
    .
    AV: Immunet 3 *Enabled/Updated* {065276D9-6EBF-968C-B5ED-7B8B1DCF4059}
    AV: Emsisoft Anti-Malware *Disabled/Outdated* {0ADC9F7D-20C1-240F-01E2-43466EBA893A}
    AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    SP: Emsisoft Anti-Malware *Disabled/Outdated* {B1BD7E99-06FB-2B81-3B52-7834153DC387}
    .
    ============== Running Processes ===============
    .
    C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
    C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
    C:\Windows\system32\lsm.exe
    C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\system32\hasplms.exe
    c:\hp\HPEZBTN\HPBtnSrv.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\SysWOW64\nlssrv32.exe
    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe
    C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files (x86)\MSR\Privoxy\privoxy.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files (x86)\Common Files\aol\1250564758\ee\aolsoftware.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files (x86)\AOL Desktop 9.7a\waol.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files (x86)\AOL Desktop 9.7a\shellmon.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Users\lee\AppData\Local\Temp\HouseCall\housecall.bin
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe
    C:\Program Files\Immunet\3.1.8\sfc.exe
    C:\Program Files\Immunet\3.1.8\iptray.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Program Files\Pale Moon\palemoon.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uSearch Bar = Google
    uSearch Page = Google
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
    uProxyServer = hxxp=127.0.0.1:8118;https=127.0.0.1:8118
    uSearchAssistant = Google
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
    BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files (x86)\SpywareGuard\dlprotect.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: NCO 2.0 IE BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Common Files\Symantec Shared\IDS\IPSBHO.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Speckie: {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} - C:\Users\lee\AppData\Roaming\Speckie\bin32\Speckie32.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: Show Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    uRun: [AOL Fast Start] "C:\Program Files (x86)\AOL Desktop 9.7a\AOL.EXE" -b
    mRun: [HostManager] "C:\Program Files (x86)\Common Files\AOL\1250564758\ee\AOLSoftware.exe"
    mRun: [EfficientReminderFree] <no file>
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    IE: {E6846530-6088-4AA3-932F-C6245CE59A4C} - {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} - C:\Users\lee\AppData\Roaming\Speckie\bin32\Speckie32.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1058
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{F06BCFFE-0B9F-43E9-BD86-132AA1088824} : DHCPNameServer = 192.168.1.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
    Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
    SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
    SEH: SpywareGuard.Handler - {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files (x86)\SpywareGuard\spywareguard.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
    x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
    x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Speckie: {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} - C:\Users\lee\AppData\Roaming\Speckie\bin64\Speckie64.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-mPolicies-Explorer: NoActiveDesktop = dword:1
    x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    x64-mPolicies-System: EnableUIADesktopToggle = dword:0
    x64-IE: {E6846530-6088-4AA3-932F-C6245CE59A4C} - {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} - C:\Users\lee\AppData\Roaming\Speckie\bin64\Speckie64.dll
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll
    Hosts: 127.0.0.1 Spyware Info | Spyware Info
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\lee\AppData\Roaming\Mozilla\Firefox\Profiles\g84aw4dt.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&CUI=UN18412241543604267&UM=2&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxyioASX7XiWPTstsIBktmnlf6qme3w0m4ISFmMNyG4-6u9O__E0MaQirsMCcg-Erw6g_5odvhcstAhSWod8QWPffQGBF456Lk3UJT4yzIYN6NHO6tE1IWsBjCoGR4qHCbGAuUR_yDH7MdA,
