13 replies to this topic

[mfranklin630]

 

Logfile of HijackThis v1.99.1

Scan saved at 12:13:48 PM, on 3/29/2014

Platform: Unknown Windows (WinNT 6.01.3505 SP1)

MSIE: Internet Explorer v11.0 (11.00.9600.16521)

 

Running processes:

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\AVG\AVG2014\avgui.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Users\Owner\Downloads\HiJackThis\HijackThis.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\DllHost.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll

O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

O4 - Startup: Monitor Ink Alerts - .lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\bonjour\mdnsnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O11 - Options group: [INTERNATIONAL] International

O13 - Gopher Prefix: 

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgfws.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: CyberLink PowerDVD 11.0 Monitor Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (file missing)

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc (file missing)

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Microsoft SharePoint Workspace Audit Service - Unknown owner - C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE" /auditservice (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Service KMSELDI - Unknown owner - C:\Program Files\KMS\Service_KMS.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

 

 

[----------------]

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

• First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
• Perform everything in the correct order. Sometimes one step requires the previous one.
• If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
• Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
• Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
• Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
• My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 

• Run FRST.
• Don´t change one of the checkboxes and hit Scan.
• Logfiles are created on your desktop.
• Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
 
 
 
Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

• Execute TDSSKiller.exe by doubleclicking on it.
• Press Start Scan
• If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
• Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please attach this file to your next reply.

[mfranklin630]

Thank you for your reply. 

Edited by mfranklin630, 01 April 2014 - 08:00 PM.

[mfranklin630]

here are the files you asked for. Thank you for your help.

Attached Files

•  FRST.txt   26.6KB   246 downloads
•  Addition.txt   31.57KB   246 downloads
•  TDSSKiller.3.0.0.26_01.04.2014_20.56.42_log.txt   200.59KB   226 downloads

[----------------]

Your logs show obvious signs of having cracked software on your system. This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Referring to the Forum Rules which you should have read at the time of Registering at this forum, this forum does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine

Having said that we can help you clean your machine this time BUT this would be a ONCE ONLY offer on the understanding that all cracks are removed. This would apply not only here but at many other Malware Support forums if you were to appear again with cracks onboard, as many of us analysts work at multiple support sites. Please remove all cracked software and illegally obtained copyrighted material you have on the system so we may continue with the clean up.

[mfranklin630]

I do not have a problem removing cracked software. This computer was recently purchased from an individual and has been running slow since purchase. I do not know what programs are cracked. If you could tell me, I will happily remove them.

[----------------]

Multiple Antivirus Programs installed!

I do not recommend that you have more than one anti-virus product installed and running on your computer at a time.

The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti-virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either AVG or Ad-Aware.

 

 

 

Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs
 

KMSpico v9.2.1 Beta

Close the window.

 

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

• Download the attached fixlist.txt and save it to the location where FRST is saved to.
• Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
• The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

• If not existing, please download Malwarebytes Anti-Malware to your desktop.
• Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
• Click Finish.

If the program is already installed:

• Run Malwarebytes Antimalware
• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the scan log which shows the Date and time of the scan just performed.
• Click 'Copy to Clipboard'
• Paste the contents of the clipboard into your reply.

 

 

 

Attached Files

•  fixlist.txt   551bytes   252 downloads

[mfranklin630]

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 4/3/2014

Scan Time: 6:58:23 PM

Logfile: 

Administrator: Yes

 

Version: 2.00.0.1000

Malware Database: v2014.04.03.10

Rootkit Database: v2014.03.27.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Chameleon: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Owner

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 271410

Time Elapsed: 13 min, 41 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Shuriken: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 5

PUP.Optional.ValueApps.A, HKU\S-1-5-21-3291819452-2419356397-3785034727-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{93DBF2BB-A2B3-4683-A92E-57E60751F346}, Quarantined, [8f67cb5a4d2ee6501db8ef1d10f2f808], 

PUP.Optional.ValueApps.A, HKU\S-1-5-21-3291819452-2419356397-3785034727-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{93DBF2BB-A2B3-4683-A92E-57E60751F346}, Quarantined, [8f67cb5a4d2ee6501db8ef1d10f2f808], 

PUP.Optional.ValueApps.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{93DBF2BB-A2B3-4683-A92E-57E60751F346}, Quarantined, [8f67cb5a4d2ee6501db8ef1d10f2f808], 

PUP.Optional.ValueApps.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{93DBF2BB-A2B3-4683-A92E-57E60751F346}, Quarantined, [8f67cb5a4d2ee6501db8ef1d10f2f808], 