    FF - prefs.js: keyword.URL - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxyioASX7XiWPTstsIBktmnlf6qme3w0m4ISFmMNyG4-6u9O__E0MaQirsMCcg-Erw6g_5odvhcstAhSVja24F0dyLFTTRnpkLMTB96F3wcUu4ZeO0f4fvGZyktY2uvwFIohbfBvkMVNxyg,&q=
    FF - prefs.js: network.proxy.http - 119.110.73.23
    FF - prefs.js: network.proxy.http_port - 8080
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\GameSpy\Comrade\npcomrade.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll
    FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\Users\lee\AppData\Roaming\Catalina – Print Savings\npBcsKtTcIO.dll
    FF - plugin: C:\Users\lee\AppData\Roaming\Mozilla\plugins\npatgpc.dll
    FF - plugin: C:\Windows\System32\Adobe\Director\np32dsw_1200112.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    .
    .
    FF - user.js: extensions.autoDisableScopes - 0
    FF - user.js: extensions.shownSelectionUI - true
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
    R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2014-2-4 21184]
    R1 a2injectiondriver;a2injectiondriver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2010-9-24 48216]
    R1 a2util;a-squared Malware-IDS utility driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [2010-9-24 14720]
    R1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows\System32\drivers\avgldx64.sys [2009-8-18 269904]
    R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\Windows\System32\drivers\avgmfx64.sys [2009-8-18 35536]
    R1 AvgTdiA;AVG Free8 Network Redirector x64;C:\Windows\System32\drivers\avgtdia.sys [2009-8-18 317520]
    R1 ImmunetProtectDriver;ImmunetProtectDriver;C:\Windows\System32\drivers\immunetprotect.sys [2014-5-1 58112]
    R1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;C:\Windows\System32\drivers\immunetselfprotect.sys [2014-5-1 33024]
    R1 MpKsl01291a15;MpKsl01291a15;C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2CEB0E10-33B8-43FE-8CD7-A61EC64620D9}\MpKsl01291a15.sys [2014-5-1 45352]
    R2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2013-8-9 91784]
    R2 ImmunetNetworkMonitorDriver;ImmunetNetworkMonitorDriver;C:\Windows\System32\drivers\ImmunetNetworkMonitor.sys [2014-5-1 114944]
    R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\System32\drivers\netr28x.sys [2009-8-17 459776]
    R3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\System32\drivers\teamviewervpn.sys [2014-2-7 35112]
    S1 SASDIFSV;SASDIFSV;C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys [2010-2-17 12872]
    S1 SASKUTIL;SASKUTIL;C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2010-2-17 66632]
    S3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2010-9-24 85800]
    S3 DKRtWrt;DKRtWrt;C:\Windows\System32\drivers\DKRtWrt.sys [2011-8-22 44624]
    S3 IDSvia64;Symantec Intrusion Prevention Driver;C:\PROGRA~3\Symantec\DEFINI~1\SymcData\ipsdefs\20071204.002\IDSvia64.sys [2009-8-18 251952]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 134944]
    S3 NPF;NetGroup Packet Filter Driver;C:\Windows\System32\drivers\npf.sys [2010-4-7 40464]
    S3 SASENUM;SASENUM;C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-2-17 12872]
    .
    =============== File Associations ===============
    .
    FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2014-05-01 15:58:08 329800 ----a-w- C:\Windows\System32\drivers\trufos.sys
    2014-05-01 15:58:07 58112 ----a-w- C:\Windows\System32\drivers\immunetprotect.sys
    2014-05-01 15:58:07 33024 ----a-w- C:\Windows\System32\drivers\immunetselfprotect.sys
    2014-05-01 15:58:07 114944 ----a-w- C:\Windows\System32\drivers\ImmunetNetworkMonitor.sys
    2014-04-28 22:17:49 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2014-04-28 22:17:49 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2014-04-28 02:53:56 154840 ----a-w- C:\Windows\System32\RCoInstII64.dll
    2014-04-28 02:53:35 2770976 ----a-w- C:\Windows\System32\FMAPO64.dll
    2014-04-28 02:53:30 113576 ----a-w- C:\Windows\System32\CONEQMSAPOGUILibrary.dll
    2014-04-28 02:53:28 209096 ----a-w- C:\Windows\System32\AERTAC64.dll
    2014-04-28 02:53:28 108640 ----a-w- C:\Windows\System32\AERTAR64.dll
    2014-04-26 01:05:53 290776 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2014-03-10 22:17:22 128288 ----a-w- C:\Windows\System32\IObitSmartDefragExtension.dll
    2014-02-03 21:14:10 12872 ----a-w- C:\Windows\System32\bootdelete.exe
    .
    ============= FINISH: 15:47:19.83 ===============

  5. #5

    Re: Corrine Help please

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/17/2009 11:34:00 PM
    System Uptime: 5/1/2014 10:07:36 AM (5 hours ago)
    .
    Motherboard: PEGATRON CORPORATION | | Benicia
    Processor: Intel(R) Core(TM)2 Quad CPU Q9300 @ 2.50GHz | CPU 1 | 2500/1333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 686 GiB total, 311.006 GiB free.
    D: is FIXED (NTFS) - 12 GiB total, 9.442 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    K: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    60tons (remove only)
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.8)
    Aktiv MP3 Recorder
    Allied Intent Xtended 2.0
    Any Video Converter 3.2.5
    AOL Uninstaller (Choose which Products to Remove)
    APB Reloaded
    AppCore
    Apple Application Support
    Apple Mobile Device Support
    ArcSoft Print Creations
    ArcSoft Print Creations - Album Page
    ArcSoft Print Creations - Funhouse
    ArcSoft Print Creations - Greeting Card
    ArcSoft Print Creations - Photo Book
    ArcSoft Print Creations - Photo Calendar
    ArcSoft Print Creations - Scrapbook
    ArcSoft Print Creations - Slimline Card
    Audacity 1.2.6
    Audacity 1.3.12 (Unicode)
    AVG Free 9.0
    Battlefield 2 Server
    Battlefield 2(TM)
    Battlefield 4™
    bitRipper
    BitTorrent
    Boilsoft Video Splitter 5.28
    Bonjour
    CA Yahoo! Anti-Spy (remove only)
    Cards_Calendar_OrderGift_DoMorePlugout
    Catalina Savings Printer
    ccCommon
    ccCommon64
    CCleaner
    CCScore
    CDBurnerXP
    CheshireCat's One Click File Joiner
    CheshireCat's One Click Thumbnailer
    Cisco WebEx Meetings
    Compatibility Pack for the 2007 Office system
    Component Framework
    ConvertHelper 2.2
    ConvertXtoDVD 4.1.19.365
    Coupon Printer for Windows
    CutePDF Writer 2.8
    CyberLink DVD Suite Deluxe
    Daniusoft MP3 WAV Converter(Build 2.3.1.0)
    Defraggler
    Directory Lister Pro v1.35
    Diskeeper 2011
    DivX Plus DirectShow Filters
    DivX Setup
    Driver Booster
    Easy Video Joiner 5.21
    Efficient Reminder Free 3.55
    Emsisoft Anti-Malware 5.0
    Enhanced Multimedia Keyboard Solution
    ESN Sonar
    ESSBrwr
    ESSCDBK
    ESScore
    ESSgui
    ESSini
    ESSPCD
    ESSPDock
    ESSTOOLS
    essvatgt
    Eve of Destruction 2.0 Levels
    Eve of Destruction v2.0
    Express Dictate
    Express Scribe
    FlightGear v3.0.0
    FLV Converter 3.2
    FormatFactory 3.3.1.0
    Free M4a to MP3 Converter 7.1
    Free Video Joiner 1.1
    Freez FLV to MP3 Converter
    GameSpy Comrade
    GIMP 2.6.11
    GOM Player
    GOM Video Converter
    Google Earth
    Google Update Helper
    Grand Theft Auto IV
    GTA2
    Hardware Diagnostic Tools
    Hewlett-Packard Active Check for Health Check
    Hewlett-Packard Asset Agent for Health Check
    Hot CPU Tester Pro 4.4.1
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Customer Experience Enhancements
    HP Customer Feedback
    HP Officejet Pro 8600 Basic Device Software
    HP Officejet Pro 8600 Help
    HP Photosmart Essential 2.5
    HP Photosmart Essential 3.0
    HP Picasso Media Center Add-In
    HP Recovery Manager RSS
    HP Total Care Advisor
    HP Update
    HPPhotoSmartPhotobookWebPack1
    HPTCSSetup
    I.R.I.S. OCR
    Immunet 3
    ImTOO iPod Computer Transfer
    inSSIDer 3
    Intel® Matrix Storage Manager
    IrfanView (remove only)
    iTunes
    iWisoft Free Video Converter 1.2
    Java 7 Update 21
    Java 7 Update 21 (64-bit)
    Java Auto Updater
    Java(TM) 6 Update 15
    Java(TM) SE Runtime Environment 6 Update 1
    JavaFX 2.1.1
    K-Lite Codec Pack 10.4.0 Full