PUP.Optional.ValueApps.A, HKU\S-1-5-21-3291819452-2419356397-3785034727-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT\ValueApps, Quarantined, [c630f035cbb04fe7245d2a430af81ae6], 

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 5

PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Local\Temp\ct3311333, Quarantined, [bf37a382cdae6bcbed2b77dd2bd74fb1], 

PUP.Optional.ValueAppsplugin.A, C:\Program Files\Conduit\ValueApps, Quarantined, [10e60a1bff7c1620a1fe1f36679b29d7], 

PUP.Optional.ValueAppsplugin.A, C:\Program Files (x86)\Conduit\ValueApps, Quarantined, [21d526ff314a5bdbe0bf69ec05fd1ae6], 

PUP.Optional.ValueAppsplugin.A, C:\Users\Owner\AppData\Local\Conduit\ValueApps, Quarantined, [926439ec1e5dfc3af9a8d77e010102fe], 

PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Local\Temp\mam-ct3319214, Quarantined, [2fc70c19304b6ccab3939cbeb052e818], 

 

Files: 19

PUP.Optional.SearchProtect.A, C:\Users\Owner\AppData\Local\Temp\nss532.exe, Quarantined, [4fa755d0e09b171f12b52ff248b99868], 

PUP.Optional.SearchProtect.A, C:\Users\Owner\AppData\Local\Temp\nss6929.exe, Quarantined, [bc3ac36287f453e3d1f621007889ed13], 

PUP.Optional.SearchProtect.A, C:\Users\Owner\AppData\Local\Temp\nstE489.exe, Quarantined, [5a9c2df83f3c59ddf7d0c35ecd34649c], 

PUP.Optional.SearchProtect.A, C:\Users\Owner\AppData\Local\Temp\nsxA80.exe, Quarantined, [c630da4badce82b42c9bdc45ab561ee2], 

PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Local\Temp\dlLogic.exe, Quarantined, [3cba0025483320164b2f47b8e719a35d], 

PUP.Optional.SearchProtect.A, C:\Users\Owner\AppData\Local\Temp\nsd62B3.exe, Quarantined, [6096d94cd4a7241222a5ce539a6730d0], 

PUP.Optional.SearchProtect.A, C:\Users\Owner\AppData\Local\Temp\nsi6FA0.exe, Quarantined, [a55138edbac14de9edda200178898779], 

PUP.Optional.SearchProtect.A, C:\Users\Owner\AppData\Local\Temp\nsnDEB.exe, Quarantined, [15e1fc298af1e35308bf66bb36cb34cc], 

PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Local\Temp\nsnEA90\SpSetup.exe, Quarantined, [50a64ed7f883ea4c52653bdb0ff23fc1], 

PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Local\Temp\98c01dd9-1a10-45bb-bca8-b580cd3d367e\spidentifierimpl.exe, Quarantined, [a6509c89611a41f5b8ff799d3ac7a858], 

PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Local\Temp\98c01dd9-1a10-45bb-bca8-b580cd3d367e\software\sp-downloader.exe, Quarantined, [63934ed74d2e52e4ea096ea64db46799], 

PUP.Optional.StormAlerts.A, C:\Users\Owner\AppData\Local\Temp\98c01dd9-1a10-45bb-bca8-b580cd3d367e\software\StormAlertsSetup.exe, Quarantined, [9462d550c6b50e285ff86ae1f20f728e], 

PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Local\Temp\98c01dd9-1a10-45bb-bca8-b580cd3d367e\software\ValueApps.exe, Quarantined, [f9fd061f48330432755c5ed1a15fe11f], 

PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Local\Temp\mam-ct3319214\ctbe.exe, Quarantined, [34c2ca5b8fecbe78c48ca69102fec040], 

PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Local\Temp\mam-ct3319214\mamstub.exe, Quarantined, [be3853d2a8d3e84e6c0e53ac36cabb45], 

PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Local\Temp\mam-ct3319214\mam_ff.exe, Quarantined, [1bdb34f1ef8caf8794bd4fe88f71ef11], 

PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Local\Temp\mam-ct3319214\mam_ie.exe, Quarantined, [1dd9042168138caa4f14c59cd13021df], 

PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Local\Temp\ct3311333\chromeid.txt, Quarantined, [bf37a382cdae6bcbed2b77dd2bd74fb1], 

PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Local\Temp\ct3311333\setup.ini.txt, Quarantined, [bf37a382cdae6bcbed2b77dd2bd74fb1], 

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Attached Files

•  Fixlog.txt   1.63KB   214 downloads

[----------------]

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked
  
• Click on Advanced Settings and ensure these options are ticked:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Click Scan
• Wait for the scan to finish
• If any threats were found, click the 'List of found threats' , then click Export to text file....
• Save it to your desktop, then please copy and paste that log as a reply to this topic.