    Kodak EasyShare software
    LabelPrint
    LightScribe Applications
    LightScribe Diagnostic Utility
    LightScribe System Software
    LightScribe Template Labeler
    LiveUpdate (Symantec Corporation)
    Logitech Gaming Software 5.04
    Logitech Unifying Software 2.10
    Magic Photo Editor 5.2
    Malwarebytes Anti-Malware version 1.75.0.1300
    Medal of Honor Airborne
    Media Player Classic - Home Cinema v1.4.2499.0
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft DirectX SDK (June 2010)
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Office Excel Viewer
    Microsoft Office Home and Student 60 day trial
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Standard Edition 2003
    Microsoft Office Word Viewer 2003
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
    Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
    Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
    Microsoft Windows Media Video 9 VCM
    Microsoft Works
    MiniGet 1.0.8.2504
    Mozilla Developer Preview (3.7a1)
    Mozilla Firefox 21.0 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP3 Parser (KB973685)
    My HP Games
    MyProfessionalBusinessCards
    MySoftware Fonts
    netbrdg
    NETGEAR Print Server Utility
    Network Recording Player
    Noise Reduction Plug-in 2.0i
    Norton AntiVirus
    Norton AntiVirus Help
    Norton Confidential Core
    Norton Internet Security
    Norton Internet Security (Symantec Corporation)
    Norton Protection Center
    NVIDIA 3D Vision Controller Driver 331.82
    NVIDIA Control Panel 331.82
    NVIDIA GeForce Experience 1.8.1
    NVIDIA Graphics Driver 331.82
    NVIDIA Install Application
    NVIDIA LED Visualizer 1.0
    NVIDIA Network Service
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.13.0725
    NVIDIA Update 10.11.15
    NVIDIA Update Core
    OfotoXMI
    OpenAL
    OpenOffice 4.0.1
    Origin
    Pale Moon 24.5.0 (x64 en-US)
    Paltalk Messenger 11.2
    PeaZip 2.7.beta
    PeerBlock 1.1 (r518)
    Perfect Resize 7
    PhotoScape
    Picasa 3
    PokerStars
    PokerStars.net
    Power2Go
    PowerDirector
    PSSWCORE
    PunkBuster Services
    Python 2.5.2
    QuickTime
    Ralink Wireless LAN
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Redist
    Replay Video Capture
    Revo Uninstaller 1.95
    RTC Client API v1.2
    Sandbox
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    SFR
    SHASTA
    Should I Remove It
    Silent Hunter Wolves of the Pacific
    skin0001
    SKINXSDK
    Skype™ 5.5
    Smart Defrag 3
    SoulSeek 157 NS 13e
    Sound Forge Pro 10.0
    Source SDK Base 2007
    SPBBC 64bit
    Speckie
    SpeedFan (remove only)
    Spybot - Search & Destroy
    SpywareBlaster 4.5
    SpywareGuard v2.2
    staticcr
    Steam
    SUPERAntiSpyware Free Edition
    Symantec Real Time Storage Protection Component (x64)
    SymNet x64
    System Requirements Lab
    System Update kb70007
    Team Fortress 2
    TeamViewer 9
    Total Eclipse 4.3
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    VC80CRTRedist - 8.0.50727.6195
    Verizon Media Manager
    VideoToolkit01
    VidSplitter
    Vista Codec Package
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Visual C++ 8.0 Runtime Setup Package (x64)
    VLC media player 2.0.4
    VPRINTOL
    VS10Runtimex64
    Vz In Home Agent
    WebEx Event Manager for Internet Explorer
    Windows 7 Upgrade Advisor
    Windows Live ID Sign-in Assistant
    Windows Movie Maker 2.6
    WinRAR archiver
    WIRELESS
    World of Warplanes
    Worldwide Web Research
    XviD v1.2.0 CVS
    Zero Ballistics
    .
    ==== End Of File ===========================

  6. #6

    Re: Corrine Help please

    Malwarebytes Anti-Malware 1.75.0.1300
    Malwarebytes | Free Anti-Malware & Internet Security Software

    Database version: v2014.04.29.05

    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 9.0.8112.16421
    lee :: HOME-PC [administrator]

    4/30/2014 6:39:36 PM
    mbam-log-2014-04-30 (18-39-36).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 27356
    Time elapsed: 2 minute(s), 2 second(s) [aborted]

    Memory Processes Detected: 1
    C:\Users\lee\AppData\Local\Temp\WebMonitor.exe (PUP.Optional.MediaMine) -> 5568 -> Delete on reboot.

    Memory Modules Detected: 1
    C:\Program Files (x86)\MiniGet\MiniGetHelper1.11.dll (Trojan.BHO) -> Delete on reboot.

    Registry Keys Detected: 8
    HKCR\CLSID\{10E1725C-7237-41A9-954A-04DCCB1FD16C} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{3C8BF053-0A65-46FE-A757-2187BD66EF34} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKCR\Interface\{49859A6F-2284-4F06-9F8E-BFE56B35BA09} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKCR\BhoPlugin.MiniGetBHO.1 (Trojan.BHO) -> Quarantined and deleted successfully.
    HKCR\BhoPlugin.MiniGetBHO (Trojan.BHO) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10E1725C-7237-41A9-954A-04DCCB1FD16C} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{10E1725C-7237-41A9-954A-04DCCB1FD16C} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E1725C-7237-41A9-954A-04DCCB1FD16C} (Trojan.BHO) -> Quarantined and deleted successfully.

    Registry Values Detected: 1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|AutoLoader (PUP.Optional.MediaMine) -> Data: "C:\Users\lee\AppData\Local\Temp\WebMonitor.exe" -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\Users\lee\AppData\Local\Temp\WebMonitor.exe (PUP.Optional.MediaMine) -> Delete on reboot.
    C:\Program Files (x86)\MiniGet\MiniGetHelper1.11.dll (Trojan.BHO) -> Delete on reboot.

    (end)


    ---------------------------------------------------------------------------------------------------

    Malwarebytes Anti-Malware 1.75.0.1300
    Malwarebytes | Free Anti-Malware & Internet Security Software

    Database version: v2014.04.29.05

    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 9.0.8112.16421
    lee :: HOME-PC [administrator]

    4/30/2014 6:42:16 PM
    mbam-log-2014-04-30 (18-42-16).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 35798
    Time elapsed: 9 minute(s), 17 second(s) [aborted]

    Memory Processes Detected: 1
    C:\Users\lee\AppData\Local\Temp\WebMonitor.exe (PUP.Optional.MediaMine) -> 5568 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 7
    C:\Users\lee\AppData\Local\Temp\WebMonitor.exe (PUP.Optional.MediaMine) -> Delete on reboot.
    C:\Users\lee\AppData\Local\Temp\6a0vToDJ.exe.part (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
    C:\Users\lee\AppData\Local\Temp\9GR+ZWIv.exe.part (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
    C:\Users\lee\AppData\Local\Temp\cFWpqWvm.exe.part (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
    C:\Users\lee\AppData\Local\Temp\iwInB0Fu.exe.part (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
    C:\Users\lee\AppData\Local\Temp\pBGqE0Cx.exe.part (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
    C:\Users\lee\AppData\Local\Temp\r0z3nenc.exe.part (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.

    (end)

    ------------------------------------------------------------------------------
    Malwarebytes Anti-Malware 1.75.0.1300
    Malwarebytes | Free Anti-Malware & Internet Security Software

    Database version: v2014.04.29.05

    Windows Vista Service Pack 2 x64 NTFS (Safe Mode/Networking)
    Internet Explorer 9.0.8112.16421
    lee :: HOME-PC [administrator]