[mfranklin630]

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UE7P285R\spstub[1].exe Win32/Conduit.SearchProtect.L potentially unwanted application

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UE7P285R\StormAlertsSetup[1].exe a variant of MSIL/Adware.StrongVault.A application

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZG0M8PL4\SPSetup[1].exe a variant of Win32/Conduit.SearchProtect.H potentially unwanted application

C:\Users\Owner\AppData\Local\Temp\sad4FC5.tmp a variant of MSIL/DomaIQ.W potentially unwanted application

C:\Users\Owner\AppData\Local\Temp\98c01dd9-1a10-45bb-bca8-b580cd3d367e\software\Cloud_Backup_Setup.exe Win32/MyPCBackup.A potentially unwanted application

C:\Users\Owner\AppData\Local\Temp\98c01dd9-1a10-45bb-bca8-b580cd3d367e\software\OptimizerPro.exe a variant of Win32/SpeedingUpMyPC.H application

C:\Users\Owner\AppData\Local\Temp\{4FD866F8-420E-44AA-8803-BE8A7FC45CE1}\setup.exe multiple threats

C:\Users\Owner\Downloads\Win8.1 Activation Info\KMS Install v9.2.1 Beta\KMSpico Install\KMSpico_setup.exe a variant of MSIL/HackTool.IdleKMS.C potentially unsafe application

C:\Users\Owner\Downloads\Win8.1 Activation Info\KMSpico v8.7 Win7 Win8 Activator\KMSpico v8.7\KMSpico Install\KMSpico_Install_v8.7.exe a variant of MSIL/HackTool.IdleKMS.B potentially unsafe application

C:\Users\Owner\Downloads\Win8.1 Activation Info\KMSpico v8.7 Win7 Win8 Activator\KMSpico v8.7\KMSpico OEM\$OEM$\$$\Setup\Scripts\KMSpico.exe a variant of MSIL/HackTool.IdleKMS.B potentially unsafe application

[----------------]

Fix with FRST (normal mode)

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

 

• Please download the attached fixlist.txt and save it to the same location where FRST is.
• Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
• The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.

 

• Run adwcleaner.exe
• Hit Scan and wait for the scan to finish.
• Confirm the message but don´t uncheck anything.
• Hit Clean
• When the run is finished, it will open up a text file
• Please post its contents within your next reply
• You´ll find the log file at C:\AdwCleaner[S1].txt also

SecurityCheck

Please download SecurityCheck: LINK1 LINK2

• Save it to your desktop, start it and follow the instructions in the window.
• After the scan finished the (checkup.txt) will open. Copy its content to your thread.

 

Attached Files

•  fixlist.txt   715bytes   209 downloads

[mfranklin630]

 Results of screen317's Security Check version 0.99.81  

 Windows 7 Service Pack 1 x64 (UAC is disabled!)

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:``````````````

 Windows Firewall Enabled!  

 WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

 Out of date HijackThis  installed!

 HijackThis 1.99.1    

 Java 7 Update 51  

 Adobe Flash Player 12.0.0.77  

 Google Chrome 33.0.1750.146  

 Google Chrome 33.0.1750.154  

````````Process Check: objlist.exe by Laurent````````

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbam.exe  

 Malwarebytes Anti-Malware mbamscheduler.exe   

`````````````````System Health check`````````````````

 Total Fragmentation on Drive C: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log``````````````````````

 

Attached Files

•  Fixlog.txt   1.91KB   257 downloads
•  AdwCleanerS0.txt   1.37KB   246 downloads

[----------------]

Your system is clean!

 

 

Uninstall our tools using delfix

Please follow these steps in order:

• In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
• In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
• In any case please download delfix to your desktop.
  
  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process
• If there is still something left please delete it manualy.

 

 

 

Recommendations: How to protect yourself

• System Updates
  Please ensure to have automatic updates activated in your control panel.
  For further information and a tutorial, see this Microsoft Support article.
• Protection
  What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
  Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
  
  • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
    It will filter unwanted advertising out of the website´s content.
  • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
    It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
    In addition, before accessing a dangerous classified web site, a warning screen is displayed.
  
  
• Up to date Software
  Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:
  
  • Secunia Personal Software Inspector - checks if your software has updates available.
  • SecurityCheck (by screen317) - scans your computer for most vulnerable outdated software.
  • Mozilla: Check your plugins - The webpage will tell you if you have outdated plugins running in your Firefox browser.
  
  
• Backup
  Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system.
• Behaviour
  The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.
  
  • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
  • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
  • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
    They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.

[----------------]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.