    4/30/2014 7:06:18 PM
    mbam-log-2014-04-30 (19-06-18).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 607407
    Time elapsed: 3 hour(s), 30 minute(s), 50 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E1725C-7237-41A9-954A-04DCCB1FD16C} (Trojan.BHO) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 10
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (PUP.Optional.HelperBar.A) -> Bad: (http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxyioASX7XiWPTstsIBktmnlf6qme3w0m4ISFmMNyG4-6u9O__E0MaQirsMCcg-Erw6g_5odvhcstAhSVja24F0dyLFTTRnpkLMTB96F3wcUu4ZeO0f4fvGZyktY2uvwFIohbfBvkMVNxyg,&q={searchTerms}) Good: (Google) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (PUP.Optional.HelperBar.A) -> Bad: (http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxyioASX7XiWPTstsIBktmnlf6qme3w0m4ISFmMNyG4-6u9O__E0MaQirsMCcg-Erw6g_5odvhcstAhSVja24F0dyLFTTRnpkLMTB96F3wcUu4ZeO0f4fvGZyktY2uvwFIohbfBvkMVNxyg,&q={searchTerms}) Good: (Google) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (PUP.Optional.HelperBar.A) -> Bad: (http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxyioASX7XiWPTstsIBktmnlf6qme3w0m4ISFmMNyG4-6u9O__E0MaQirsMCcg-Erw6g_5odvhcstAhSVja24F0dyLFTTRnpkLMTB96F3wcUu4ZeO0f4fvGZyktY2uvwFIohbfBvkMVNxyg,&q={searchTerms}) Good: (Google) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|SearchAssistant (PUP.Optional.HelperBar.A) -> Bad: (http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxyioASX7XiWPTstsIBktmnlf6qme3w0m4ISFmMNyG4-6u9O__E0MaQirsMCcg-Erw6g_5odvhcstAhSVja24F0dyLFTTRnpkLMTB96F3wcUu4ZeO0f4fvGZyktY2uvwFIohbfBvkMVNxyg,&q={searchTerms}) Good: (Google) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchUrl|Default (PUP.Optional.HelperBar.A) -> Bad: (http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxyioASX7XiWPTstsIBktmnlf6qme3w0m4ISFmMNyG4-6u9O__E0MaQirsMCcg-Erw6g_5odvhcstAhSVja24F0dyLFTTRnpkLMTB96F3wcUu4ZeO0f4fvGZyktY2uvwFIohbfBvkMVNxyg,&q={searchTerms}) Good: (Google) -> Quarantined and repaired successfully.
    HKCU\Software\Microsoft\Internet Explorer\Main|Search Page (PUP.Optional.HelperBar.A) -> Bad: (http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxyioASX7XiWPTstsIBktmnlf6qme3w0m4ISFmMNyG4-6u9O__E0MaQirsMCcg-Erw6g_5odvhcstAhSVja24F0dyLFTTRnpkLMTB96F3wcUu4ZeO0f4fvGZyktY2uvwFIohbfBvkMVNxyg,&q={searchTerms}) Good: (Google) -> Quarantined and repaired successfully.
    HKCU\Software\Microsoft\Internet Explorer\Main|Search Bar (PUP.Optional.HelperBar.A) -> Bad: (http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxyioASX7XiWPTstsIBktmnlf6qme3w0m4ISFmMNyG4-6u9O__E0MaQirsMCcg-Erw6g_5odvhcstAhSVja24F0dyLFTTRnpkLMTB96F3wcUu4ZeO0f4fvGZyktY2uvwFIohbfBvkMVNxyg,&q={searchTerms}) Good: (Google) -> Quarantined and repaired successfully.
    HKCU\Software\Microsoft\Internet Explorer\Search|Default_Search_URL (PUP.Optional.HelperBar.A) -> Bad: (http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxyioASX7XiWPTstsIBktmnlf6qme3w0m4ISFmMNyG4-6u9O__E0MaQirsMCcg-Erw6g_5odvhcstAhSVja24F0dyLFTTRnpkLMTB96F3wcUu4ZeO0f4fvGZyktY2uvwFIohbfBvkMVNxyg,&q={searchTerms}) Good: (Google) -> Quarantined and repaired successfully.
    HKCU\Software\Microsoft\Internet Explorer\Search|SearchAssistant (PUP.Optional.HelperBar.A) -> Bad: (http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxyioASX7XiWPTstsIBktmnlf6qme3w0m4ISFmMNyG4-6u9O__E0MaQirsMCcg-Erw6g_5odvhcstAhSVja24F0dyLFTTRnpkLMTB96F3wcUu4ZeO0f4fvGZyktY2uvwFIohbfBvkMVNxyg,&q={searchTerms}) Good: (Google) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl|Default (PUP.Optional.HelperBar.A) -> Bad: (http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxyioASX7XiWPTstsIBktmnlf6qme3w0m4ISFmMNyG4-6u9O__E0MaQirsMCcg-Erw6g_5odvhcstAhSVja24F0dyLFTTRnpkLMTB96F3wcUu4ZeO0f4fvGZyktY2uvwFIohbfBvkMVNxy8,&q={searchTerms}) Good: (Google) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
    ------------------------------------------------------------------------------

  7. #7

    Re: Corrine Help please

    Quote Originally Posted by Corrine View Post
    Hi, nd2121. Welcome to Sysnative!

    We will do our best to assist you. However, in order to do so, please follow all instructions provided in the sequence given. Do not install/re-install any programs or run any fixes or scanners that you have not been instructed to use. This may cause conflicts with the tools being used in the cleanup process.

    If you have questions regarding any of the instructions or problems running any tools, please let us know.

    In order to assist you, please post the logs requested in the Malware Removal Posting Instructions.

    Thank you.

    Edit Note: It would also be helpful if you post a copy of your Malwarebytes log.
    First off thank you so much. I posted in the order requested

    1) SecurityCheck

    2) DDS.txt

    3)Attach.txt

    4) Malware logs. There seems to be 10 on 4-30-2014. Yet I only did 5 (3 fast and 2 full)


    PS Would a SYSTEM RESTORE help fix this or is it already too late?

  8. #8
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    9,050

    Re: Corrine Help please

    Thank you for the logs, nd2121. There will be some work involved in getting your computer cleaned. The infection is likely due to outdated third party software programs on your computer so we'll take care of those quickly. There are a lot of steps. Please follow them in order. If you have any questions, please don't hesitate to ask.

    1) First things first, in attempting to solve the problem, you now have too many antivirus programs installed. As a result, when one program attempts to remove something, another may block it or cause conflicts. Please uninstall each of the A/V programs you installed in an attempt to clean your computer. Keep one of the following:
    • AVG Free 9.0
    • Microsoft Security Essentials
    • Norton AntiVirus, including the following if Norton is not your regular A/V program.
      Norton AntiVirus Help
      Norton Confidential Core
      Norton Internet Security
      Norton Internet Security (Symantec Corporation)
      Norton Protection Center

    Note: If Norton is not your regular A/V, please Download and run the Norton Removal Tool to uninstall your Norton product

    2) CA Yahoo! Anti-Spy is no longer supported. Please uninstall it as well.

    3) Unfortunately Java did remove the old version when JRE 7 was released. In addition, your version is outdated. Most people no longer need Java installed and I personally have not missed it on my computer. Please uninstall the following:
    • JavaFX 2.1.1
    • Java(TM) 6 Update 15
    • Java(TM) SE Runtime Environment 6 Update 1

    In the event you wish to remove Java completely, also uninstall Java 7 Update 21. Otherwise, you need to update to the latest version, Java Version 7 Update 55.

    4) There have been critical security updates for Adobe Flash Player. Please use the following direct download links to update Flash Player:

    Non-IE (Opera, Firefox, Etc.): http://download.macromedia.com/get/f..._13_plugin.exe
    Windows XP, Vista and 7: Flash Player For Internet Explorer 7, 8, 9, 10, 11: http://download.macromedia.com/get/f...3_active_x.exe

    5) The current version of Adobe Reader is XI (11.0.06). Please get that update here: Adobe - Adobe Reader : For Windows. Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

    6) Now that there is less of a chance of getting reinfected due to outdated, vulnerable programs, please do the following: Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
    • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
      Vista - W7 users: Right-click and select "Run As Administrator".
      If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com). If you don't see file extensions, please see: How to change the file extension.
    • Click the Start Scan button. Do not use the computer during the scan!
    • If the scan completes with nothing found, click Close to exit.
    • If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
      • Ensure SKIP is selected... DO NOT attempt to FIX anything yet!
      • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
    • A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
    • Copy and paste the contents of that file in your next reply.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  9. #9

    Re: Corrine Help please

    Stuck at number 1

    AVG free 9.0 will not uninstall when I go to control panel. It says after I click uninstall @finaldig-instfailtitle

  10. #10
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    9,050

    Re: Corrine Help please

    Here's a link to the AVG Uninstallers: AVG | Download tools and utilities.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  11. #11

    Re: Corrine Help please

    Quote Originally Posted by Corrine View Post
    Here's a link to the AVG Uninstallers: AVG | Download tools and utilities.
    Thanks, I was lucky and found it on my own. I was trying to figure out which one I have? Can I try all AVG? The 32/64 bit 2012 2013 2014

  12. #12
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    9,050

    Re: Corrine Help please

    I found a link on the AVG forums for AVG 9x. This one for 64-bit OS: http://download.avg.com/filedir/util...removerx64.exe


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  13. #13

    Re: Corrine Help please

    ok Avg9 seems to be gone I did not have patience. Now I still have in my file folders

    avg9 chj seems to be logs. Can I delete?

    Also would you have the link to remove avg8 it is also there in my folders

    Thanks so much for all this

  14. #14
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    9,050

    Re: Corrine Help please

    From the screen copy, it appears it is looking for AVG 8, even though the link was provided by a Moderator for 9x here: AVG 9.x Uninstall / Re-Install Instructions | AVG Forums.

    Go ahead and close it the DOS window and continue on with the instructions. We'll remove AVG another way later in the process.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  15. #15

    Re: Corrine Help please

    I was impatient and let it run and it uninstalled 9.0 but left one file folder in windows explorer CHJW there are 3 files in there with DAT. looks like logs

    Now the ENTIRE avg 8.0 is in a file folder. It does not show up in uninstall program . It is hidden almost.

    Just to be clear. ( looks to be gone except 3 small files) (AVG 8.0 is full folder)

  16. #16

    Re: Corrine Help please

    Also just to make sure I read correctly. ONCE I have new Java 55 (PS I installed 64 bit, Is that correct? I have 64 bit computer) Should I delete Java 21?

  17. #17
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    9,050

    Re: Corrine Help please

    Edit: This was about AVG: Ok, we'll see what is left later. I promise not to forget. Go ahead with the other uninstalls.

    Regarding Java, update 21 should have been replaced by the update you installed. It is version update (JRE 6 -> JRE 6) where Oracle isn't good at removing the old version.
    Last edited by Corrine; 05-01-2014 at 08:54 PM.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  18. #18

    Re: Corrine Help please

    Ok two things

    1) In programs and features I now have Just to Java (7 update 21 and java 7 update 55) Do I delete the java 7 update 21 now that I have 55? Or leave both?


    2) Adboe reader will not let me install (

    it says the following:



    When I go to the main Adboe reader page it automatically wants to download version 10. So frustrating

  19. #19

    Re: Corrine Help please

    Ok i just ran TDSSKILLER and 0 (nothing) was found.


    Oh boy what does this mean?

  20. #20
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    9,050

    Re: Corrine Help please

    Having fun yet?

    You missed my edit, adding the information about Java: "Regarding Java, update 21 should have been replaced by the update you installed. It is version update (JRE 6 -> JRE 6) where Oracle isn't good at removing the old version."

    Do you use Adobe Reader frequently? Personally, I got tired of both the Adobe Reader security vulnerabilities and switched to Sumatra PDF. If you're interested, see my blog post here: Replacing Adobe Reader with Sumatra PDF. Otherwise, to continue using Adobe Reader, uninstall Version 10 and download the latest version here: Adobe - Adobe Reader download - All versions.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

Page 1 of 4 1234 Last

Similar Threads

  1. Corrine - 5,000 posts
    By jcgriff2 in forum The Lounge
    Replies: 13
    Last Post: 04-23-2014, 11:25 AM
  2. Happy Birthday Corrine!
    By Will Watts in forum The Lounge
    Replies: 17
    Last Post: 08-07-2013, 10:13 AM
  3. Corrine - 4,000+ Posts
    By jcgriff2 in forum The Lounge
    Replies: 8
    Last Post: 08-01-2013, 09:09 AM
  4. Just to let Jan and Corrine....
    By The Howling Wolves in forum The Lounge
    Replies: 3
    Last Post: 02-22-2013, 12:14 AM

Log in

Log in